Advertisment

Newer forms of attacks rising security blues

author-image
CIOL Bureau
Updated On
New Update

BANGALORE, INDIA: Enterprises across all verticals and security vendors are looking forward for a bright and secure 2010 (vendors not so bright though). But 2010 will be challenging for security providers who would leave no stone unturned to convert these challenges into opportunities.

Advertisment

While on one hand there will be much adoption of cloud based services, social media, and virtualization in the network, concerns would grow in terms of security threats for such technologies and services as they are much more vulnerable. New cyber crime techniques like ransomware and crime as a service will lure in unsuspecting users and threaten the enterprise at large. So are security providers ready to secure 2010?

Social Networking Vulnerabilities

According to Google Insights for Search Report 2009, India saw an increase in the usage of social networking sites. Leading from the front were Orkut,Facebook, LinkedIn, Twitter, and matrimonial sites apart from increasing number of blogs. While social networking has opened up a new paradigm, on the flip side these sites not only consume a lot of bandwidth, but there are also some security issues related to them which could affect the server space of organizations.

Advertisment

Vishal Dhupar, managing director, Symantec India said, "2009 was the year where attacks against both social networking sites and users of those sites became the standard practice for criminals."

The latter half of 2009 saw attacks utilizing social networking sites increase in both frequency and sophistication. Such sites combine two factors that make for an ideal target for online criminal activity: a massive number of users and a high-level of trust among those users. According to a recent Symantec report, social networking sites topped the list when it came to phishing attacks in most countries across the globe.

Social networking sites have grown to become the most obvious choice for attackers due to numerous reasons. For starters, they are easy for criminals to spoof; and since social networking pages are generally trusted by users, phishing attacks mimicking them may be more successful. Profiles on social networking sites often contain a significant amount of personal information about the user. Also, spoofed social networking pages can include links to false download that require users to enter confidential data such as authentication information or credit card information that can subsequently be used for fraudulent purposes.

Advertisment

The biggest advantage of social networking sites to spammers is the fact that they provide users with a wide variety of customization options and third party applications. Users can customize details in their profile; include links to other sites; upload images, videos; and in some cases users are even allowed to embed code into their profile page. The problem is that hackers can do all of these things as well turning all these features into potential attack vectors.

According to Kaspersky experts, there will be a shift in the types of attacks on users from attacks via websites and applications towards attacks originating from file sharing networks.

Already in 2009, a series of mass malware epidemics have been supported by malicious files that are spread via torrent portals. This method has been used to spread notorious threats such as TDSS and Virut as well as the first back door for Mac OS X. In 2010, there could be a significant increase in these types of incidents on P2P networks. When it comes to attacks on web services, Google Wave looks like it will be making all the headlines in 2010. Attacks on this new Google service will no doubt follow the usual pattern first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware.

The cloud environment needs a generic and at the same time very dynamic security solution due to its nature

To read more on this story visit: http://dqindia.www.ciol.com/content/industrymarket/focus/2010/110012205.asp