The last decade has proved a boon for Cybercriminals with double digit growth year after year, and deadly attacks which have become more targeted towards users, according to a new report by McAfee.
Following the world’s anticlimactic scramble against Y2K, cybercriminals have found the explosion of social media and mobile devices have created new opportunities for them to make money and cause damage, says the security firm.
To put the growth into perspective, the FBI-backed Internet Crime Complaint Center reported that cybercrime losses to consumers in the U.S. alone doubled from 2008 to 2009 to $560 million while consumer complaints grew by more than 22 percent.
“10 years ago, cybercrime was a completely different business”, said Michael Sentonas, McAfee CTO for APAC. “Over the last decade, cybercriminals and their tactics have grown in complexity and sophistication. Attacks have become more targeted and users more vulnerable as more sensitive and personal information is stored on the Internet.”
Recent events have further indicated that cybercrime has reached a new level of maturity and pervasiveness. Attacks are also now targeted against governments and organisations as cybercriminals use their skills not just for profit, but for protest.
Even WikiLeaks, the media group that publishes leaks on the Internet, has turned to online activism, now known as ‘hactivism’, by launching attacks to take down the websites of organisations they deem unsupportive of their controversial publication of leaked documents.
Now with the explosion of social networking, and the growth of personal information that can be collected by location based mobile services, users are even more at risk, costing both business and personal users dearly, warns McAfee.
In its report, A Good Decade For Cybercrime, McAffee said the top three exploits were the “I Love You” worm in 2000, which caused $15 billion worth of damage, MyDoom’s Mass Infection in 2004 which cost damage worth $38 billion, and Conficker’s Stealthy Destruction which caused an estimated $9.1 billion damage in 2007.
The “I love you” worm (named after the subject line of the email it came in) proved irresistible for millions of users who downloaded the attached “love letter” file and a bitter virus.
The fast-moving MyDoom worm first struck in 2004 and tops McAfee’s list in terms of monetary damage. Due to all the spam it sent, it slowed down global Internet access by 10 percent and reduced access to some websites by 50 percent, causing billions in dollars of lost productivity and online sales.
In 2007, Conficker’s worm infected millions of computers, as cybercrooks became more professional. Conficker was designed to download and install malware from sites controlled by the virus writers.
The first decade of the century was also the decade for a variety of scams. One of the most insidious scams is the fake anti-virus software scam which lure victims to purchase software to get rid of misleading pop-ups, and then stealing credit card information and downloading malware instead of security software when the victim agrees to purchase.
Phishing, or trying to trick users into giving up personal information, has also become common. Phishing can come in spam emails, spam instant messages, fake friend requests or social networking posts.
And more recently, cybercrooks have become adept at creating fake websites that look like the real deal. From phony banking sites, to auction sites and e-commerce pages, crooks are constantly laying online traps to fool users into entering credit card or personal information.
McAfee says the continuation of social networking scams and tricks, such as malicious links, phony friend requests and phishing attempts is likely to continue into the future. The scams are likely to get more sophisticated and personalised, especially if users continue to share a great deal of information.
“With more and more users posting where they are in the physical world, crooks have ample opportunities to figure out users’ patterns, current location and when they’re away from home. Put together with other available online information, such as their address, this online data can lead to serious real world crimes, like robbery”, its report warned.
The McAfee Labs’ report predicted: “While many of the types of attacks will stay the same (i.e., phishing, dangerous websites and downloads, and spam) cybercrooks’ methods will become more targeted and clever. The days of destruction for bragging rights is over – now it’s all about money and discretion”, McAfee Labs concluded.