Cloud security vendor’s report shows rise in mobile malware, changes in how public and private sectors go online.
Enterprises’ use of custom applications to access Web services rose in 2010, while use of traditional browsers to do the same declined, according to the State of the Web report by Zscaler, a cloud security vendor.
The report, that covered 2010’s fourth quarter and was released Feb. 28, also found that as consumer access patterns shift, cyber-criminal attack techniques may shift with them. “Twitter, or apps to pull down your RSS feeds, or various apps that still communicate over the HTTP protocol but they’re custom apps for digesting Web content haven’t really been targeted in the past for any type of security threats,” said Mike Geide, senior security researcher at Zscaler.
But they are being targeted today and will continue to be in the future, he said. “The bad guys are definitely going to shift their tactics to get the most number of potential victims as possible, and those applications will be ripe for the picking,” Geide said.
The latter-half of 2010, however, saw a number of cyber-criminals arrested, including the apprehension of people in the U.S., United Kingdom, Ukraine and the Netherlands who used Zeus, a Trojan horse that logs keystrokes to steal financial information, to conduct $70 billion in banking fraud. Other noted arrests were of Georg Avanesov, alleged author of the Bredolab bot that allowed users to remotely install malware on endpoints, and Oleg Nikolaenko, who ran a network of computers that generated 10 billion spam e-mails per day. “I definitely wanted to shed some good news in the report instead of just talking about all the bad,” Geide said.
But the bad news includes the emergence of malicious activity that confirms what many have feared: the arrival of mobile malware. The report cites the appearance of Zeus in mobile devices where it attempts to steal passwords from mobile phones.
The report also lists the top 10 sources for spam. The United States took first place with 11.73 percent originating there, the Russian Federation was second at 7.03 percent, and the third was India at 6.73 percent. Italy came in last with 2.66 percent. However, the report also ranks countries with disparities when it comes to the percentage of malicious Web activity versus benign Web activity. Roughly one in 167 of Web transactions in the top three countries in this category — Latvia, Romania and Ukraine — were malicious.
Giede feels that the shift in Web-usage patterns observed in the report show that the relationship between people and the Internet is evolving — whether they be regular citizens or malicious forces. “Security people have to adapt and evolve to the way that users interact with the Web as well as the threats that the attackers put out there. And the attackers — they have to also evolve to the way users are using the Web so that they can get the most bang for their buck,” he said.