Trend Micro Unveils 2008 Threat Report and Strategies to Penetrate Security Market in 2009

Rathasiri Kaikeaw, regional sales manager, Indochina of Trend Micro, remarked " This year, Trend Micro will focus on Total Solution Service which uses Smart Protection Network technology and introduce Trend Micro Message Archiver (TMMA) which features more compressed email storage to reduce storage space. The TMMA comes up with data encryption system for outgoing emails to prevent leakage of business data.             

This year, Trend Micro expects the growth rate at 20 % and will focus our business to enterprise and medium businesses." 

Ratsiri concluded "The factors that stimulates the growth of security market in Thailand include 1) new threats that constantly emerge will cause users to adjust and seek new security products 2) The Computer Act year 2007 will alert and stimulate computer users to be more cautious on using computers and internet 3) the campaigns to prevent piracy software will stimulate government and private sectors to select the appropriate software and solution for their organizations." 

Khongsak  Kortrakul , technical consultant of Trend Micro ( Thailand ) remarked " 2008 was a year of survival, exploration and innovation for cybercriminals. The past couple of years have blown the lid off the underground cyber-economy and how malware writers have shifted their motives toward financial gain. Tech-savvy users became more aware about Web threats. Cybercriminals on the other hand have used new avenues or improved on old ones to gain profit."  

TrendLabs tracked down detours, pitstops and newly formed superhighways while following the stories of the following threats : Botnets: Resident Evil -- Malware From January to November 2008, a staggering 34.3 million PCs were infected with malware under families that are commonly associated with bots. Spam Around 115 billion spammed messages are being sent every day, up from the average 75 billion in 2005 to 2006. Ninety-nine percent of spam comes from compromised computers, including those with malicious communication to and from remote users.

Black Hat SEO and FAKEAV -- poisoning search results is one notable trick used by malware writers in 2008-notable because throughout the year it refused to die down, owing perhaps to its effectiveness in tricking unsuspecting users. It works because of the popularity of search engines, which are integral in everyone's Net activities. Those who manipulate search results hinge on the trust users place on these search tools to lead them to their chosen website. Mass Compromises -- Compromised websites present a difficult problem for Web users. It works because users may think they are still accessing a trusted website, but in fact some malicious activity is already happening with their PCs.

Rootkits -- while rootkits are not necessarily harmful, some developments in rootkit technology were controversial. Blended Threat such as Malicious spam attachments While malicious attachments in spam have been infecting users even before this year, notable social engineering techniques were used in 2008. In January and February, there were targeted attacks that used malicious Microsoft word attachments . Non-traditional phishing This year there was a development in phishing that made use of other attack vectors. First was the prevalence of spy-phishing , or a blended threat that combines both phishing and information-stealing malware to prolong attacks beyond the point of availability of a phishing website.

The darker aspect of convergence is the inevitable carry-over of "digital hackability" to workaday devices. While Internet connectivity is by itself an open door, proof-of-concept attacks targeted at devices sporting this functionality effectively magnify the real-world effects of going digital/online.

In the threat landscape, cybercriminals use the reliability of existing infection methods, integrating them with new technological advancements. The results are hybrid-like Web threats that take advantage of the dependability of tested techniques and sophistication of new ones.

O   Vulnerabilities -- operating system vulnerabilities still served their purpose for malware authors in 2008. Windows vulnerabilities were exploited and used in illicit schemes   

O   Regional Threats -- leveraging on specific profiles of certain regions was still rampant and effective in 2008

O   Mobile Threats -- mobile threats in 2008 were mostly related to mobile phones, some of the most notable being those related to the Apple iPhone , and more recently, one targeting Windows Mobile PocketPC . Data loss caused by the theft or misplacement of mobile devices such as laptops and storage devices has proved more damaging in 2008.

O   Social Engineering -- the changing world rendered users with short attention spans, and has made the craft of captivating an audience such a nifty skill to master. Malware authors seem to never run out of tricks in doing this--constantly adapting to the current times and circumstances to search for an unfortunate audience to exploit.  

In 2009 antiquated propagation techniques such as file piggybacking, email, removable drives, peer-to-peer and instant messaging being used this year. This trend will continue as malware writers fully realize the potential of Web 2.0 for propagation. And cybercriminals will continue to take advantage of events, celebrities, and political figures, among others, as social engineering bait. More threats make money out of mobile technologies. And as mobile phones and other handheld devices become more and more interconnected with their desktop counterparts. Furthermore, spam has consistently risen over the years and it will continue to do so in 2009. United States will continue to be the country that sends out the most spam, while Europe the most spammed continent.