Cyber threat at Christmas
During the commercial hiatus, internal lapses of security will lead to Christmas bonuses for cybercriminals out to feed off the festive spirit. In line with theft trends of the past five years, the criminals have already laid the traps so businesses must be extra vigilant between now and the New Year as any rise in online crime places business networks at increased risk.
It’s always advisable to watch for rogue shopping sites advertised by spam campaigns and strong search engine optimisation when looking for ‘Christmas presents’ and the like, and to beware of legitimate sites that may be compromised and booby-trapped with malicious code.
Christmas-related malware is extremely common as authors attempt to trick users into clicking malicious links to attachments related to the season. e-cards, holiday sales, festive fun. If you’re not sure what you’re opening then don’t open it.
Security managers and IT specialists should also beware users who’ve taken their laptops home for extended periods over the Christmas break and are regularly logging back onto the network. What ‘nasties’ might be on there? The desktop protection might also not be up to date, so additional pressure will be on your network security devices.
With just a few days out of the office, employees can become ‘download happy’ on personal computers and, more often than not, bring this relaxed attitude to security back to the workplace. Beware – this kind of complacency can provide increased avenues of attack.
Temporary staff are not just for Christmas. Well they are, but with access to passwords and confidential information, if they’re not managed properly this situation can lead to a serious security breech. IT Departments must ensure that temporary staff only have access to documents that are necessary and, if passwords are granted, they’re changed after the holiday period.
IT security predictions for 2009
The economy will be driving many trends and changes in 2009, and IT security will be no exception. Securing corporate networks will continue as a high priority, but companies will be looking for ways to economise and will base technology purchasing decisions on a ‘need to have’ versus a ‘nice to have’ basis. This doesn’t mean they will want to sacrifice performance or feature richness, especially in security.
In addition, the digital ne’er-do-wells will be undeterred by the failing economy and may prove to be more active and organised than ever – which means that perimeter security will no longer be enough. With growing numbers of applications to exploit, a plethora of online avenues and revenues to pilfer, and many more corporate networks to hack, cybercriminals will have no shortage of targets to pursue. Indeed, the heightened interest and response from law enforcement worldwide in bringing cybercriminals to justice will force them to be even more aggressive and creative in their efforts to bypass the law.
An active criminal element means companies cannot afford to let their guard down, so IT Departments will have to be even more proactive and expeditious in their defence. The ‘Top 9 in 09’ security trend predictions from Fortinet are designed to help companies safeguard their networks by mounting a multi-layered, multi-vectored and comprehensive defence strategy.
More bang for the buck… security consolidation and more
Integrated security appliances will happen in greater numbers than ever before as IT Departments are pressured in a ‘down’ economy to trim cost yet maintain network integrity – essentially, doing more with less.
In addition to integrating two or more security functionalities into a single device for capital and operational savings, companies can look for ‘superset’ security solutions that may encompass other network functionalities such as WAN optimisation and Secure Socket Layer (SSL) inspection. In a nutshell, efficiency will be the new technology ‘must have’ for 2009.
Information security lockdown
With recent high-profile information theft (AKA database attacks) on TJMax and others, more companies are realising that it’s not enough to padlock the front door to their networks – they also have to put a watchdog on their databases to detect and prevent both internal and external breaches.
In addition, recent Payment Card Industry Data Security Standard regulations have been updated to require application firewall as a toughened measure for protecting consumers’ credit information. As a result, greater emphasis will be placed on database security and regulation compliance, forcing companies to incorporate information security measures as part of their overall network security strategy.
Web 2.0 vulnerabilities multiply
The popularity of social networking sites and ‘in the cloud’ computing (such as SaaS) means the definition of the ‘network’ is now greatly expanded and cyber criminals have many more chinks in the network armour to target as employees traverse in and out of the network proper.
As a result, companies will find a greater need to employ web application firewalls and data leakage prevention mechanisms to avoid having employees bring back tainted data into the corporate network and from the inadvertent release of proprietary information.
Bigger pipes, faster speed
Ten GbE throughput is not a pipe dream but a welcomed reality, with adoption expected to surge in 2009. However, opening up the network spigot means there’s also a lot more bad stuff getting in with the good.
Enabling ten GbE security protocols that work at the speed of the network is crucial, and should be the next area of focus for maintaining the integrity of high-speed networks.
3G: the next biggest threat to mobile security
Malicious activity on smart mobile devices like smart phones has been low to date, but the anticipated consumer adoption of 3G and the new and business models it enables opens up a new and enormous market for cybercriminal activity.
For example, we’re just seeing the tip of the iceberg with Google’s recent Android OS vulnerability. 3G enables network operators to offer a wider range of more advanced mobile services, such as real time access to high-quality audio/video transmission and greater network capacity. This all adds up to greater opportunity for virus infections and attacks, and requires a focused approach to securing the millions of handheld mobile devices in operation today.
More cash to flow in the digital underground
Over the last couple of years, organised cybercriminal operations have been building their base and will now look to extend trade with others. More services will be offered, such as botnets or harvested account networks (for example social networking). Affiliate programs will increase as organisations seek to fuel their existing framework – if it works, they will offer more programs/incentives to ‘script kiddies’.
A new generation of users are plugging into cyber space. This generation will be more exposed to underground channels, not to mention frameworks such as phishing/exploit kits. This will in turn tempt more of this generation into joining the dark side.
Let the games begin
Over the past year, online gaming has gained much momentum, particularly in Asia. This will continue to grow with the next generation of users.
As a result, more interactivity will occur in these virtual worlds. We have seen a sharp increase in Trojans targeting account information, and this will be something to look out for in 2009 as this market grows.
Premeditated, targeted attacks on the rise
Throughout 2008, we saw a steady drop in monthly distributed malware (with the exception of the scareware attack, which drove much of the malware volume in the latter half of the year). As we enter an age of information warfare, targeted attacks using custom malware become much more of a presence.
We will see more on this front in 2009 – premeditated attacks after specific goals, with most of these attacks targeted toward enterprise and Governments.
Law enforcement unite online
Law enforcement mounted an aggressive effort in 2008 in bringing malware authors and criminal organisations to justice. We will no doubt see more of this welcomed activity in 2009.
However, it will take more than just one year in 2009 to fully attain the required pace and infrastructure to adequately deal with cyber crime. This will be a slow process requiring an unprecedented effort between various bodies from law enforcement such that they effectively address issues in cyber security.
Cyber threat at Christmas
During the commercial hiatus, internal lapses of security will lead to Christmas bonuses for cybercriminals out to feed off the […]
IFSEC Insider
IFSEC Insider | Security and Fire News and Resources