The Cisco midyear security report published yesterday showed that internet criminals are using software as a service (SaaS), collaborative partnerships, and other enterprise strategies to do improve profitability.
The report outlines common technical and business strategies that criminals use to breach corporate networks, compromise websites, and steal personal information and money.
The researchers found that the Conficker worm, which began infecting computer systems late last year by exploiting a Windows operating system vulnerability, has continued to spread. Several million computer systems were under Conficker's control as of June 2009, it said.
Online criminals were exploiting news to maximise traffic to websites they controlled. When the H1N1 influenza ("swine flu") virus hit the headlines in April, cybercriminals quickly blanketed the web with spam that advertised preventive drugs but linked to fake pharmacies, it said.
While many spammers continued to operate with extremely high volumes, some were switching to low volume but more frequent attacks in an effort to remain under the radar. This followed the successful closure of the McColo website, which was responsible for almost 50% of spam at the time.
Cisco said criminals were developing an ecosystem of specialists. For example, botnet owners were renting out their networks to fellow criminals to deliver spam and malware via the software-as-a-service (SaaS) model.
Spam remained a major vehicle for spreading worms and malware, as well as for clogging internet traffic. Spammers sent 180 billion spam messages a day, about 90% of the world's e-mail traffic, to drive traffic to both legitimate sales pitches and malicious websites, it said.
Cisco said the rise of social networking has made it easier to launch worm attacks. "People in these online communities are more likely to click links and download content they believe were sent by people they know and trust," it said.
The researchers found that cybercriminals sought to disguise malware as legitimate software using a techhique known as spamdexing. Spamdexing packs a website with relevant keywords or search terms to persuade Google and other search engines to list the sites higher in search result pages. This increased the odds that users would download malware from a corrupted site.
Cisco said 2009 saw the start of at least two or three new text or SMS campaigns per week that target mobile phones. "With some 4.1 billion mobile phone subscriptions worldwide, a criminal may cast an extraordinarily wide net and still walk away with a nice profit, even if the attack yields only a small fraction of victims," Cisco said.
The global recession meant insider threats were a growing concern, it said. Insiders who committed fraud could be contractors or other third parties as well as current and former employees.
This article first appeared on Computer Weekly