![\"2015\"](\"http:\/\/hidefideas.com\/blog\/wp-content\/uploads\/2016\/03\/2015.jpg\")
It\u2019s a new year, and that\u2019s always a good time to review security policies and threat analyses. 2014 was a year filled with big news stories about hacks, and there\u2019s no reason to believe that things are going to get any better. Leading the news were the Apple iCloud leak<\/a>, the Sony<\/a> hack fiascoes <\/a>(there were more than one), and a number of prominent data breaches<\/a>. If these stories aren\u2019t enough to make you revisit your network hardening, then you must have a pretty secure infrastructure and I\u2019d like to find out how you did it.<\/p>\nIt\u2019s 2015, and as we look forward to the new year, we can only guess what problems hackers and spammers have in store for us, but it\u2019s a safe bet that whatever we do to be proactive, they\u2019re going to find a way to break it. We can look back at 2014, though, to see what trends became apparent. By understanding what happened, we can make some educated guesses about this year\u2019s threat landscape, and it all starts with botnets.<\/p>\n
According to the Spamhaus Botnet Summary 2014<\/a>, botnet use is on the rise. It\u2019s no surprise that Spamhaus reports \u201cthe majority of detected botnets are targeted at obtaining and exploiting banking and financial information. Botnet controllers (C&Cs) are hosted disproportionately on ISPs with understaffed abuse departments, inadequate abuse policies, or inefficient abuse detection and shutdown processes. Botnet C&C domains are registered disproportionately with registrars in locations that have lax laws or inadequate enforcement against cybercrime.\u201d According to ZDNet.com<\/a>, \u201cin 2014, Spamhaus detected 7,182 distinct IP addresses that hosted a botnet controller, which is an increase of 525 — or approximately eight percent — over the number recorded in 2013. C&C centers were hosted on a total of 1,183 networks.\u201d<\/p>\n Interestingly enough, IP addresses hosting C&C servers are not hosted in countries typically considered to be the usual suspects. Spamhaus reports that a network in France comes in at number one with 189 C&C servers; Germany at number two with 124; and the Netherlands comes in third at 120.<\/p>\n On the malware side, the report identified ZeuS as the runaway leader, being found on 2,246 C&C servers. Citadel comes in at number two, with 1,127. Asprox, a spambot, was a distant third, being found on 566 server. Both ZeuS and Citadel are e-banking Trojans, so it\u2019s pretty clear what the primary focus of spammers is. It\u2019s all about the Benjamins, baby.<\/p>\n On the spam side, we\u2019re seeing sharp rises in malicious links as spammers drift away from attachments. This makes plenty of sense, because everyone emphasizes the danger of attachments, but many people are comfortable with clicking links and don\u2019t seem to get that links can be spoofed. And it\u2019s a no-brainer that spam filters are looking for attachments, whereas links are more benign. According to Help Net Security<\/a>, spam emails containing malicious links rose from 7 percent in October to 41 percent in November, a whopping increase over a month. That number continued to climb in December. \u201cWhile many malicious emails come with an attachment, organizations can block and filter these types of messages,\u201d a security expert tells HNS. It\u2019s suspected that \u201cthe Cutwail botnet (Trojan.Pandex) is behind some of the recent spam messages, along with other botnets, and that attackers have resorted to using links in a bid to avoid email security products that scan for malicious attachments.\u201d<\/p>\n