SAN JOSE, Calif. (7/15/09)--Internet criminals are increasingly operating like successful businesses, borrowing the best strategies from legitimate companies and collaborating in partnerships with each other to make a profit off their illegal activities, says a new security report. Cisco's 2009 Midyear Security Report covers a range of threats, including a significant increase in text message scams--the "new frontier for fraud irresistible to criminals," who hope that consumers savvy enough not
to fall for e-mail phishing scams may still be gullible through their mobile phone. The research notes that recently smaller financial institutions have been the focus of many text message scams "likely because customers tend to have higher levels of trust and familiarity with local banks." It cites three examples--all from credit unions (First Community CU, Jamestown, N.D.; Buffalo Metropolitan FCU, Buffalo, N.Y., and BCT FCU, Binghamton, N.Y.). Among the threats the report cites:
* Botnets--Networks of compromised computers used to launch an attack, botnets are being increasingly rented out as a service by their owners to fellow criminals to deliver spam and malicious software. * Spam--A major vehicle for spreading worms and malware and clogging Internet traffic, spam encompasses everything from legitimate sales pitches to malicious websites. More than 180 billion spam messages are sent each day-- about 90% of the world's e-mail traffic. * Worms--Credit unions interested in using social networking need to be aware that the rise of social networking has made it easier to launch worm attacks. People who social network are more likely to click links and download content they believe were sent by people they know. * Spamdexing--Packing a website with keywords or search terms so search engines will display the site more prominently, spamdexing also can send malware disguised as legitimate software. Consumers who trust the rankings on major search engines may download a fake package. * Text message scams--Since the beginning of the year at least two or three new campaigns have surfaced every week on handheld mobile devices such as cell phones. More than 4.1 billion mobile phone subscriptions worldwide mean a criminal can cast a wide net and walk away with a hefty profit, even if the attack yields only a small fraction of victims. * Insiders--With the global recession causing loss of jobs, insider threats are an increasing concern for businesses. Insiders who commit fraud can be contractors or other third parties as well as current or former employees.
The reported noted three trends to watch:
* Spam will return to record high levels; * Legitimate websites will see more attacks; and * Social networking attacks will continue;
As for recommendations, Cisco advised institutions to:
* Have security move at the speed of the crime. Don't wait to patch the credit union's operating system. * User education and security awareness are critical. * Keep an eye on "old" problems while being vigilant about new risks. * Never underestimate the insider threat. * Have strong, realistic policies for protecting sensitive data.