Researchers Outline Emerging Threats

By Allen Bernard

(Back to article)

Among the forecasts in its latest edition of the semi-annual Sage Report, McAfee Avert Labs predict cyber criminals will begin attacking U.S. mobile devices with an eye towards making lots of money.

Expect more of the same with regards to spam as well—with "more" being the operable word.

More Reseach on CIO Update

U.S. IT Budget Outlook Looks Good

Outsourcing Works

Is Vista The Last of Windows?

Virtualization Means Fewer Blinking Black Boxes

If you want to comment on these or any other articles you see on CIO Update, we'd like to hear from you in our IT Management Forum. Thanks for reading.

- Allen Bernard, Managing Editor.

FREE IT Management Newsletters

The new issue of Sage, also referred to as Sage II, includes articles from cast of McAfee researchers, managers and evangelists, on topics including cybercrime, Microsoft Windows Vista security, spyware, spam, cell phone security, data leakage and security risk management.

Sage is available for download through the McAfee Threat Center.

"The future of cybercrime is, in a lot of ways, going to be a lot of the same stuff just devoted and directed towards a lot of the upcoming technologies," said Dave Marcus, Security Research and Communications manager for McAfee Avert. "You're going to see successful, PC-style attacks on those new platforms but the difference really is they're going to be geared towards money."

The new platforms include mobile phones, PDAs, Blue Tooth and other wireless technologies, and VoIP.

Sage examines the near-term future of the security business, the threats, defenses and issues security professionals will face over the next five years.

Some of the report's conclusions include:

The Future of Cybercrime: As mentioned, cybercrime follows money. Today, the majority of cyber criminals target PC users, but experts expect more attackers to branch out to other areas of technology, like voice over internet protocol (VoIP) and radio frequency identifications (RFID), as those technologies become more widely adopted.

Securing Applications: Securing applications is a continual race between malware writers and developers—and the developers are struggling to keep up. As more information surfaces about the nature of software bugs and how they might be exploited, hackers are finding vulnerabilities that were previously considered to be secure.

The Future of Security, Vista Edition: While Microsoft has taken steps to make the base of Microsoft Windows Vista more secure, the improvements weaken third-party efforts to secure systems and don't go far enough to do the job alone.

This one makes Marcus' "Top 3" list of threats IT managers should be aware of.

"If you looked at a lot of the original marketing and positioning of Vista it was positioned very much as a security technology and that's definitely not what it is," said Marcus. "A lot of perceptions out there are of it's a secure OS; it's all about security and nothing can happen on it and that's definitely not the case."

Spyware Grows Up: Although programmers add security measures during development, new spyware technology often surpasses even the best planning of the most diligent engineers. Spyware will follow us into new technologies, like Bluetooth and RFID.

This one also makes Marcus' "Top 3."

Emails Spam Plague Persists: While McAfee expects to see little increase in the percentage of spam volume over the next two years, the total volume of spam is expected to increase as worldwide bandwidth grows.

Image spam is the latest way for spam writers to dodge defenses.

Online Crime Migrates to Mobile Phones: While current mobile phone service is generally considered safe, McAfee is seeing a rapid growth in mobile attacks with increasingly technical diversification.

This problem is more prevalent in Japan and other countries which have more mature mobile networks that allow users to conduct ecommerce and banking via their handsets, said Marcus. But it is coming here.

Closing the Data Leakage Tap: Data Leakage is an emerging security concern which can bear an enormous impact on the reputation of a business.

"When you just look at all the ways data can leave the network, the USB drive and portable storage is certainly a large aspect of it, but the user being allowed to manipulate the data in different ways is also a significant part of data leakage," said Marcus.

While drive encryption is the only reasonably mature preventative technology, McAfee expects that basic data leakage prevention and disk encryption will become ubiquitous in regulated enterprises within the next five years.

Managing Risk: Security risk management is an important issue for IT managers and one that is receiving more and more attention these days, said Marcus. Organizations that fail to be proactive in risk management will find that the businesses they are chartered with protecting will sail on without them.

"You've got to know what your business does and then you've got to know how the real assets are valuable to the core of the business and make your decisions based on the core assets that actually run the business," said Marcus. "You don’t spend $100K on a $10,000 asset."

Rounding out Marcus' "Top 3" is malware being embedded in video and audio streams. As more and more people access IP-based video and audio so too will malware writers exploit that vector of attack.