McAfee: Cyber-crime will continue to pay

The security company predicts that everything from spam to spyware to botnets will become more dangerous this year

The latest research report from McAfee's Avert Labs paints a frightening picture for enterprise IT administrators and end-users, predicting continued maturation of cyber-crime and the technological means being used to carry out external attacks.

According to McAfee's semi-annual Sage journal, a roundup of the company's ongoing security research, everything from spam to spyware will become more dangerous over the course of 2007 as hackers look for new ways to exploit end users' machines in their quest for fast cash.

As was the case in 2006, the drive for profits among hackers and malware code writers will dominate development of the threat landscape over the next 12 months, McAfee experts said.

Gangs of thieves around the globe are connecting online in greater volumes than ever before, helping their attacks to arrive on enterprise doorsteps faster and in greater volumes -- and with increasing sophistication.

"The overall trend remains more attacks geared toward making money that make use of malware or support people making malware," said Dave Marcus, security research manager with Avert Labs. "What is surprising is the service and support that's going on around the malware industry; there are more sites selling custom Trojans with support contracts and attacks coded to target banks of the buyer's choice and more malware suppliers offering patches and variants to their users."

Marcus said it is impossible to tell if there are a number of tightly-organized hacker groups worldwide as only a few intentionally identify their own work by leaving clues or outright signatures bearing their names. What is more likely, said the researcher, is that loosely-knit groups of malware writers and fraudsters are forming on underground messaging systems and then disbanding after carrying out waves of attacks.

"It's still a very distributed network, most of these people never meet face-to-face, they use secret chat rooms and bulletin boards and other very distributed systems of communication that make it difficult to say how many people are involved and even harder to take them out," Marcus said. "In a lot of ways, the criminals are doing a better job of communicating than the security industry itself; we tend to operate in our own groups, whereas these people are sharing code and algorithms and doing so on an increasingly frequent basis."

Among the specific trends outlined in the report are expectations for the continued growth of botnets with the cooperation among hackers adding to the problem via group efforts to develop and refine threat code in the same manner that open-source contributors work in a community. The vast majority of botnets will continue to target flaws in Microsoft products and propagate themselves through buffer overflows, according to the report.

McAfee expects that 2007 will also be the year when attackers truly begin aiming their work at smart phones, the more PC-like handheld devices finding their way into the hands of an increasing number of enterprise users.

Among the mobile device threats that the security company expects to arrive first are phishing attacks, spyware, and other programs aimed at stealing data for the purpose of committing identity fraud. Mobile spam also has the potential to "explode" as authors of Trojan attacks begin to target smart phones, McAfee said.

VoIP systems will also see an increasing volume of threats, the report said, with SPIT (spam over Internet Telephony) helping to create new opportunities for hackers to market the end-user data they gather to telemarketers. Another emerging attack format will be threats delivered via spoofed VoIP accounts, much as malware writers and spammers have distributed their work over e-mail and the Web, according to the report.

The increased adoption of RFID technologies will also pose new security risks, the researcher said, with many current RFID devices vulnerable to eavesdropping, recording, cloning, and forgery. McAfee said that RFID readers could also contain vulnerabilities that might allow chips loaded with exploits to steal information from the back-end systems to which the readers are linked.

The Sage report continues on to outline continued growth of spam and spyware, two of the most publicized issues in the IT world today, and raises questions over the efficacy of security features added to Microsoft's newest Windows Vista operating system.

In a nod to another high-profile problem plaguing enterprise businesses, the research also delves into the issue of data leakage. Incidents like retailer TJX Companies' systems intrusion that allowed hackers to make off with over 45 million consumer records, many of which contained sensitive credit card data, will occur more frequently, Marcus said.

As the incidents pile up and lawmakers respond with new legislation aimed at punishing companies that cannot protect sensitive data, businesses will be actively seeking technologies that help address the problem, according to McAfee.

One of the issues caused by this trend will be IT executives who move to add new technologies without considering all the alternatives and before creating the policies necessary to be successful at defending their information, according to the researcher.

"This influx of new technologies might be overwhelming with lots of point products being marketed as the solution to this problem, but people need to step back and take a long look at how they manage data from a macro point of view if they want to improve protection," said Marcus.

"A lot of the solutions might come from technologies that are far from new," he said. "Host-based intrusion protection isn't new, but we see it being applied in new and interesting ways to address data exposure, and encryption has been around forever, but rarely has it been correctly understood or applied."