2008 Data Security Prediction: More Trouble for CISOsBy John McCormick | Posted 2007-10-05 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Corporate wikis, RFID tags, telephone text messages—the bad guys will target them all, according to a new report.
Chief information security officers should be on guard next year for social network attacks, Web 2.0 vulnerabilities and mobile computing hackers.
Those risks are among the top security threats for 2008 as listed in a new report from the Georgia Tech Information Security Center, a research and education arm of the Georgia Institute of Technology.
According to the report, titled the Emerging Cyber Threats Report for 2008, the top five threats CISOs will face next year are:
- Web 2.0 and Client-Side Attacks. The reports says that Web 2.0 applications —such as blogs, wikis, and real simple syndication —make the Internet more interactive, but notes that there's now more executable code in the browser. Hackers can install malware on a Web site, which is activated when someone visits the site. The report says that as Web-based social networks become more popular they will increasingly become targets.
- Targeted Messaging Attacks. Attacks through e-mail, instant messaging and peer-to-peer networks will increase next year because hackers have invented new ways to get around defenses. Among their new tricks, the report says, are malware embedded within videos and spam disguised as business documents, such as PDFs or Excel spreadsheets.
- Botnets, specifically the spread of botnet attacks to wireless and peer-to-peer networks. Georgia Tech estimates that 1 in 10 computers hooked up to the Internet contains Botnet code —which allows the machines to be highjacked and ordered to launch spam, spyware or denial-of-service attacks. While botnets aren't new, Georgia Tech says they'll be used for different purposes, such as information theft, and deployed in different ways, including in peer-to-peer networks, which will make them harder to track and eliminate.
- Threats Targeting Mobile Convergence. While there are already hundreds of mobile computing viruses, users will face a rash of voice spam and smishing, or short message service (SMS) phishing, schemes.
- Threats to Radio Frequency Identification Systems. RFID is being deployed in various applications across the county and becoming a bigger target. Georgia Tech expects RFID attacks similar to the ones that have affected WiFi networks. Hackers are expected to set up devices to eavesdrop on transmissions or send command signals to readers, which, for instance, could result in building-entry system crashes.
"There are a lot challenging new ways bad guys can get to our machines," said Mustaque Ahamad, the director of the Georgia Tech Information Security Center.
Hackers are constantly thinking of new ways to attack systems and organizations are constantly stretching their ability to detect and eliminate threats, he said. "It's an arms race."
Related coverage at Baselinemag.com:
Computer Security: How to Meet the Complexity Challenge, Aug. 24, 2007