Security breaches, unknown security risks posed by Vista, spam and organized cyber crime are some of the Symantec's Top 10 Internet Security Trends of 2007.Phishing attacks will spread not only against the most popular brands of online services but also against any system which deploys single factor authentication such as username and password.
Here were the ten major security trends of the year as Symantec and others have seen them:
1. Data Breaches. Late last month, documents from an information-breach lawsuit against the TJX Corporation -- owners of TJ Maxx -- revealed that as many as 94 million customers using Visa and MasterCard were exposed to hackers. Further, in addition to Monster.com and Salesforce.com being hacked, there is also a report coming out next week that suggests half a million database servers are vulnerable. Turner says these events are what made data breaches the top concern among security experts this year.
2. Vista Introduction. More than a dozen security patches, perceived complexity and an ambivalent reception among tech media and some technologists have kept the much talked about OS in the news, making it a top issue of 2007.
3. Spam. The hair-growth pill promotions, penny stock tips, and promises of money from deposed African dictators won't stop hitting your e-mail inbox anytime soon. Moreover, spammers are increasingly taking more sophisticated approaches such as sending disguised PDF files, pretending to know you in e-mail subject lines and delivering Storm Worm malware through e-greeting cards.
4. Professional Attack Kits. Symantec believes that not only are hackers becoming more savvy but are also setting up a new revenue stream by selling hacker kits to peers. Such kits include MPack, which was popular this year and "phishing" toolkits pervade cyberspace as well.
5. Phishing. Phishing, a cousin of spoofing and masquerade hacking, gets its name from the way hackers use friendly or seemingly benign programs as bait. Symantec's Turner says criminals no longer have to hack in, as some users are coming to them.
6. Exploitation of Trusted Brands. By exploiting a trusted Website, hackers can trick someone into thinking they're getting on Bank of America's homepage by, for instance, sending them a link such as www.bofa.com@yourmoney.com. Someone may then key in information on a false interface. While most browsers nowadays are equipped with warning messages, "Phishermen" also take advantage of misspellings of popular Internet addresses.
7. Bots. Hacking by proxy is an increasingly common way for cyber criminals to maintain anonymity, and the use of "Bots", or Electronic Data Interchange translators, is one of the many malicious emissaries used to siphon protected information.
8. Web Plug-ins. ActiveX control modules, derived from Microsoft's Component Object Model and used to manage multimedia applications, comprised the majority of plug-in vulnerabilities in 2007, according to Symantec. These modules are usually downloaded from Web pages and used to make programs more compatible with others -- but they can also be used as attack vectors.
9. Vulnerabilities for Sale. This year the debate over the link between proof of concept exploits and "wild" exploits heated up after a decision in late September by Swiss tech upstart Wabi Sabi Labi Ltd., to create an eBay Inc.-style auction for unpatched, zero-day software vulnerabilities.
10. Virtualization Machine Security. Software and server virtualization, as evidenced by VMware's multi-billion-dollar IPO and new entries by Oracle, Sun, Microsoft and others, is definitely here to stay. If two file servers can do the work of ten, as some proponents attest, then a hacker can have a field day exploiting such technology.
|
