Cybercriminals are hiding in the cloud

CA's State of the Internet 2010 report uncovered criminals’ growing reliance on cloud web services and applications to distribute their software.

Cybercriminals are using web and internet applications (Google Apps), social media platforms (Facebook, YouTube, Flickr, and Wordpress), online productivity suites (Apple iWorks, Google Docs, and Microsoft Office Live), and real-time mobile web services (Twitter, Google Maps, and RSS Readers).

For example, malicious spam campaigns are posing as email notifications targeting Twitter and YouTube users, convincing targets to a click on malicious links or visit compromised websites. The recent Twitter scam, where users involuntarily re-tweeted malicious links as users hovered over links on Twitter, is just one example of this, the report noted.

CA's researchers identified more than 400 new threats. Trojans were found to be the most prevalent category of new threats, accounting for 73% of total threat infections reported around the world. Almost all of the trojans found were components of an emerging underground organized cybercrime trend, known as “crimeware-as-a-service.”

Crimeware automates cybercrime by collecting and harvesting of information through a large-scale malware infection that generates multiple revenue streams for the criminals. It is an on-demand and internet-enabled service that highlights cloud computing as a new delivery model.

“Crimeware isn't new, but the extent to which a services model has now been adopted is amazing. This new method of malware distribution makes it more challenging to identify and remediate. Fortunately, security professionals and developers are always diligent about staying one step ahead of these cyber criminals”, said Don DeBolt, director of threat research for CA’s Internet Security Business Unit.

What’s Hot on Infosecurity Magazine?