Back to Verisign >

Sneak Peek: iDefense 2012 Cyber Threats and Trends Report

Rick Howard | Dec 20, 2011

rocc_small.jpg It is that time of year again; time for the annual iDefense Cyber Threats and Trends Report. The guys in the back room just finished putting the final touches on this year’s comprehensive report for customers and have the live copy under some pretty tight security. You are in luck though. I was able to call in some favors to get a sneak peek. This year’s report is a doozy. Let me attempt to dazzle you with 3 highlights. We are calling these things Key Findings and there 8 of them in the final report.

  • Key Finding #1: The inadvertent leak of the Zeus source code in 2011 effectively converted the Zeus banking Trojan from a proprietary, pay-per-use crime kit into an open-source crime kit; sort of like LINUX for malware authors. The source code quickly spread across the Internet via underground websites and file-sharing sites giving malware authors across the globe access to a powerful and well-written malware platform. Expect to see a bounty of Zeus infections in 2012.
  • Key Finding #2: Cyber criminals are starting to shift to a business model known as Malware-as-a-Service (MaaS), cleverly riffing off the common cloud computing vernacular: Infrastructure as a Service – IaaS, Software as a Service – SaaS and Platform as a Service – PaaS. With MaaS, malware authors of exploit kits offer extra services to customers in addition to the exploit kit itself. They are adding value to their products to distinguish themselves in a crowded market place. As the general manager of iDefense, I could learn a thing or two about how to run a business from these guys.
  • Key Finding #3: The deployment of sandbox technology to common application platforms like browsers and word processors has made exploiting vulnerabilities significantly more difficult. As of today, only two public demonstrations of bypassing sandboxes exist in environments that use and support defense-in-depth strategies such as Address Layout Randomization (ASLR) and Data Execution Prevention (DEP). None of the public demonstrations included any public exploit code; however, the catch is that you have to have all 3 of these technologies in place for complete protection. If you have not rolled them out in your enterprise yet, I suggest that you consider doing so.

We recently released our comprehensive 73-page report to iDefense customers and will release an abbreviated public version sometime in January. Stay tuned!

Until then, chek out last year's Cyber Threats and Trends Report to see how we fared with our predictions.

tagged: cybersecurity, malware, idefense, zeus
0
Comments + post comment

Disclaimer: All comments are reviewed before they are posted. Any comments that are off-topic; include profanity, illegal or inappropriate content as deemed by Verisign; infringe on the rights of any third party, including intellectual property, privacy or publicity rights; or are an advertisement or solicitation will not be posted.

Like Us on Facebook Follow Us on Twitter Subscribe via RSS Watch Us on YouTube Connect with Us on LinkedIn

Authors

Archives

2013
2012
2011
big_data burt_kaliski cyber_security cybersecurity danny_mcpherson data ddos dnib dns dnssec domains dottv e-tail ecommerce growth gtlds holiday icann idefense infographic internet internet_infrastructure internet_infrastructure_grants internet_society ipv6 malware managed_dns marketing pat_kane scott_schnell sean_leach security smallbiz tlds verisign verisign_labs video watchdottv world_ipv6_launch zeus
 
Legal Notices// Privacy//Repository// Contact Us//Site Map

© 2011- VeriSign, Inc. All rights reserved.
VERISIGN, the VERISIGN logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of VeriSign, Inc. and its subsidiaries in the United States and in other countries. All other trademarks are property of their respective owners.