Exploit kits, traffic direction systems cited as Top 2 emerging online threats

‘Exploit kits’ — basically, malware in a box — and traffic directions systems are listed as the Top 2 emerging online threats by Trend Micro, a provider of cloud computing and Internet security systems.

Trend Micro senior threat researcher Paul Ferguson recently gave a report from the front lines of threat detection, including a list of Top 10 security threats.

His Number 1 threat is ‘exploit kits.’ This is a bundle of code that lets hackers exploit the most prevalent security flaws in the general user base. “It lets hackers cast a wide net so they don’t have to be choosy about their victims,” Ferguson notes.

Traffic direction systems (TDS) are second on the list. “These are used to send victims to specific locations on the web where they can be exploited,” Ferguson writes. “The criminals behind the TDS make money by sending or redirecting traffic to these locations.”

Other notable threats on the list (in no particular order) include:

• Mobile Threats: “To date we haven’t seen evidence of significant, concerted efforts to target e-commerce or banking applications through mobile devices,” Ferguson writes. “We expect that to change once near field communications (NFC) reach a larger percentage of the consumer market.” NFC allows mobile devices to establish radio communications with each other through touch or by being in close proximity to one another.

• HTML5 Exploitation: “On the plus side, HTML5 brings together a whole collection of previously disjointed web technologies; however, now any of them can be exploited under the general HTML5 umbrella,” Ferguson writes. “And your browser can now be exploited regardless of the underlying operating system.”

• Unregulated Markets: “Smart cybercriminals know how to fly under the radar by selecting domain registrars and hosted services providers that won’t notice their activities (or will ignore reports of abuse),” Ferguson writes. “In emerging markets outside of North America and Western Europe — where oversight and remediation organizations may not even exist — cybercriminals, like pirates, are more likely to practice their trade unhampered by regulations.”