|
 Who knew there were so many ways to become a victim of cyber crime? No doubt, the security landscape has significantly changed as financially motivated criminals create malware, infiltrate systems and steal valuable data and assets. But as security threats grow in size, scope and sophistication, so do the opportunities for partners to help businesses secure their networks and reduce the risk of attack. CRN lists some of the biggest security threats that may be on the horizon through 2009.
1. Trojans/Info Stealing Keyloggers/ Fast Flux Botnets
Attackers often hit the jackpot with information stealing bots and keyloggers that sit silently on systems and steal sensitive and financial data—all completely unbeknownst to the user. Security reports indicate that more than 700,000 pieces of new malware have already been detected since January. And if current malware trends continue, this type of data-stealing malware will more than double in 2009. One of the most notorious Trojans is Storm. Also known as Nuwar, the Storm is the most versatile malware on record. And it is thus far unstoppable.
2. Data Loss/Breaches
No one wants to become the next TJX. Data has become a business's most important asset—and cyber criminals know it. Consequently, cyber criminals will increasingly refine their attacks to get at the heart of a businesses' data center. Malware, delivered via blended threats and social engineering, is designed to stealthily swipe data off a user's computer and send it to offshore servers. While financial data, such as Social Security numbers, credit card and bank account information will continue to be attractive targets, security experts say that criminals will increasingly focus on intellectual property, passwords and other types of identifying information.
3. Internal Threats
Whether intentional or accidental, internal threats will continue to be one of the biggest security threats over the next 12 to 18 months. If a company's security policies are unknown or unenforced, users will continue to unknowingly engage in risky behavior, such as surfing unsafe web sites, clicking on malicious links delivered via e-mails, or failing to encrypt sensitive data. As the workforce becomes increasingly mobile, users will further increase the risk of exposure by working on open networks with unencrypted mobile devices.
4. Organized Cyber Crime
Gray Pigeons. Honkers Union of China. They sound like teenage garage bands, but in reality they are highly organized and complex cyber crime organizations. In the last two years, groups of hackers once loosely defined with a common goal have coalesced into complex multi-layered global networks. Sophisticated organizations like the Russian Business Network are responsible for creating and distributing much of the malware that is increasingly targeting businesses that span the market segments.
5. Phishing/Social Engineering
Considered a gateway to a larger "blended attack," social engineering is becoming more creative and targeted in nature. In a phishing attack, users will generally be enticed with an alluring e-mail subject line, often touting a fake breaking news headline or a celebrity video. Once the e-mail is opened, the user is treated to a brief message, and encouraged to click on a malicious link embedded in the message claiming to lead to another web site or video. Instead, the link often links to an infected web page, which installs malware on the unsuspecting user's computer. Social engineering has become so sophisticated, that attackers have begun to design e-mails specific to targeted individuals—usually executives and others with access to sensitive information—in what is known as a spear phishing attack.
6. Viruses
While not posing the same threat as in years past, viruses still can wreak havoc in a company's network by infecting files and applications, costing a company thousands of dollars of lost production time. Viruses such as Parite, first detected in October 2001, infects its host file, Netsky, and drops executable malware. Other viruses, such as Virut, are polymorphic file infectors that download and run other malicious programs,
meanwhile infecting all the executable files in order to replicate.
7. Cyber Espionage
Cyber attacks aren't just for stealing credit card numbers and social security information. Following Russia's invasion of Georgia, hackers from both countries escalated what some had termed an all out cyber war by hijacking news and popular web sites each other's countries. Attacks on Georgian web sites rerouted visitors and left many government and news sites defaced or blocked entirely. Security experts expect that cyber espionage will soon become a standard means of attack during international conflict.
8. Zero Day Exploits
Once hackers detect a security glitch in an application, it's only a matter of time before they develop malicious code to attack vulnerable systems before a patch is created. These vulnerabilities often affect Web browser and applications relegated to a specific platform. But recently, security researchers detected a variation of a cross-platform Domain Name Server vulnerability that can open the door wide open for what is known as cache poisoning attacks—tricking the DNS to accept an incorrect request which subsequently reroutes unsuspecting users to another, usually malicious web site. Once a user is rerouted to the malicious site, financially driven cyber criminals then have the ability to dump Trojans, keystroke loggers and an array of malicious payloads onto users' vulnerable computers. Meanwhile, attackers are working to develop malicious software that can automate web browser vulnerability exploits, reducing the time it takes to exploit a system to seconds.
9. Web 2.0 Threats
As more applications migrate to Web 2.0, so will the security threats. Users can expect to see more attacks on social networking sites such as Facebook and MySpace, as well as professional sites like LinkedIn. One recent example included an attack infecting United Nations and some UK government web sites. Users visiting the infected sites unknowingly downloaded a malicious file that attempted to deliver a combination of eight different exploits. And users should be wary of phony "cleaner" software that dupes users into paying for an application that they believe will rid their system of viruses. In reality, most of these applications are useless at best.
10. Vishing
Security researchers have found that Voice over Internet Protocol (VoIP) attacks comprised more than double the number of security vulnerabilities in 2007 compared to all of 2006. And while many users are becoming increasingly savvy to spam, phishing and other Internet related scams, that awareness doesn't always translate to voice protocols. Security experts anticipate a 50 percent increase in VoIP-related threats by the end of this year. |