News

Report: Hackers Shifting Attention to Mobile Devices

Scammers have set their sights on tablets and smartphones, and away from Windows desktops, in response to rising consumer demand for mobile devices, according to a new report.

Attacks on Windows-based PCs actually declined in 2010, according to the Cisco 2010 Annual Security Report, released yesterday. That's because attackers are shifting more attention to mobile devices due to increased measures on Microsoft's part to secure its software, as well as the relatively lax security associated with smartphone and mobile apps.

The widely used Windows desktop operating system has long been a target, but that's changing.

"Everyone knows the joke about the two hikers and the hungry bear in which the swifter hiker explains his footrace is not against the bear but the other hiker," said Cisco representative Patrick Peterson, in a video discussing the report. "The cybercriminal bears have been feasting on the slowest hiker -- Windows platform -- for the last decade. But with increased security in the Windows operating system and applications, the bears are looking elsewhere to satisfy their hunger."

The study also found that 2010 was the first year since the birth of the Internet that spam volume had decreased. Turkey was a big contributor to the declining worldwide number. Thanks to the takedown of two high-profile botnets, the country was able to decrease the amount of outgoing spam by 87 percent.

However, while diminishing numbers in countries like Turkey helped to decrease the worldwide volume of spam, Cisco reported that spam from developed countries with reliable broadband infrastructures increased. For example, between 2009 and 2010, the United Kingdom's spam volume rose by 99 percent. (A study by Sophos indicated a spam increase in the United States.)

Cybercriminals are also setting their sights on social networking. One widespread ploy is to send unsuspecting users to a specific Web site of interest and get them to click on a "Like" Facebook-box clone that has been constructed with the aim of capturing and transmitting sign-in information back to the scammer.

Cisco's report warned that users of social networking sites can be exploited to either disclose personal information or download malware. Two methods are typically used, according to Christopher Burgess, senior security advisor at Cisco.

"Compassion and urgency are common social engineering hooks for criminals," Burgess wrote in the report. "The individual seeking information will attempt to trigger the target's basic human need to be helpful. The individual will also infuse a sense of urgency in their quest for information or specific action, with the expectation that you won't have sufficient time to verify their credentials."

The report also named some "good" and "evil" cybercrime players of the year. Kudos went to German researcher Thorsten Holtz for his part in taking down the Pushdo/Cutwail botnet, which was estimated to be responsible for 10 percent of worldwide spam. Jeers went to the appearance and spreading of the Stuxnet worm, thought to be implicated in industrial espionage attacks.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.