Cyber-criminals move away from Windows-based PCs

Scammers are now targeting mobile devices, other operating platforms says Cisco

Tags: Cisco Systems IncorporatedCyber crimeSpam
  • E-Mail
Cyber-criminals move away from Windows-based PCs Cyber-criminals are moving their focus away from the Windows operating system as security defences are tightened, they are now attacking mobile devices and other operating systems.
By  Georgina Enzer Published  February 22, 2011

Scammers are now moving their focus away from Windows-based PCs to other operating systems, platforms and mobile platforms, smart phones and tablet computers, according to the Cisco 2010 Annual Security Report.

The report shows that PCs, PC operating systems and application vendors, particularly those that are Windows-based, have been increasing protection on their systems and shoring up vulnerabilities in response to the massive increase in cyber-attacks and threats.

This has made it much harder for cyber-criminals to exploit PC platforms, and in particular, Windows-based devices. Cyber-criminals have now shifted their focus to previously unexploited systems and platforms in response. According to Cisco, third-party mobile applications in particular are emerging as a serious threat vector.

"Everyone knows the joke about the two hikers and the hungry bear in which the swifter hiker explains his footrace is not against the bear but the other hiker. The cybercriminal bears have been feasting on the ‘slowest hiker' Windows platform for the last decade. But with increased security in the Windows operating system and applications, the bears are looking elsewhere to satisfy their hunger. Mobile and emerging operating systems are hikers that the bears have largely ignored until now, but they are beginning to look much more appealing. These bears are also finding opportunities in the explosion in mobile-device usage, where we're seeing a growing number of exploits aimed specifically at mobile users," said Tarek Houbballah, systems engineering manager, Cisco.

The report also shows that 2010 was the first year in the history of the internet that spam volumes decreased. However, despite a global shrinkage in spam, developed countries with broadband internet connections saw an increase in spam. These countries include France, Germany and the United Kingdom. In the United Kingdom spam volumes rose almost 99% from 2009 to 2010.

2009's highest spammed countries, Brazil, China and Turkey, in 2010 showed significantly lower spam volumes.

Cisco's report showed in increase in money muling, where people are recruited to set up bank accounts or use their own to help scammers launder money.

According to Cisco, money muling will be the focus of cyber-criminal investment in 2011. Cisco security experts also predicted that internet users will continue to fall pray to trust exploitation scams in 2011.

The Cisco Annual Security Report lists seven ‘deadly weaknesses' that cybercriminals take advantage of in trust exploitation scams. The seven weaknesses are sex appeal, greed, vanity, trust, sloth, compassion and urgency. The scams can take the form of email, social networking chats or even phone calls.

The Cisco Cyber-crime Return on Investment Matrix, which was first featured in the Cisco 2009 Annual Security Report, analyses types of cybercrime that Cisco's security experts predict profit-oriented scammers will channel their resources toward in 2011.

The matrix predicts that the data-theft Trojans such as Zeus, easy-to-deploy web exploits, and money mules will continue to rise in prevalence in 2011.

The ‘wait and see' moneymakers include mobile malware, with Zeus already being adapted for the mobile platform in the form of SymbOS/Zitmo.Altr (Zitmo stands for Zeus in the Mobile).

The Cisco report also shows that social networking scams will not be a significant area for cybercriminals to invest resources in 2011, but they will not decrease, instead social networking scams will become part of a bigger plan, such as launching web exploits like the Zeus Trojan.

 

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code