2010 was an intense year for threats, and many issues shook the world of IT security. The dismantling of the Mariposa botnet, the “Here you Have” worm –an attack claimed by the Iraqi resistance-, 0-Day vulnerability exploits, Stuxnet and the attack on nuclear plants (SCADA systems), the Rainbow or OnMouseOver worm on Twitter, hijacking of the Facebook “Like” button, Android threats (such as FakePlayer), the launch of cyber activism led by Anonymous, Wikileaks… In short, a year full of security-related events of all shapes and sizes.
This slideshows highlights Panda Security’s report on security threats in 2010.
Click through for a review of security threats in 2010, compiled by Panda Security.
This, without a doubt, was one of the top incidents of the year. At first glance Stuxnet was a worm that spread through USB devices like many others. But there was something special — simply by viewing the content of the USB drive, for example, using Windows Explorer, your computer would be infected. This was achieved through a 0-Day implemented in the worm, exploiting a previously unknown Windows vulnerability.
To ensure that it went undetected, it installed a driver to implement rootkit techniques, a driver that was signed with legitimate — but stolen — digital signatures. Yet it didn’t take any action on infected computers, other than self-propagating. Unless, that is, there was a Siemens PLC (Programmable Logic Controller) installed on the system. In this case it would use another unknown vulnerability, in the PLC, to read and write information.
The complexity of Stuxnet suggests that it is the work of a team of highly specialized technicians, with considerable financial support (we’re talking about millions of dollars), equipment and the ability to purchase 0-Day exploits on the black market. This has led to speculation that a country could be behind the attack. What we do know for sure is that the Bushehr nuclear plant was infected, or at least it was confirmed by the Iranian authorities.
In addition to Stuxnet, there were other incidents that brought home the reality of cyber war. In January 2010, South Korea announced that it was setting up a special command center to combat potential cyber attacks from North Korea and China. The United States also acknowledged the creation of the Navy Fleet Cyber Command, as a branch of the US military’s cyber security force announced some months previously.
Along with these more serious incidences of what we could call cyber war or perhaps cyber defense, there were some more ‘colorful’ incidents. Such was the case with the worm, dubbed ‘Here you have’. This was the second variant of a worm that appeared in August, and one of its main features was that the sender of the e-mail message in which it spreads appears as “iraq_resistance,” and would seem to be linked to the Brigades of Tariq bin Ziyad brigade terrorist group.
We had barely entered 2010 when Google reported that a sophisticated and coordinated attack, dubbed ‘Operation Aurora’, had targeted a number of large multinational companies. Hackers had exploited a vulnerability in Internet Explorer to silently install a Trojan on computers, thereby remotely accessing users’ confidential information.
This 0-Day vulnerability affected three versions of Internet Explorer (6, 7 and 8) on Windows 2000 SP4, XP, 2003, Vista and Windows 7. The attack was called Aurora after investigators found the text string “aurora” in the source code of one of the Trojans involved in the attack. There are two theories about what hackers intended to achieve with this action: One argues that the intention was to steal intellectual property from large companies and the other, more simplistic, that the aim was to steal information from Gmail accounts of human rights activists in China.
Despite all the talk about cybercrime and cyber espionage, we still can’t afford to take our eye off profit-oriented cybercrime, which continues to target businesses and individuals alike. In January 2010, the FBI began to investigate the theft of more than $3 million at a school in New York. In February, it was discovered that more than $3 million had been stolen in a phishing attack. Incidents like these occur every day; they are not exceptional cases. Throughout the year we saw numerous small companies go under thanks to these types of attacks, not to mention how unidentified groups, stealing small quantities from hundreds of thousands of users, have amounted as much as $10 million.
Criminals also profited by stealing information. One way of fighting against this is to combat the trafficking of information, no easy task, especially when it turns out that even governments are buying stolen data, as was the case in Germany.
In 2010, we saw a turning point in the relation between Internet and society, with the emergence of the cyber-protest movement. This phenomenon, initiated by Anonymous, was not completely unheard of, but became ‘universal’ in 2010.
Anonymous is a non-hierarchical group comprised of thousands of users around the world, united in the defense of a common cause. Although the Anonymous group has been going for some years, they became more widely known when, along with The Pirate Bay, they supported the protests in Iran against the fraudulent elections in 2009 supposedly won by Mahmoud Ahmadinejad.
Yet it was in 2010 when the group really made the headlines. It all started when it came to light that several companies in the film industry had contracted the services of an Indian firm to launch denial of service attacks (DoS) against file-sharing websites that refused to remove certain links from their pages.
Social networks have millions of users who every day interconnect, interact, comment and even use them for work. The number of potential victims among social media users has not escaped the attention of cyber-criminals, many of whom focus on identify theft. By passing themselves off as friends or contacts of victims, hackers distribute content designed to trick users.
2010 was without a doubt the year of the fake antivirus. This simple, yet highly profitable, business model is well worth the effort of criminals who spend a short time creating rogueware and a fake online store, safe in the knowledge that victims will do their bit to provide the succulent returns.
Around 40% of all fake antivirus programs were created in 2010. Since this new type of threat first appeared four years ago, PandaLabs has classified a total of 5,651,786 individual fake antivirus programs. Of these, 2,285,629 appeared between January and November 2010.
Spam continued at alarmingly high levels in 2010 despite the dismantling of botnets such as Mariposa or Bredolad, which prevented these zombie computers from sending spam. In 2009, around 95% of all e-mail traffic globally was spam. In 2010, the figure dropped to an average of 85%, with about 50% of all spam being sent from just 20 countries.
Pharmaceuticals continued to be the most popular subject of junk mail, followed by messages promoting fake designer products. Phishing messages designed to obtain online bank details and the like, as well as other fraud-oriented traffic increased as a percentage of the total.
2010 also saw some major new innovations in spam, including campaigns exploiting new ruses designed to infect users. Such was the case with an e-mail designed to look like a message from the iTunes Store, perfectly imitating official communications from the store.