Top 10 Internet Security Trends for 2007
- By Jabulani Leffall
Data breaches, ongoing integrity concerns about the Windows Vista
operating system and spam, which reached record levels this year, topped
Symantec's Top 10 Internet security trends of 2007 list.
In light of this list from the Cupertino, Calif-based IT security giant and maker of the near-ubiquitous Norton Anti-Virus program, a particular concern for IT pros in the Windows enterprise space is whether Vista, which has been patched 16 times as of Nov. 13, 2007, is worth the effort of implementing right now.
'I don't think the widespread adaptation of Vista has happened as fast as other operating systems in the past,' said Dean Turner, director of Symantec's Global Intelligence Network, which publishes the firm's Internet Security Threat reports. 'Enterprises are really cautious about moving on from legacy systems or other infrastructure because of the strenuous testing and deployment that is needed.'
Meanwhile, as systems and security administrators continue to evaluate Vista's place on their respective companies' migration maps amid mixed
reviews, Turner described the Web as 'patient zero.' This means hackers will continue to launch both client- and server-side attacks via the Internet through more creative channels.
Here were the ten major security trends of the year as Symantec and others have seen them:
- Data Breaches. Late last month, documents from an information-breach lawsuit against the TJX Corporation -- owners of TJ Maxx
-- revealed that as many as 94 million customers using Visa and MasterCard were exposed to hackers. Furthermore, in addition to Monster.com and Salesforce.com being hacked, there is also a report coming out next week that suggests half a million database servers are vulnerable. Turner says these events are what made data breaches the top concern among security experts this year.
- Vista Introduction. More
than a dozen security patches, perceived complexity and an ambivalent
reception among tech media and some technologists have kept the
much-talked-about OS in the news, making it a top issue of 2007.
- Spam. The hair-growth pill
promotions, penny stock tips and promises of money from deposed African
dictators won't stop hitting your e-mail inbox anytime soon. Moreover,
spammers are increasingly taking more sophisticated approaches such as sending
disguised PDF files, pretending to know you in e-mail subject lines and
delivering Storm Worm malware through e-greeting cards.
- Professional Attack Kits.
Symantec believes that not only are hackers becoming more savvy but are also
setting up a new revenue stream by selling hacker kits to peers. Such kits
include MPack, which was popular this year and 'phishing' toolkits pervade
cyberspace as well.
- Phishing. Phishing, a
cousin of spoofing and masquerade hacking, gets is name from the way hackers
use friendly or seemingly benign programs as bait. Symantec's Turner says
criminals no longer have to hack in, as some users are coming to them.
- Exploitation of Trusted Brands. By exploiting a trusted Web site, hackers can trick someone into
thinking they're getting on Bank of America's homepage by, for instance,
sending them a link such as firstname.lastname@example.org. Someone may then key
in information on a false interface. While most browsers nowadays are equipped
with warning messages, 'Phishermen' also take advantage of misspellings of
popular Internet addresses.
- Bots. Hacking by proxy is
an increasingly common way for cyber criminals to maintain anonymity, and the
use of 'Bots,' or Electronic Data Interchange translators, is one of the many
malicious emissaries used to siphon protected information.
- Web Plug-ins. ActiveX
control modules, derived from Microsoft's Component Object Model and used to
manage multimedia applications, comprised the majority of plug-in
vulnerabilities in 2007, according to Symantec. These modules are usually
downloaded from Web pages and used to make programs more compatible with
others -- but they can also be used as attack vectors.
- Vulnerabilities for Sale.
This year, the debate over the link between proof-of-concept exploits and
'wild' exploits heated up after a decision in late September by Swiss tech
upstart Wabi Sabi Labi Ltd. to create an eBay Inc.-style auction for
unpatched, zero-day software vulnerabilities.
- Virtualization Machine Security. Software and server virtualization, as evidenced by VMware's multi-billion-dollar IPO and new entries by Oracle, Sun, Microsoft and others, is definitely here to stay. If two file servers can do the work of ten, as some proponents attest, then a hacker can have a field day exploiting such technology.
Monday, we'll present a look forward, listing some of the
top predicted security trends for 2008.
Jabulani Leffall is a business consultant and an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others. He consulted for Deloitte & Touche LLP and was a business and world affairs commentator on ABC and CNN.