informa
News

Cellphone Botnets, Blackmailing VOIP & a Healthy Cybercrime Economy

New report from Georgia Tech Information Security Center highlights the top threats for '09 and beyond

Cellphones will become members of botnets. VOIP systems will get hit by blackmailing denial-of-service attacks. The cybercrime economy will thrive, even as the global economy struggles.

And today, around 15 percent of all computers online are infected as bots, up from 10 percent last year, according to the Georgia Tech Information Security Center's (GTISC) new report on emerging cyber threats for 2009 and beyond.

“Compared with viruses and spam, botnets are growing at a faster rate,” said botnet researcher Wenke Lee, an associate professor at GTISC in the report, which was released today at the GTISC Security Summit on Emerging Cyber Security Threats.

And it’s not just your laptop or desktop that’s at risk of botnet recruitment. One of the next big threats will be the bad guys injecting malware onto cellphones to infect them as bots. Those botnets then could be used against the wireless infrastructure.

“Large cellular botnets could then be used to perpetrate a DoS [denial-of-service] attack against the core of the cellular network,” said Patrick Traynor, assistant professor in the School of Computer Science at Georgia Tech and a member of GTISC. “But because the mobile communications field is evolving so quickly, it presents a unique opportunity to design security properly -- an opportunity we missed with the PC.”

Botnet proliferation on computers, as well as on mobile devices like cellphones, and other attacks on mobile devices were among the top five emerging cyber threats the GTISC report and summit highlighted. The other threats are malware, mainly via social networking links; cyber warfare targeted at the U.S. economy and infrastructure; and an evolving cybercrime economy with plug-and-play malware kits and programs, for instance.

GTISC’s Lee said firewalls and intrusion prevention systems can’t necessarily filter bot traffic, which increasingly is sent via HTTP so that it appears to be benign Web communications. Machines can get infected silently, via legitimate Websites booby-trapped with drive-by malware, and bot exploits are stealthier than ever.

“Bots can be delivered to a machine in a variety of ways -- via Trojans, emails, an unauthorized instant message client or an infected Web site. Once installed, bots lie low to avoid notice by antivirus and anti-spyware technologies,” the report said.

But because mobile devices have a shorter lifecycle than a PC -- about two years versus 10 years -- that ultimately could help manufacturers and security vendors better protect them, said Patrick Traynor, assistant professor in the School of Computer Science at Georgia Tech and member of the GTISC. The downside, however, is that battery power limitations on mobile devices could prevent these devices from being able to run security applications properly.

Look for open standards for handset security to make some headway next year, according to the report.

And meanwhile, more fodder on just how bad the botnet threat is to the enterprise: Ryan Naraine, security evangelist for Kaspersky Lab, said in the report that corporate machines are members of some of the biggest botnets. “It takes the average corporation two to three months to apply a Windows patch across all devices, so malware and botnets will continue to take advantage of known vulnerabilities within enterprise environments.”

Kaspersky said there will be a tenfold jump in malware objects this year, mainly due to identity theft and cybercrime focused on stealing data.

Other mobile threats on tap are increased attacks on smart phones as users deploy these devices for financial transactions, according to the report. And VOIP systems will also be abused. “Most people have been trained to enter social security numbers, credit card numbers, bank account numbers, etc. over the phone while interacting with voice response systems,” said Tom Cross, a researcher with IBM ISS’s X-Force team in the report. “Criminals will exploit this social conditioning to perpetrate voice phishing and identity theft.”

And VOIP systems will be at risk of DoS attacks. “Customers will demand better availability from phone service than they would from an ISP, so the threat of a DoS attack might compel carriers to pay out on a blackmail scam,” Cross said.

And even as the legitimate economy tanks, the cybercrime economy is booming. Cyber gangs offer the sale, lease, subscription, and pay-as-you-go malware kits, some with product guarantees and service and support, according to GTISC’s report. “Malware transitioned to the criminal world just over three years ago,” said Gunter Ollmann, chief security strategist for IBM ISS, in the report.

Ollmann says the cyber underground is split into three basic levels: criminals who use these kits to create malware for targeted attacks; skilled developers and technical experts who build components to embed into commercial malware-creation kits; and “managed service providers” who include services with this malware kits to “increase propagation and enabled organized fraud on a global scale, feeding gains back into money laundering chains,” according to the report.

And look out for cyberwarfare to become more a part of the scene in the coming years, going hand-in-hand with traditional military action. Cyberwarfe will "play a more shadowy role in attempts by antagonist nations to subvert the U.S. economy and infrastructure" as well, the GTISC report said.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • IBM Internet Security Systems
  • Kaspersky Lab
  • Recommended Reading: