Any regular reader of this blog knows that malware can infect a system in several ways—email, browser exploits, instant-messaging applications, peer-to-peer (P2P) networks, and others. Even organizations that take great lengths to secure their Internet gateways have found themselves compromised via one of the oldest infection methods—physical media attacks with USB flash drives taking the place of floppy drives.
It is also safe to say that the majority of malware is designed for simple financial gain and that they have been massively successful in this regard. Recently, however, we have seen more and more attacks that look like they could be plots for the latest Hollywood blockbusters. This year, we have read reports about the STUXNET malware family, the first to exploit the Windows shortcut vulnerability and which could supposedly hijack power plants. We’ve also heard how a malware was able to breach the computer systems of the most powerful military force on earth. Malware has even been accused of crashing airplanes, albeit falsely.
The motivation behind these events has yet to be determined—the Spanair incident was almost certainly just a normal infection but the other two raised a lot of questions. Most users will certainly be left wondering how such “high-profile” and “secure” facilities could become victims of malware.
The Future of Threats
In our 2010 threat forecast, “The Future of Threats and Threat Technologies,” Trend Micro researchers mentioned that new attack vectors will arise for virtual/cloud environments. To add to this, critical infrastructures such as a SCADA network will become another serious potential target for cybercriminals. When we think about SCADA networks (e.g., electrical grids and factory software) or large virtual systems, it is easy to think that these will only be targeted by attackers with espionage in mind whether to take over a factory’s software for hacktivism or to infiltrate a rival’s cloud infrastructure.
Unfortunately, a far simpler and more lucrative reason for attacking these targets is to simply blackmail the target organizations and businesses. Online poker companies discovered this in the early part of this century, as they were threatened with having their sites shut down by launching distributed denial-of-service (DDoS) attacks unless a ransom was paid. As bandwidth has increased and the use of content delivery services such as Akamai has become more widespread, these types of network-saturating DDoS attacks have become more difficult, although far from impossible, to carry out. Unfortunately, rather than deterring attackers, cybercriminals simply used different approaches. They first infiltrated an organization’s critical resources then held these hostage.
All of these varied attacks tell us that attackers are becoming increasing innovative in their attacks and that every organization is a potential target. The risks malware pose are now growing from “simple” financial theft to more sophisticated, targeted attacks.