Security Highlights

Security has become synonymous with life. It has become extremely apparent in the computer world. Whether you are using a mere file or surfing the internet, the potential for virus, malware, spyware, identity theft or just plain destruction of information has become a real threat to our computing experience.

Computer Security is an inherent philosophy that must be integrated into every computing environment, whether it be your home or your business. Hackers, crackers, script kiddies, espionage are a daily threat to all industry’s and one that is continually evolving and expanding at an alarming and exponential rate.

In our daily digital routine, we now must look at the following to keep us safe from those online and seemingly “invisible bad guys” that want access to our individual systems and collective corporate networks. The following trends must now be mandated in a diligent effort to secure our very data whether that be our online banking information, or the family pictures that we took at Christmas and now have posted on Facebook.

We need the following trend analysis: Security Policies, Organizational Security, Asset Clarification and Control, Personnel Security (policies and procedures), physical and environmental security, computer and network management, system access control, system development and maintenance, business continuity management and finally legal and regulatory compliance.

As the recession continues and unemployment rises, we foresee the top cyber crime trend for 2009 as the continued exploitation of the financial crisis to scam people with fake financial transactions services, bogus investment firms, and fraudulent legal services.

A related trend will be cyber criminals targeting people looking to advance or change their careers through further education. We continue to see major spikes in diploma and advanced schooling scams that have coincided with major corporate workforce reductions in the car manufacturing, chemical, and technology industries.

The Main Threat Predictions/Trends for 2009/2010:

  • Threats on Social Networking Sites. Cyber criminals no longer deliver threats only via spam. They are taking advantage of Facebook, MySpace, and other popular social networking sites. We expects this trend to continue throughout 2009 and 2010, eventually displacing more traditional ways of malware distribution such as email.
  • Personalized Threats Speak Your Language. We expect to see the continued expansion of malware in languages other than English. Cyber criminals have come to realize that by diversifying into a global market they can access even larger pools of valuable identity and confidential information.
  • Malware Targets Consumer Devices. We expect increased attacks involving USB sticks and flash memory devices used in cameras, picture frames, and other consumer electronics. This trend will continue due to the almost unregulated use of flash storage across enterprise environments as well as their popularity among consumers.
  • Security Software Scams. The malware underworld is using mainstream practices in an effort to “sell” security software that is either misleading or outright fraudulent. We expect this trend to continue.
  • Abusing Free Web-Hosting/Blogging Services. Web sites such as Geocities, Blogspot, and allow anyone to create a public web site for free, without the authentication necessary when purchasing a domain name web site. This gives spammers the opportunity to run their underground business with minimal expense. Spam from do-it-yourself social-website-hosting providers arrives at its destination with far greater frequency than links pointing to domain names assigned by legitimate registrars. With little to no threat of punishment for their hosted content, and the new restrictions on short-term domain tasting, the attractiveness of free bandwidth offered by these sites will undoubtedly draw greater focus from malicious parties.
  • More Targeted Phishing and Corporate Blackmailing. Botnets, a.k.a. zombie computers, that spread into corporate networks and financial data centers will increasingly be used to gather sensitive information that can be used for blackmail or sold on the underground market.
  • Browser-Based Attacks. Cyber criminals will increasingly attack via web browsers as they are the least protected and, therefore, easiest way to transfer malware.
  • Security Breaches of Confidential Data. Information that is managed by partner and subsidiary companies of bigger companies will be exposed more frequently, forcing an overhaul of data security practices.
  • An Increase in Localized Phishing Campaigns. Online scammers will increasingly target specific communities, especially on college campuses, where professional looking emails claiming to be associated with the school’s financial or scholarship department will be blasted to all the students at the school. This is a significant danger to people who are just becoming responsible for their own finances.
  • More Scams Involving Home Businesses. “Legitimate” home business scams generally involve either a pay-up-front and do-it-yourself kit, or a pay-to-play shell game of training and certification. We’ll see more of it on television, and the same infrastructure that supports diploma spam and confidence fraud will adjust to the new unemployment reality and will offer people some new bait on the old cheque cashing scam.
  • Increase in Forging and Abuse of Free Email Services. The free email services have started to allow accounts to send mails with arbitrary “from” addresses. This has increased the usability of these services significantly to businesses, but has also increased the “abusability” by spammers.
  • McColo: The Effects of a Takedown. Spam traffic took a tremendous dive in volume when ISPs pulled the plug on spam host McColo Corp., the source of up to 60 percent of worldwide spam. In 2009/2010, we expect to see a continued shift in organizations, from passive support of law enforcement to an active role of working collaboratively with ISPs and global Internet entities such as ICANN.
  • New Businesses to Replace Lost McColo Hosting. Hosting companies will be set up in countries that are eager to embrace a burgeoning Internet market and will offer services to replace the disrupted command and control centers formerly hosted by McColo. These may be used as pawns by entities that perceive strategic value in sculpting the battlefield of the future.

The world of security just got a lot more complicated and we all need to execute our due diligence in an effort to secure our privacy from any online threat. Cyber crime and internet fraud has become extremely high profile as internet usage has increased and thieves are evolving and developing more dynamic and manipulative techniques for acquiring digital information. Detecting and enforcing this novel and destructive criminal activity continues to pose enormous challenges for traditional and conservative forensic techniques and business intelligence technology. Computer and forensic analysts are continually being asked to assimilate and integrate more and more data of all natures into meaningful intelligence that can be acted upon in an expedient manner; a process that almost seems insurmountable. This has now become a daunting task, as the volume of data that has now come into play is of such magnitude that it is crippling to most contemporary analytical tools. The solution: educating and enforcing the human component to help minimize the destruction until technology comes up with faster, more reliable avenues to catch up to this cancer that is fast affecting our nation at a remarkable rate.