The Decade's Most Devious Cybercrimes
McAfee reports lists top exploits of the past 10 years.
Jan. 25, 2011 -- Computer security efforts may be getting stronger, but cyber criminals are still getting smarter.
According to the Internet security company McAfee, despite a global recession and ramped-up security efforts worldwide, cybercrime has grown by double digits every year for the last ten years.
In "A Good Decade for Cybercrime," a report released today, McAfee shares the unsettling news that while the rest of us have enjoyed a decade of booming Internet technology, cybercriminals have thrived by exploiting it.
In the U.S. alone, the Internet Crime Complaint Center says that cybercrime losses to consumers doubled from 2008 to 2009, reaching $560 million, while consumer complaints rose by more than 22 percent.
In Early 2000s, Cyber Attacks Were 'Haphazard,' Meant to Irritate
But David Marcus, McAfee's director of security research and communications, said that cybercriminals didn't always know that they had such a lucrative opportunity on their hands.
"When you look back to the early, early 2000s, you saw a lot of things that were either done for the sake of irritating someone or done in a haphazard sense. There was really no sense of data being valuable," he said. "Then you jump ahead a year or two and it's like a light bulb went off. ...[Cybercrimals thought] There's data, I can make money from that data."
At the beginning of the decade, he said, computer crime was measured in terms of how much downtime the IT department suffered and the loss in productivity. But the stakes changed as computer use ballooned and consumers became more interested in e-banking and online shopping.
"It's the financial transactions that really started changing things," he said. "E-commerce exploding, people buying and selling goods online and the transferring of things online."
E-Commerce Pushed Cybercriminals to New Money-Making Tactics
As more consumers participated in the world of e-commerce, cybercrooks refined their ways of exploiting it, he said. They developed adware, which automatically displays pop-ups meant to get users to purchase products or services. They turned to spyware, which tracks websites users visit and records what they type.
In the past decade, botnets also become en vogue among Web-savvy criminals, McAfee said. They learned to infect hundreds, even thousands, of computers at once and remotely control them to distribute spam, steal information or attack other websites. In 2010, McAfee reported that it saw an average of six million new botnet infections each month.
As people continue to turn to social networks and mobile computing, Marcus said, the bad guys of the Internet will follow.
"That's fertile ground for cyber criminals -- those huge jumps in technology, those changes," he said.
For example, Twitter's "trending terms" may let the rest of us see what the online world is buzzing about, but Marcus said it gives crooks "phenomenal insight into how to scam people." They can turn those trending terms into links meant to send unsuspecting Twitter users to malware-loaded websites.
Location data from services like Foursquare and Gowalla give criminals unprecedented information about users' habits, patterns and when they're usually not at home. McAfee warns that online data could lead to real-world crimes, such as robbery.
But despite the new threats -- and ongoing warnings -- McAfee said computer users don't always take the necessary precautions. According to a recent survey, 58 percent of users said they had a complete security suite. When those same survey takers scanned their computers for software, McAfee said just 37 percent found that they were fully protected.
"We've probably been talking about spam for 25 years. I think you'd be hard-pressed to find people who are online these days who are not aware of spam," said Marcus. "But has it led to behavior change? I'm not so sure."
McAfee's Top Cyber Exploits of the Decade
As part of its report, McAfee also detailed the top cyber exploits of the decade, highlighting attacks that represented different cybercrime eras. Check out the list below.
1. MyDoom's Mass Infection: Estimated damage: $38 billion
McAfee said this 2004 worm tops its list for monetary damage. Designed to infect computers and send spam e-mail, the worm slowed global Internet access by 10 percent and reduced access to some websites by 50 percent. McAfee said it led to billions of dollars in lost productivity and online sales.
2. "I Love You" Worm: Estimated damage: $15 Billion
Named for the subject line of the e-mail that delivered it, this worm hit millions of users in 2000. When users opened the attached "love letter," they actually downloaded a virus that ended up costing companies and government agencies $15 billion in cleanup.
3. Conficker: Estimated damage: $9.1 Billion
This worm originated in 2007 and has infected millions of computers since, installing keystroke-logging and PC-controlling software that gave cybercrooks a way to steal users' personal information and access their machines.
4. Stuxnet Worm: Damage unknown
This recent worm was designed to hijack and potentially cripple real-world targets such as nuclear power plants, factories and oil rigs. Stuxnet has reportedly damaged nuclear facilities in Iran and government facilities in the U.S., India and Indonesia, McAfee said, but its creators are still unknown.
5. Zeus Botnet: Damage unknown
Named for the all-powerful Greek god, this circa 2007 worm is known for stealing personal information by capturing data entered on Internet banking sites. More recently, the worm has shown its ability even to infect mobile devices.