Application security, Threat Management, Incident Response, Malware, Phishing, TDR

Threat forecast predicts more Storm, spam, phish

Variants of the Storm Worm are expected to emerge in the form of e-cards, just in time for Father's Day, according to a report released by MX Logic.

The company's June 2008 Threat Forecast also predicts a slight increase in overall spam levels and for spam and phishing schemes related to:
  • The China earthquake
  • Increased gas prices
  • Stimulus checks
According to the report, total spam volume is expected to remain high or increase slightly, even though May showed a 15 percent decline in overall spam volume. Historically, a decrease in overall spam volume is only brief and is typically followed by an increase.

Also, in addition to Storm variants, a recent CNN news spam observed in late May could be a prelude to a broader attack. This particular spam didn't contain anything malicious, which is often a tell-tale sign of a test run by spammers.

The MX Logic Threat Forecast and Report is published every month and is developed using current and historical data and trends, as well as expert analysis of realtime spam and virus events monitored and assessed by the 24x7 MX Logic Threat Operations Center.

However, this forecast is relatively conservative, Avivah Litan, vice president and distinguished analyst at Gartner Inc. told on Thursday.

“There is nothing really new here, but just a confirmation of several key trends,” she said.

According to Litan, those trends include Spam and phishing email volume that continues to rise, despite temporary declines such as seen with spam volume in May and  mutants of worms and other trojans that continue to be a looming and growing threat. And the market is far behind is fighting these attacks.

“There is strong pent-up demand for new behavior-based anti-malware technology, but good solutions are scarce,” Litan explained. “In the meantime, there is strong evidence that malware on end-user desktops is a rapidly growing attack vector for the criminals.”

Social engineering continues to be a major threat against all businesses and customers, and is especially problematic given existing business processes and day-to-day routines.

“There are solutions that can be put in place -- such as strong mutual federated authentication -- but they essentially require a major retooling and 'securitization' of our open internet infrastructure,” she added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.