|
|
1/1/07
Posted by Dave
5 Star Support Security Specialist
I thought it might be best to start off 2007 with some predictions and
things to watch out for this year. These are not exclusively my thoughts by
any means. They are shared by many in the computer security field, and are
based on observing trends over a period of time. This has proven to be a
sure way of determining which direction the crackers and malware writers are
going toward next. Try to keep in mind that the driving force behind almost
all Internet and computer abuse is no longer a game of bragging rights among
small groups of crackers or script kiddies working from bedrooms or dorm
rooms. The current driving force is money – big money. It involves cyber
criminals and in many cases, organized and/or syndicated crime. Most of it
is well structured, and much more complex than you can imagine. Here are the
trends I see and what to be careful of for 2007.
A very big target that will continue to increase is IM or Instant Messaging.
Considering the increasing number of IM users, this could prove to be one of
the biggest security threats of the next 12 months. Enterprise IM will grow
from 40 million users today to more than 140 million users by 2009, which
could make IM the fastest growing communications medium of all time. Voice
over Internet Protocol (VoIP) will also become a prime target in 2007.
Phishers make spoof phone calls to victims in the hope of extracting their
credit card details or stealing their identities using third-party software.
Spreading threats and targeted attacks will continue to be dominated by
e-mail worms. The proliferation of bots and bot-networks will continue to
grow, and evolve with countermeasures that will help them to both remain
undetected for longer periods of time, and be harder to remove. Bots are
computer programs that perform automated tasks; networks of bots are largely
responsible for sending increasing volumes of spam. Distributed command and
control, and protocols other than Internet relay chat (IRC) or HTTP will be
used to control bot networks.
McAfee confirms
the bot prediction, adding that "mules" will also continue to be an
important aspect in bot-related moneymaking schemes. Mules, also known as
"money mules", are people employed by cybercriminals in work-at-home jobs
offered via Web sites and classified ads. When purchasing merchandise using
stolen cash or credit cards, thieves must stay clear of increasingly strict
shipping regulations, depending on the countries involved. To avoid this
problem, they employ mules who live in the target countries, driving a
lucrative underground industry in which mules are used to physically ship
stolen merchandise items around the world. Spam increased by about 300% in
2006.
Home users are
the most attacked sector, accounting for 86% of all targeted attacks.
Attackers are using evasive tactics to avoid detection, and large,
widespread Internet worms have given way to smaller, more targeted attacks
focusing on fraud, data theft, and criminal activity
In 2006, attacks moved beyond online banking, with significantly increased
attacks on customers of e-commerce sites such as eBay and PayPal, as well as
social networking sites like MySpace. Criminals have gone from trying to hit
as many machines as possible to focusing on techniques that allow them to
remain undetected on infected machines longer.
One of the best measures of the rise in cybercrime is junk e-mail, or spam,
because much of it is relayed by computers controlled by Internet criminals.
More than 90 percent of all e-mail sent online in October was unsolicited
junk mail, according to Postini, an e-mail security firm in San Carlos,
Calif. Spam volumes monitored by Postini rose 73 percent in the past two
months as spammers began embedding their messages in images to evade junk
e-mail filters that search for particular words and phrases. In November,
Postini's spam filters, used by many large companies, blocked 22 billion
junk-mail messages, up from about 12 billion in September.
To keep devices attack proof users should always ensure that security
patches form the software vendors are up-to-date. Users should ensure that
passwords are a mix of letters and numbers and avoid using dictionary words.
Changing passwords frequently helps keep threats at bay. And different
password for different web mail accounts or banking, stock broking, or any
transaction sites would also help.
Special Trojans and worms are also created for seasonal use, especially
around the holidays. High volumes of mass e-mails are usually sent around
the holidays. This year has been no different, experts say. The spike in
holiday spam is largely attributed to the fact that people have been more
likely to open the messages. Consumers have been shopping online more,
desperate for gift ideas. They also have been expecting electronic greeting
cards from friends and family. Malicious spammers have been able to exploit
this expectation by designing Trojan horses that can fool unsuspecting
users.
Antivirus
software maker McAfee issued several advisories over the holidays, warning
customers to be wary of such Trojans. On Wednesday, it cautioned users about
a malicious e-mail attachment named Christmas+Blessing-4.ppt that installs
software that allows attackers to remotely access a compromised computer.
Like many Trojans, the "Happy New Year" worm is not recognized by all virus
scanners, so users should be extremely cautious when opening e-mail
attachments.
"Within a short
period of time, computers have become an intrinsic and essential part of
everyday life, and as a result, there is a huge potential for monetary gains
by malware writers," said Jeff Green, senior vice president of McAfee Avert
Labs. "As we see sophisticated techniques on the rise, it's becoming
increasingly hard for the general user base to identify or avoid malware
infections," he added. The wide range of predictions is itself cause for
concern. There is only one sure conclusion: Your online safety is at risk.
Here is what I
recommend you do about all this. Take computer and Internet security
seriously for 2007, if you haven’t already done so. If you need help, that’s
what we are here for. There are a lot of good computer tutorials here on 5
Star Support. A paper titled ‘Security Review’ is a good place to start. You
might want to follow that with a paper titled ‘Hardening Windows’. Be sure
to keep ALL your software, not just your operating system, updated on a
regular basis. Most security software updates are released weekly, and many
antivirus and antispyware software updates are released daily. Microsoft
releases operating system updates the second Tuesday of every month. Keep
everything updated and patched at all times. The bad guys are relying on you
not paying attention to these things, and it leads to their success, as well
as your problems.
Remember to be
very careful when opening e-mail. If you don’t recognize the sender, or it
is a surprise, delete it. Be very careful of any e-mail attachments. My best
recommendation here is for both you and your friends to get in the habit of
first sending an e-mail indicating you will be sending them e-mail with a
specific attachment that they should expect. Then both of you know what to
expect. If you get something unexpected, simply delete it.
This will be a
year in which all of us need to get into good habits when using our
computers on the Internet, and stay alert. Don’t get lazy about it or you
could be sorry. Remember that when you get an offer that seems too good to
be true, it probably is. Don’t trust it. Also, before you choose an
antispyware program, check it out before you install it. There are a lot of
fakes available out there. We have recommendations here on 5 Star Support,
and you can also go to www.spywarewarrior.com to see if it is listed as a
rogue program.
Finally, follow our recommendations and suggestions here on 5 Star Support.
Read the tutorials that are available, and keep your computer updated. If
you do this, you will have a lot less to be concerned with, and your time
spent using your computer will be a lot more enjoyable.
Until next time here on 5 Star Support Security Center, Happy Computing!
[Top]
|
|
