IBM is warning in a new report that, though widespread virus outbreaks are on the decline, on the whole online attacks are expected to rise in 2006. The culprit? Highly targeted attacks that rely on naïve users to help perpetrate cybercrimes.
According to IBM's 2005 Global Business Security Index Report, e-mail-borne viruses were down sharply in 2005 over 2004. In 2004 6.1 percent of e-mails contained a virus; in 2005 that declined to only 2.8 percent.
David Mackey, director of security intelligence at IBM, explained that over the course of 2003 and 2004, there was a relatively steady barrage of global malware outbreaks. The only significant outbreak in 2005 was Zotob.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i"It was surprising that we didn't continue to see the massive outbreaks where everybody is hit within a couple of hours," Mackey told internetnews.com. "What we're seeing is more directed targeted attacks, and we really think that's because of the financial motivation and the underground economy driving those things."
IBM's report notes that in 2004 there were a "negligible" number of targeted email attacks while in 2005, they intercepted two to three targeted email attacks per week. Phishing was also on the rise from one in every 943 emails in 2004 up to one in every 304 emails in 2005.
Targeted phishing attacks, something IBM refers to as "Spear Phishing" was also on the rise in 2005, typically as a technique to bait users into opening other forms of malware.
Mackey expects that hackers will change their tactics somewhat and perform more focused botnet powered attacks in 2006. Botnet networks are comprised of compromised systems that are under the command of a central operator.
"Moving forward we'll see smaller cells of dozens or hundreds of compromised systems doing a coordinated attack, as opposed to the thousands or hundreds of thousands we saw in 2005," Mackey said.
The attacker landscape is also expected to shift in 2006 to further include unsuspecting users to help hackers execute attacks.