5:20 AM
Unknown
Emerging threats for…all data-driven!
Data will continue to become the principal motive behind future cyber crime—whether targeting conventional fixed computing or cellular applications.
According to security expert George Heron, “It’s all within the data,”
According to security expert George Heron, “It’s all within the data,”
whether botnets, malware, blended threats, cellular threats or cyber warfare attacks. And Heron expects data
to drive cyber attacks for many years to come. The details motive is woven through all 5 emerging threat categories,
beginning with malware-
Malware
Ryan Naraine, security evangelist for Kaspersky, believes that malware delivery—the very first step in generating a bot—will turn into much more insidious by taking advantage of poorly configured Web sites, social networking sites and false domains.
“We are projecting a 10-fold increase in malware objects detected in 2008,” stated Naraine.
“This is ‘hockey-stick’ growth driven by identity theft and data-focused cyber crime.”
Naraine expects criminal senders to use far better social engineering techniques to cloak malcode in what appears to become legitimate email with acceptable Net links.
For example:
A Facebook message sent from 1 friend to another includes a link to a YouTube video of interest to the recipient. The recipient clicks over a link supposedly sent by his/her friend, and then sees a prompt to install the latest version of Flash Player to be able to watch the video clip.
The user clicks to install the update, but actually installs a piece of malware on the machine, effectively involving the pc inside a botnet.
The user clicks to install the update, but actually installs a piece of malware on the machine, effectively involving the pc inside a botnet.
As cyber criminals move beyond mass-distribution style phishing scams, they're learning how to localize and personalize their attacks for far better penetration.
Social networking sites like MySpace, Facebook and others will likely be applied as delivery mechanisms for getting unsuspecting users to a malicious Website link in order to deliver malware.
During the coming year, GTISC along with other security experts also expect a lot more targeted spear-phishing vehicles to install malware and/or steal data.
For example:
During the coming year, GTISC along with other security experts also expect a lot more targeted spear-phishing vehicles to install malware and/or steal data.
For example:
Attackers may target clients of a local credit union with a spoofed email referencing a local news story of
interest. Once clients click the bogus link inside the email, the malware is installed and can log keystrokes and mine other individual information| to be sent back to a malicious bot master or cyber criminal.
Naraine cited computing mono-cultures and slow or non-existent desktop computer software patching as fueling the malware/botnet crisis. “When you've almost 100 percent of users standardized on the single application, it approaches that a single issue of security failure can bring about infection of an entire computing ecosystem,” stated Naraine.
Naraine’s research implies that some of the largest botnets are comprised of corporate machines. “It takes
the average business2 to 3 months to apply a Windows patch across all devices, so malware and botnets
will continue to take in advantage of identified vulnerabilities within business environments.”
On the bright side,several software program vendors are now shipping auto-patch/update ability with every new software release.
Firefox, Adobe and Apple all do this And Naraine believes that Microsoft operating system security has improved with each successive release. The auto-update features support both corporate and consumer end users stay up to date with patches—which eliminates a lot of “low-hanging fruit” |for ones cyber crime community.
A total of 28940 different malicious and potentially unwanted programs were detected on users’ computers
in August. That is an increase of more than 8,000 on July's figures and points to a significant increase in the
number of in-the-wild threats.
http://www.kaspersky.com/news?id=207575678
“We are so conditioned to click on links, and the bad guys know this,” said Naraine. “The email lures, the
enticements and the personalization of malware attacks are getting much better. Social engineering attacks
on social networks are beginning to explode and will only get worse.”
Ryan Naraine - Security Evangelist, Kaspersky Lab, Americas
Firefox, Adobe and Apple all do this And Naraine believes that Microsoft operating system security has improved with each successive release. The auto-update features support both corporate and consumer end users stay up to date with patches—which eliminates a lot of “low-hanging fruit” |for ones cyber crime community.
A total of 28940 different malicious and potentially unwanted programs were detected on users’ computers
in August. That is an increase of more than 8,000 on July's figures and points to a significant increase in the
number of in-the-wild threats.
http://www.kaspersky.com/news?id=207575678
“We are so conditioned to click on links, and the bad guys know this,” said Naraine. “The email lures, the
enticements and the personalization of malware attacks are getting much better. Social engineering attacks
on social networks are beginning to explode and will only get worse.”
Ryan Naraine - Security Evangelist, Kaspersky Lab, Americas
Posted in: 
0 comments:
Post a Comment