The tide in cybercrime is shifting away from attacks on Windows machines and migrating to the mobile marketplace, according to a report from Cisco.
While the past year actually saw a drop in the rate of spam, due in part to the takedowns of botnets and ISPs restricting malicious email from broadband networks, according to the Cisco 2010 Annual Security Report, cybercriminals have shifted their focus to a number of areas ripe for exploitation, such as so-called "work-at-home" scams that are nothing more than enlisting people to serve as money mules for a number of illicit, though potentially very profitable, schemes.
The report cited as one of its chief findings that computer users the world over are falling victim to exploits that prey on their inherent trust through a variety of social engineering scams – whether via email, social networking chat or phone calls. For example, scammers will try to dupe users into action by pretending to be an attractive man or woman, particularly on social networking sites. "People should assume that a flirtatious advance from someone they don't know has a less-romantic purpose behind it," the report warned.
Cybercriminals have also become skilled at convincing users that their infected links and URLs are safe to click on, and that they are someone the user knows and trusts, the report stated. And once stolen security credentials are acquired, the perpetrators can gain access to legitimate software and systems.
One method they use is to figure out how to assume someone's identity, sometimes by creating emails that purport to come from an individual's computer or social networking account. "A malware-laden email or scam sent by a 'trusted person' is more likely to elicit a clickthrough response than the same message sent by a stranger," the report claimed.
The report also pointed out that with improvements to the security of Windows 7 and Microsoft's stepping up its issuing of patches, as well as Adobe making security improvements to Flash and PDF, criminals have been forced to look for other areas to exploit.
Now that it has gained a bigger percentage of the computer pie, the Apple operating system has become a target criminals now recognise as worthy of attack. Also, with the explosion of mobiles devices worldwide, including smartphones and tablet devices, new vectors have experienced upticks in exploits, according to the report. In fact, the report cites a study from research firm IDC that projects the number of mobile devices accessing the internet by 2013 will surpass one billion, increasing the market not only for vendors, but also for criminals looking to make profits.
“Miscreants are continuing to find new and creative ways to exploit network, system, and even human vulnerabilities to steal information or do damage,” said John N. Stewart, vice president and CSO at Cisco. “The challenge is that we need to block their exploits 100 percent of the time if we are to protect our networks and information. They can be right once; we have to be right all of the time."