In a major cybercrime turning point, scammers have begun shifting their focus away from Windows-based PCs to other operating systems and platforms, including smart phones, tablet computers, and mobile platforms in general, according to the Cisco 2010 Annual Security Report just released.

The report also finds that 2010 was the first year in the history of the internet that spam volume decreased, that cybercriminals are investing heavily in “money muling,” and that users continue to fall prey to myriad forms of trust exploitation.

In response to the last decade of cyber-exploits targeting PC operating systems, PC platform and application vendors have shored up security in their products and taken a more aggressive approach to patching vulnerabilities. As a result, scammers are finding it harder to exploit platforms that were once their bread and butter – in particular, the Windows platform – and are looking elsewhere to make money. Just as important in driving this trend is the widespread adoption of mobile devices and applications. Third-party mobile applications in particular are emerging as a serious threat vector.

The Cisco Annual Security Report also includes winners of the 2010 Cisco Cybercrime Showcase and discusses the impacts of social media, cloud computing, spam and global cybercrime activities on network security.

The report reveals that 2010 marks the first year of declining spam volume in the history of the internet. Despite this good news, 2010 saw an uptick in spam in developed economies where broadband connections are spreading, including France, Germany and the United Kingdom. In the United Kingdom, for example, spam volume rose almost 99 per cent from 2009 to 2010.

The good news is that Brazil, China and Turkey – all of which figured high on last year’s list of spammed nations – showed significantly lower volumes in 2010. This reduction is due in part to the high-profile takedowns of botnets like Waledac and Pushdo/Cutwail, attributed largely to researcher Thorsten Holz and ISPs restricting malicious e-mail from broadband networks. In addition, authorities are taking the spam problem more seriously and are looking to take down egregious offenders.

As the cybercriminal economy expands and criminals gain access to even more financial credentials, there is a growing need for money mules –people recruited to set up bank accounts, or even use their own bank accounts, to help scammers “cash out” or launder money. Money muling operations are becoming more elaborate and international in scope, and Cisco security experts anticipate they will be a major focus of cybercriminal investment in 2011.

Most cybercrime exploits hinge not only on technology but also on the all-too-human tendency to misplace trust.

The Cisco Annual Security Report lists seven “deadly weaknesses” that cybercriminals exploit through social engineering scams – whether in the form of e-mails, social networking chats or phone calls. The seven weaknesses are sex appeal, greed, vanity, trust, sloth, compassion and urgency.

The second annual Cisco Cybercrime Showcase presents two awards for 2010 – one acknowledging the outstanding contributions of a security professional in the fight against cybercrime (the “Good,” Thorsten Holz, Ruhr-University Bochum, Germany/LastLine), the other the most threatening malware (the “Evil,” Stuxnet).

The Cisco Cybercrime Return on Investment (CROI) Matrix, which made its debut in the Cisco 2009 Annual Security Report, analyses types of cybercrime that Cisco’s security experts predict profit-oriented scammers will channel their resources toward in 2011. Based on performance in 2010, the matrix predicts that the data-theft Trojans such as Zeus, easy-to-deploy web exploits, and money mules will continue to rise in prevalence in 2011. Social networking scams, on the other hand, will not be a significant area for cybercriminals to invest resources in 2011, despite ranking in last year’s report in the Potentials category. That does not mean that social networking scams are declining; they are simply a small part of a bigger plan – launching web exploits like the Zeus Trojan.

www.cisco.com.mt

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.