Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

1/25/2011
05:51 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

McAfee Publishes 'Decade For Cybercrime' Report

The past 10 years have been quite profitable for cybercriminals

SANTA CLARA, Calif., Jan. 25, 2010 – For Internet users, it has been a decade of exciting online advances that allow people to communicate, share information and conduct business in ways that were never before possible. However, cybercrime has also flourished over the last decade, growing by double digits year after year, and costing consumers hundreds of millions of dollars every year. The latest report from McAfee (NYSE: MFE), “A Good Decade for Cybercrime,” examines the past ten years of cybercriminal tactics and online threats, an era that dramatically changed the face of crime.

“Cybercrime is one of the fastest growing and lucrative industries of our time,” said Dave Marcus, director of security research for McAfee Labs™. “From the ‘I Love You Worm’ of 2000, to today’s ever-evolving threats on social media sites, we’ve watched these cybercriminals and their tactics grow in sophistication. The days of destruction purely for bragging rights are over – now it’s all about making money and not getting caught.”

Over the past ten years, Internet use has exploded, growing over five-fold from the 361 million users in 2000 to nearly two billion users in 2010, according to InternetWorldStats.com. With a new onslaught of e-commerce sites and revenue opportunities, the Internet has become a trove of money and information that has proven irresistible to cybercrooks.

Snapshot of a Decade

Top exploits representing different eras of cybercrime:

1) “I LOVE YOU” Worm’s False Affection: Estimated damage $15 billion

The “I love you” worm (named after the subject line of the email it came in) proved irresistible in 2000 as millions of users opened the spam message and downloaded the attached “love letter” file and a bitter virus. This infamous worm cost companies and government agencies $15 billion to shut down their computers and remove the infection.

2) MyDoom’s Mass Infection: Estimated damage $38 billion

This fast-moving worm first struck in 2004 and tops McAfee’s list in terms of monetary damage. Due to all the spam it sent, it slowed down global Internet access by 10% and reduced access to some websites by 50%, causing billions in dollars of lost productivity and online sales.

3) Conficker’s Stealthy Destruction: Estimated damage $9.1 billion

This 2007 worm infected millions of computers and then took its infections further than the last two worms on our list, as cybercrooks moved from notoriety to professionalism. Conficker was designed to download and install malware from sites controlled by the virus writers.

Top Scams:

1) Fake Anti-Virus Software – Selling fake antivirus software is one of the most insidious and successful scams of recent years. Cybercrooks play on users’ fear that their computer and information is at-risk by displaying misleading pop-ups that prompt the victim to "purchase" antivirus software to fix the problem. When the victim agrees to purchase, their credit card information is stolen and they wind up downloading malware instead of security software.

2) Phishing Scams – Phishing, or trying to trick users into giving up personal information, is one of the most common and persistent online threats. Phishing can come in spam emails, spam instant messages, fake friend requests or social networking posts.

3) Phony Websites – In recent years, cybercrooks have become adept at creating fake websites that look like the real deal. From phony banking sites, to auction sites and e-commerce pages, crooks are constantly laying online traps hoping you will be fooled into entering your credit card or personal information.

Looking ahead to future cybercrime trends, McAfee Labs predicts the continuation of social networking scams and tricks, such as malicious links, phony friend requests and phishing attempts. The scams are likely to get more sophisticated and personalized, especially if users continue to share a great deal of information.

If you think you may be a victim of cybercrime, visit the McAfee Cybercrime Response Unit to assess your risks and learn what you can do next at www.mcafee.com/cru.

The report featuring “A Good Decade for Cybercrime” can be downloaded here. For more information contact Andrea Heuer at [email protected] or (415) 618-8812.

“STOP. THINK. CONNECT.” Consumer Advice:

STOP. THINK. CONNECT. is the first-ever coordinated message to help all digital citizens stay safer and more secure online. The message was created by an unprecedented coalition of private companies, nonprofits and government organizations.

The coalition advises consumers to STOP. THINK. CONNECT.

When you cross the street, you look both ways so make sure it’s safe. Staying safe on the

Internet is similar. It takes some common sense steps -- Stop. Think. Connect.

Stop: Before you use the Internet, take time to understand the risks and learn how to spot potential problems.

Think: Take a moment to be certain the path ahead is clear. Watch for warning signs and consider how your actions online could impact your safety, or your families.

Connect: Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer.

STOP. THINK. CONNECT. Protect yourself and help keep the web a safer place for everyone.

www.stopthinkconnect.org

About McAfee

McAfee, headquartered in Santa Clara, California, is the world's largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse and shop the Web more securely. Backed by its unrivaled Global Threat Intelligence, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee secures your digital world. http://www.mcafee.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5087
PUBLISHED: 2019-11-21
An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. An integer overflow can occur while calculating the row's allocation size, that could be exploited to corrupt memory and eventually execute arbitrary code....
CVE-2019-5509
PUBLISHED: 2019-11-21
ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account.
CVE-2019-6693
PUBLISHED: 2019-11-21
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the admini...
CVE-2019-17272
PUBLISHED: 2019-11-21
All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges.
CVE-2019-17650
PUBLISHED: 2019-11-21
An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check.