News

Cisco Warns of Increasing Attack Sophistication

• By Stephen Swoyer
• December 16, 2008

The report highlighted the increasing sophistication of Internet-based attacks, largely because cyber-criminals themselves are becoming increasingly sophisticated. Indeed, the Cisco report noted, there's a sense in which cyber-criminals are becoming professional and increasingly focused on profit-making -- as opposed to mischievous, malicious or destructive -- activities.

"Every year, we see threats evolve as criminals discover new ways to exploit people, networks and the Internet. This year's trends underscore how important it is to look at all basic elements of security policies and technologies," said Patrick Peterson, Cisco fellow and chief security researcher, in a statement that accompanied the report's release. "Organizations can lower their risk of data loss by fine-tuning access controls and patching known vulnerabilities to eliminate the ability for criminals to exploit holes in infrastructures. It is important to upgrade applications, endpoint systems and networking equipment to help ensure that corporate systems run smoothly and minimize risk."

The report singled out the threat posed by spam, which Cisco researchers said accounts for 200 billion messages -- or about 90 percent -- of daily e-mail traffic. The U.S. is the biggest overall producer of spam (generating more than 17 percent), followed by Turkey (9.2 percent), Russia (8 percent), Canada (4.7 percent), Brazil (4.1 percent), India (3.5 percent) and Poland (3.4 percent).

Cisco researchers also expect that targeted spear-phishing -- which today accounts for about 1 percent of all phishing attacks -- will become more prevalent, accelerated by a trend in which criminals personalized spam in an effort to make messages seem more credible. This jibes with research from Symantec subsidiary MessageLabs, which -- in its own year-end report -- highlighted an increase in direct targeting (via highly personalized spam) of businesses and organizations. Here as elsewhere, the goal is to pass a credibility threshold and entice a user into opening a malicious attachment or visiting a malicious Web site. To that end, the e-mail messages used in such attacks contain content that might reasonably be relevant to their intended recipients.

The report also focuses on botnets, which Cisco said have "become a nexus of criminal activity on the Internet." In 2008, especially, botnets (and, by implication, their operators) got more sophisticated, using a new kind of "IFrame" attack to inject malicious code into legitimate Web sites. Legitimate traffic is then redirected to illegitimate sites, where -- more often than not -- users are tricked into downloading malware.

Elsewhere, Cisco researchers singled out an increase in the use of social engineering (similar to targeted spam attacks that try to pass themselves off as legitimate) to trick users into opening files or visiting malicious Web links. This practice will continue to grow, according to Cisco, which warned that in 2009, "social engineering techniques will increase in number, vectors and sophistication."

Another intriguing social engineering-like attack is "reputation hijacking," where criminals use real e-mail accounts -- typically created with established Web mail providers -- to send spam. "'[R]eputation hijacking' offers increased deliverability because it makes spam harder to detect and block," the report noted, adding that in 2008 (per Cisco's own estimates) such traffic accounted for less than 1 percent of all spam worldwide but comprised 7.6 percent of all e-mail traffic carried by the top three Web mail providers.