Spam levels continue to rise
We may not want it, but it still keeps coming. In July 2009, an average of 89 percent of all e-mail messages were spam. The overall amount does fluctuate, and a fight is underway to ward off or close down as many spammers as possible, but on average, the levels of spam have primarily risen rather than fallen. Big headlines almost always lead to more spam, and major headlines from 2009, such as the death of Michael Jackson, the H1N1 flu outbreak and the Italian earthquake are obvious examples of this.
Web threats grow in complexity and sophistication
Distribution and channel options are not the only things that have increased for cybercriminals, their skills and creativity have followed the same pattern. In addition to the threats being new, they are becoming increasingly sneaky and complex. New scams, such as drive-by downloads, or exploits that come from seemingly legitimate sites, can be almost impossible for the average user to detect. Before the user knows it, malicious content has been downloaded onto their computer, and they face an often expensive and time consuming recovery process. As predicted, the level of sophistication in such threats continues to rise.
New malware variants explode onto the scene at an unprecedented rate
One of the most noticeable increases we have observed in the security landscape is the sheer number of attacks and various methods for their distribution. Each month, Symantec security researchers block an average of more than 245 million attempted malicious code attacks across the globe. Most of the attempted threats have never been seen before. A combination of new distribution strategies, new media and Internet channels and increasingly advanced hacker techniques all add up to more malware. While attackers previously used to distribute a few threats to a large number of people, they are now micro distributing millions of distinct threats to smaller, unique groups of people. All of these factors combined together equal an unlimited number of unique malware attacks occurring.
New and Developing Trends
Cross-industry cooperation increases in an effort to tackle cybercrime
The Conficker worm, which grew to alarming proportions early this year, prompted collaboration across several groups to solve one of the most complex and widely spread threats to hit the Web in a number of years. The Conficker Working Group was comprised of industry leaders and people from academia and as they worked together, the combined efforts of the group proved successful. Security researchers, Internet Corporation for Assigned Names and Numbers (ICANN) and operators in the domain name system were able to work with several industry vendors to coordinate a response that disabled domains targeted by Conficker. This example represents the type of collaboration that will likely increase in the industry in order to successfully address today's ever-more complex security threats.
Some old threats make comebacks
While much has changed on the threat landscape, some basic components remain, and, more interestingly, some older trends have made a comeback. As stated earlier, many cybercriminals have begun sending multiple distinct threats to smaller numbers of people, but there have also been notable examples of the older technique of sending a few threats to a massive number of people. The motivation for either method is frequently financial, as much of today's malicious Internet activity is, and the goal is often to steal personal data, distribute rogue antivirus software or propagate spam. There are of course those attacks that have no real purpose except to wreak havoc, but whatever the motivation, the various methods are prompting the need for a multi-layered defense that combines traditional detection with complementary detection such as reputation-based security models.