Report: Critical Infrastructure Prime Targets For Cyber Criminals In 2009
The year 2008 was a time security threats and malicious activity reached a tipping point, and 2009 stands to be the year critical infrastructure systems become prime targets for cyber criminals and the global financial crisis will be exploited for a variety of malicious activities, according to a new report recently released from VeriSign’s iDefense Security Intelligence Services.
The report, "2009 Cyber Threats and Trends" seeks to aid education efforts about cyber security threats facing networks, enterprises and end-users by highlighting important trends that emerged in 2008, and attempts to predict security trends and disruptors that may develop in 2009 with lasting consequences for businesses in the coming decade.
Over the course of the past year, cyber crimes continued to increase in both frequency and severity thanks to new exploits and organizations to perpetrate them. Cyber Cartels, groups of young and modern cyber criminals likened by VeriSign iDefense to drug cartels of the 1980s, targeted commercial -- not individual -- banking accounts for fraud operations and security measures meant to protect those accounts and routinely defeated the protections.
Additionally, cyber warfare has become a reality in today's political climate, and several regions are seeing a rise in politically and financially motivated activities. According to VeriSign iDefense, Russian hackers are the most effective group when it comes to cyber fraud, while Chinese hackers utilize amateur hacking groups for low-level espionage operations.
"The cyber security landscape has fundamentally changed where 'script kiddies' no longer perpetrate the lion's share of malicious activity online," said Jason Greenwood, vice president and general manager, VeriSign iDefense Security Intelligence Services. "Professionalized cyber criminals, the rise of cyber cartels or extremists using online fraud as a means to fund their operations, and cyber espionage and warfare show how we have entered a new era of online security threats."
2009 Predictions and Long-Term Disruptors include:
- Critical Infrastructure, notably the Supervisory Control and Data Acquisition systems (SCADA) that operate them, will likely see increased attacks in 2009. SCADA systems are used to deliver such services as electrical power transmission, oil and gas pipelines, large communications systems, and water treatment and distribution.
- The current global financial crisis will provide unprecedented opportunities for cyber criminals or spies to exploit the turmoil caused by the crisis and the resulting institutional mergers, acquisitions and collapses.
- The FastFlux infrastructure, which uses computers compromised by botnets to maintain dispersed and untainted IP space for criminal ventures such as phishing, will likely see increased use. This will make current phishing takedown measures less effective and will require security professionals and institutions, which are often the targets of phishing attacks, to come up with new defense measures.
- Cyber Warfare has gone from a purely theoretical tool to a technically practical, common component of most political arguments. VeriSign iDefense believes organizations or groups aligned with Russia will perpetrate the majority of these attacks.
- Middle Eastern cyber cartels will likely increase online fraud operations to support their agendas.
"Though we have outlined a number of trends we expect to see in 2009, we also believe other disruptors will begin in the coming year and will pose hardships for security professionals in the years to come," said Rick Howard, intelligence director of VeriSign iDefense Security Intelligence Services. "The increased use of mobile phone platforms, virtual worlds, and the interconnection of devices with the implementation of IPv6 will provide new attack vectors that must be considered now, before they take hold."