Web threat set to red

Security firms predict the number of attacks launched over the internet will continue to increase in the region over the coming year as broadband penetration rates rise

  • E-Mail
By  Administrator Published  December 29, 2006

Greater use of broadband in the region is generally seen as a good thing, bringing with it benefits such as increased connectivity and easier access to financial and government services, but in terms of security it is far from good news.

An increasing number of threats are web-related, according to vendors. Web-based threats have increased by almost 15% this year since last December accounting for almost half a million reports this year, according to Trend Micro, and are only like to continue to increase in 2007.

“Owing to increased bandwidth in many countries, the downloading of media files, cool programs and other data types is becoming very popular. Malicious attackers are increasingly using public networking sites to hide their malware, with users downloading malicious files without realising it, often triggering multiple infections,” the security vendor notes in its 2007 forecast.

“Due to the growing number of online users in the region and the real threat of internet hackers, who are constantly coming up with more illusive schemes to evade detection or dupe consumers, the need for greater IT security precautions will be on the increase to ensure that in 2007, online users enjoy more protection from a growing wave of attempted attacks,” says Patrick Hayati, regional director, McAfee Middle East.

Online services such as banking are also at risk. Doing transactions over the net may be great news for banks enabling them to dramatically cut the costs of managing customer accounts, but they carry a greater security risk for the end user.

“The bank’s focus will be on ensuring that its customers’ details are secure when online and that it ensures it adopts policies to mitigate against phishing attacks,” Symantec regional director Middle East and North Africa (MENA) Kevin Isaac says.

Messaging


Instant messaging, one of the most widely deployed applications on the internet, is another security threat.

The instant form of communication is extremely vulnerable to attacks and is being increasingly targeted by attackers, says Symantec.

Risks associated with instant messaging include confidential data leaks from instant messaging use, instant messages used as evidence in corporate litigation and increased theft of proprietary data, notes Symantec.

“Though widely adopted, instant messaging is generally unprotected and unmonitored leaving it vulnerable to attacks and exploits,” Symantec notes in a press briefing.

Other web-related threats include an increase in the number of password-stealing web sites through fake sign-in pages, and a growing number of video-sharing networks, which can be attacked by malware writers, on the web.

Aside from internet threats, other security threats expected to be a problem in 2007 include spam, particularly image spam, which is happening more and more, according to McAfee.

Image spam now accounts for up to 40% of the total spam received, the vendor said, compared to less than 10% a year ago.

Security experts also expect to discover vulnerabilities related to voice over internet protocol (VoIP) deployments over the year.

And Microsoft’s highly anticipated Vista launch may bring with it its own set of security risks, according to Symantec. Microsoft has been playing up the enhanced security offer of its new operating system, but the system may still prove open to vulnerabilities, according to Isaac.

“As with most releases there may be unforeseen vulnerabilities that could be discovered and exploited by hackers. While improvements have been made no operating system is completely secure. Any time you introduce new software into your IT environment, there is potential that unforeseen security vulnerabilities may emerge,” Isaac says.

“Vista’s primary function is as an operating system and it cannot address all security issues including viruses and Trojan horses,” he adds.

The new year will also see an increase in bots, computer programs that perform automated tasks, according to McAfee, although it notes that there will be a move away from internet relay chat (IRC) based communication mechanisms towards less obtrusive ones.

But it’s not just computers that are at risk in 2007 — mobile phones will also be targeted more by attackers, vendors predict. Threats such as smishing, which involves attacks via text messaging, in particular, are expected to become more prevalent during the year.

In terms of targets, individuals look set to be the main focus for hackers, according to the experts. Less aware of security threats, they are easy prey for cyber criminals, Symantec claims.

“The trend we’re seeing is that individuals are being targeted more and more because they tend to be easier targets. Phishing attacks increased globally by over 80% in the first six months of 2006 and this trend is likely to continue,” Isaac says.

Enterprises


For enterprise customers, an important part in enabling better protection in 2007 will be better understanding the data transactions, says Symantec.

“Enterprises are looking at policies and procedures to ensure data on the network is protected and to do this, have to understand the new ways in which employees can interact with the network,” explains Isaac.
The number of accessories professionals now use only adds to the security risks, he says.

“Endpoint security is becoming more of an issue here as the number of devices that connect to networks increase. Notebooks, flash-drives, PDAs, smart-phones and personal MP3 players are amongst the main threats to enterprise networks in the future. If employees are able to connect these devices to their work PC — or direct into the network in the case of a notebook — then the network is at risk from any malicious code or other threat that the owner may have inadvertently allowed onto that device,” he says.

Enterprises are particularly vulnerable to denial-of-service attacks — which are attempts to make a computer resource unavailable to its intended users — or other such financially-motivated attacks, says Isaac.

Trend Micro agrees that financial incentives are increasingly behind the growing sophistication of attacks.

“Computer crime has evolved into organised crime, it is no longer the game of individual attackers,” says Jamz Yaneza, senior threat research analyst at Trend Micro. “With money as their main driver, our research has tracked how attacks have moved from being fast and large scale to being cleverly crafted to attack very specific groups under the radar. The unseen web threat is maturing, and users should be ever more-careful about what they download and install, as blended threats are ever-more cunning in their attempt to steal corporate and personal data or money.”

The key to protecting systems against attacks in 2007 will be good understanding of data interactions, believes Symantec.

“Awareness of the dangers that exist and how they manifest themselves is the biggest threat we face today. The days of a hacker causing chaos just for the sake of notoriety have gone and we are looking at a much more sinister landscape of hacking, denial of service and phishing attacks for purely financial gain. Understanding the ways we can protect ourselves is ultimately the best prevention,” comments Isaac.

“Malicious attackers are increasingly using public networking sites to hide their malware, with users downloading malicious files without realising it, often triggering multiple infections.”

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code