A YEAR OF FRAUD (PART I)
The New Year is the ideal time to present a summary of all that we have seen during 2011. The data that we will present here is related to fraud incidents closed by S21sec’s SOC/CERT.
We have acted on 4759 fraud incidents that directly affected our clients, slightly fewer than the number recorded the previous year. The distribution of these incidents can be seen in the following graph.
Once again, the number of phishing related incidents exceeds those related to malicious code. This is mainly due to our clients in Latin America who suffered fewer malicious code incidents.
The following stack chart shows the monthly distribution of all incidents.
Personally, I feel 2011 has been deceptive, constantly promising major news but failing to deliver. 2010, in contrast, was a remarkable year. It brought with it both new attack methods (MitB, MitMo) and new malicious code families (Tatanga, SpyEye, etc.).
What happened in 2011?
Now that we can review 2011 in its entirety, we could consider it as a transitional year. During 2011 we have seen that the cyber-criminals improved their fraud related methods and tools, but did not introduce any notable innovations.
Could this stagnation be related to the global economic crisis?
It is hard to relate the changes in the fraud typology with economic reality, but there is no doubt that certain aspects have influenced the past few months.
Social engineering attacks, usually made by individuals (not organised), have increased considerably. The costs of preparing this kind of attack are low, which has led to many new individuals (drawn by the chance of rapid returns for minimal investment) entering the scene. This fact is particularly relevant in Latin America, the only place in the world where we have seen an increase in incidents on previous years.
On the other hand, we have the much more complex and expensive malicious code attacks. These are usually made by very well organised mafias with abundant resources. In 2011 we expected SpyEye to takeoff as ZeuS (its main rival) abandoned their development at the end of 2010 and published the source code. However, this did not occur probably because of Spyeye’s elevated price. Furthermore, we have seen how some “gangs” have instead taken advantage of the published ZeuS code to develop new families of malware without having to take on the associated costs.