New tactics, new dangers

Cybercrime is on the rise, and what’s more the criminals are fast moving to non-PC devices and unsecured parts of the network.

  • E-Mail
By  Sathya Mithra Ashok Published  May 1, 2007

|~|mcafee200.gif|~||~|In the second issue of its Global Threat Report, McAfee’s researchers state that while electronic crimes themselves are not likely to change much, the mechanisms used to carry out such attacks will evolve to use many other technologies. “The security research being done today uncovers clues to the types of attacks that are likely to become commonplace tomorrow. And today’s infrequent attacks can easily turn into tomorrow’s epidemic,” states the report. The statement continues that some of the major threats coming our way, as digital offenders look beyond the PC, include mobile spam, spoofed VoIP phishing and the infiltration of RFID technology. McAfee predicts that the growing smartphone market – which is expected to exceed US$250 billion by 2011 – is too lucrative for cyber thieves to ignore. Greater adoption of these devices, coupled with more users accessing personal and financial data on the phones, will lead to increased phishing attacks, spyware and identity theft. Mobile spam also has the potential to explode as spam and Trojan authors develop mobile malware. The report maintains that mobile network operators must adopt risk management measures to stay on top of these developments—not only to prevent costly disruptions but also to enable their environments for new, more secure and reliable services. VoIP – the revenues of which will touch US$20 billion in 2009 according to Infonetics Research – is another ripe messaging medium for spam. Spam over Internet Telephony (SPIT) is predicted to increase as VoIP allows spammers not only to place large volume of calls, virtually for free, but also to forge a lot of them. Spoofed VoIP phishing attacks will likely be more successful than their e-mail counterparts, because anti-SPIT technology is far behind that of antispam. In addition to these social engineering attacks, the VoIP technology itself is vulnerable to eavesdropping, recording, and hijacking, which means that attackers can capture confidential information, such as account and PIN numbers as well as personal conversations. VoIP suffers from buffer-overflow vulnerabilities as well, which allow ‘wiretapping’ programs to run on top of the software. Another emerging technology that poses a significant risk to privacy, as per McAfee’s research, is radio frequency identifications (RFID). Current RFID technology is vulnerable to eavesdropping, recording, cloning and forgery. RFID readers could contain vulnerabilities that would allow RFID chips to contain exploits to steal information from back end databases. As RFID becomes more widely adopted by corporations and countries for tracking and identifying people and assets, these elements could become prime ground for new-age intruders, adds McAfee’s report. Interestingly, ‘socially less-unacceptable’ crimes such as music, video and software piracy is also increasing. According to the report, those who commit such offences often hide behind the ‘safety in numbers’ defence. The report claims that botnets - infected PCs controlled by an attacker - leverage the work of others and often function like open source projects, developed collaboratively and refined by many. McAfee states that once countermeasures are widely deployed, the effort to circumvent them might force attackers to look elsewhere.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code