The evolution of sophisticated bot networks, advanced online threats and attacks on mobile phones are the key security vulnerability trends to look out for in 2008, writes Ivor Rankin, senior security consultant at Symantec.
The latest Symantec Internet Security Threat Report states that there has been an increase in the professional development and commercialisation of malicious software technologies. High-profile data breaches, the emergence of professional attack kits, and Web plug-in vulnerabilities emphasizes the importance of the development of data loss prevention technologies to fend off the increasing number of cyber crime attacks.
One of the major developments in the cyber crime arena has been the technologies used in bots, which are infected computers used to carry out attacks, garnish financial information or host illegal content.
Advanced bots: Bot technologies have evolved from command-and-control centre type operations hosted on a single server, to peer-to-peer control strategies using a variety of computers and networks. The bots also use various methods of communication to issue instructions, avoid detection and prevent a takedown. New functionality such as encryption and data packet differences makes the detection of the traffic and analysis between infected computers much more difficult. These bots have also become offensive, and researchers probing certain networks have recently come under orchestrated Denial-of-Service (DoS) attacks. Individuals that manage these networks now also segment bots into different sections of the network, where each section only communicates with its own peers. If one bot cell is discovered, the rest of the bot networks that are linked or related to it are not compromised.
Advanced Web threats: Another trend that is emerging is advanced Web threats. MPack, a commercial PHP-based malware kit developed in Russia in 2006, was the first real example of highly sophisticated Web threats. When a website is compromised, MPack is loaded into the Web site script which then determines what vulnerabilities a computer or browser may have, and can download more malicious software from bot network servers. According to Wikipedia it was used to infect 160,000 PCs with keystroke-logging software and in August this year, used in a co-ordinated attack on one of Bank of India’s Web sites.
There has also been a lot of Web development and Web 2.0-type applications that are increasingly coming under scrutiny from hackers. Advanced techniques can be developed that are able to propagate via infected Web sites regardless of which Web browser is used. In the last six months we have seen a lot of attention being paid to exposing vulnerabilities in the whole spectrum of platforms and users can no longer fall into a false sense of security because they are not using popular browsing platforms.
Mobile threats: Interest in mobile security has never been higher and is considered by security experts to be the least protected area in the whole computing arena. Most mobile phones have fully-fledged operating systems built in and have browsing capabilities. Theoretically the threats that we currently have on personal computers can potentially be exposed on the mobile phone. With the release of Apple’s iPhone there were fears of its security capabilities and what potential threats could occur if the mobile phone is compromised. While some threats were exaggerated and could not be substantiated, the possibilities certainly are there. According to a poll at this year’s Black Hat Convention in Vegas, the majority of hackers were more interested in mobile and hacking mobile code than in any other areas. Increasingly, organisations are using any mobile phones for email, banking and business correspondence and the potential for data compromises are immense.
Spam evolution: Symantec expects to see spam continuously evolve in order to evade traditional blocking systems and trick users into reading messages. New attachment types, such as mp3 and flash, and pop culture scams are increasingly used to focus on making content more appealing to readers. Spammers are also capitalising on highly visible events such as presidential campaigns, natural disaster relief appeals and popular fads with the intent of stealing personal information.
Online gaming: As the use of virtual worlds and multiplayer online gaming increases, Symantec expects to see new threats emerge as criminals turn their attention to new communities. Many of today’s physical businesses are already doing business in the Second Life financial world, creating possibilities for money laundering and illegal activities that are not easily traceable. Gaming consoles that have broadband hi-speed internet access capabilities pose another threat in the security arena. These devices have little or no security built into them. If hackers can find a way to infiltrate a brand of gaming consoles there are potentially millions of consoles around the world that can be used as bots, or alternatively used to host illegal content.
Election campaigns: As political candidates increasingly turn to the Internet, it is important to understand the security risks. From an African perspective, in the last two months we have seen a number of spam websites pertaining to electioneering in Kenya. Symantec sees this as a new area of social and technology interaction, where hackers are starting to develop malware to promote a particular agenda and at the same time have criminal intent.
Going forward: We are increasingly dependent on technology while the threats against these technologies continue to increase in volume and severity. While attackers are increasingly organised and have begun to adopt traditional business practices, there are many developments taking place amongst security researchers to enhance their tools and techniques. Symantec is continuously collaborating with other vendors globally to tackle cybercrime and criminal syndicates. It is important however that users and businesses find ways to make them less vulnerable to these types of risks and attacks.