Security news during the last months of 2010 was dominated by WikiLeaks and the politically motivated online attacks carried out by its opponents and supporters. Mikko Hypponen, Chief Research Officer at F-Secure, says, “There is nothing new in the type of distributed denial of service (DDoS) attacks that were used to target companies like Mastercard, Visa and Paypal, which had dissociated themselves from WikiLeaks. But today DDoS attacks have become so easy to carry out that almost anyone can participate.”
The most significant malware development of the year — and perhaps of the whole decade — has been the highly sophisticated Stuxnet worm.
Mikko Hypponen said, “Stuxnet can attack factory systems and alter automation processes, therefore making cyber sabotage a reality by causing actual real-world damage. And unfortunately it’s likely that we will see Stuxnet copycats in the future.”
Best year for arresting cybercriminals
2010 has been the best year ever in terms of the number of people arrested and convicted for committing online crimes. For example, the FBI revealed in October that it had arrested more than 90 suspected members of an international cyber crime ring, accused of stealing about $70 million from bank accounts in the United States. More arrests were also made in the UK and the Ukraine, from where the operation was directed. The criminals had gained access to people’s online banking details by sending infected spam messages. According to the FBI, the arrests were part of “one of the largest cyber criminal cases we have ever investigated.”
An interesting case involving spytools installed on mobile phones was reported by The Register in July, in which Romanian authorities had arrested 50 people accused of using off-the-shelf software to monitor the mobile phone communications of their spouses, competitors and others. The Romanian Directorate for Investigating Organized Crime and Terrorism also arrested Dan Nicolae Oproiu, a 30-year-old IT specialist who allegedly sold the spyware for handsets running the iPhone, Blackberry, Symbian, and Windows Mobile operating systems, according to The Register.
Windows XP still the major target
The Windows 7 operating system has been lauded as a safer operating system than its predecessor Window Vista. Despite overtaking Vista in terms of market share this year, Windows 7 is still far behind Windows XP, which remains by far the most popular operating system and the biggest target for malware writers.
The security implications of using outdated operating systems have been demonstrated by reports that the oil spill in the Gulf of Mexico could in part have been caused by the failure of computers that were still using Windows NT 4 from 1996. Mikko Hypponen says, “It is irresponsible that a billion dollar oil drilling operation did not bother to keep its computers up-to-date and as secure as possible.”
Mobile security developments
The number of mobile malware has not increased dramatically in 2010 but this year saw some developments that may give pointers to future trends. For example, a trojanized version of the Windows Mobile game 3D Anti-terrorist action was uploaded to several Windows Mobile freeware download sites. Infected phones made secret calls to expensive premium rate numbers, resulting in big phone bills for the victims. Mikko Hypponen says, “On the mobile security front, we expect to see growing amounts of malware targeting the Android platform and jailbroken iPhones.”