Emerging Security Threats

By Mark Yonchak

Emerging technologies can provide many benefits in improving productivity and in creating new ways for organizations to do business with existing and new business partners. However, one should consider the potential security implications of implementing new technology and weigh the level of risk the organization is willing to accept before moving forward with new technologies.

Current Threats to Information Security
Image Spam — The spammer sends his or her message via a picture image in e-mail rather than text. This has proven to be an effective measure for spammers to get their message out because spam filters have a difficult time reading and deciphering an image. Further, once one image is identified and blocked, the spammer generally just has to alter the image slightly to potentially defeat filtering solutions again.

Botnets — A Botnet is a large number of computers that have been compromised, and unknown to their true owner, they are not under the true owner’s control. The attacker that controls these computers then sells the use of them to deliver spam or to be used for other hacking purposes. It is estimated that one-quarter of all personal computers connected to the Internet are part of a Botnet.

Targeted Scams — These are scams where the attacker uses the element of social engineering to trick the end-user into giving up information. For example, these may come in the form of e-mails stating that you have a “greeting card” from an online card provider. Additionally, these types of attacks can be perpetrated via the phone. The key thing to understand about targeted scams is that these scams are meant to appeal to your weaknesses.

Avoidance Techniques
We should all be a little more skeptical and take the following measures to avoid the above scams:

Avoid opening suspicious or unexpected e-mails at work. This includes greeting cards. Provide your home e-mail address to people for these purposes or, better yet, just don’t open any of these kind of e-mails, even at home. I know it is tempting to open something that looks like a greeting card, but I am from the old school—if someone really cares about you, they will break down and send you a real card or go through the trouble of actually picking up the phone and calling you.

Do not provide sensitive information over the phone unless you are fully aware of whom you are talking to and that giving the information is authorized. If you receive an unexpected, unsolicited call for information, refrain from giving any information until you can verify that the request is real or valid. The best thing to do is to get the caller’s information (name and number) and return the call once you have validated the request.

Make sure your PC is patched and is scanned at least once per month with a qualified anti-virus product.

Emerging Threats to Information Security
Mobile Device Attacks — With the explosion of mobile devices, it only makes sense that this will be the next big area for spammers and hackers to attack. Expect spammers to try delivering their message via text messaging. (Again here is a free source of distribution as so many providers give unlimited text messaging.)

Instant Messaging Attacks — This is an area that continues to grow from a standpoint of use and devices that have this technology enabled.

Wireless Threats — The Symbian operating system used on most mobile phones today has already seen several hundred different known viruses. This number will only grow as attackers find new ways to utilize the technology for their purposes.

Virtualization — This is a great technology that allows an organization to leverage hardware by putting many servers on one physical box. The problem is that all of those virtual servers still need to be patched and secured. And don’t forget the potential attacks that may be launched against the virtual machine itself.

RFID — While this technology has been around a few years, it continues to see high growth. Unfortunately, the RFID systems currently in use do not deploy encryption, making the ability to steal information from a distance easy to do.

Social Networks — Facebook, My-Space and YouTube are great places for people to meet others, network and socialize. These characteristics also make it real easy for someone to use them as a launching point to quickly spread a virus or other malware.

VOIP — Voice Over IP has freed organizations from the traditional phone and has enabled them to connect voice to other applications using one device. The problem is that VOIP systems can be easily compromised and have become a common target for today’s hacker.

Virtual Worlds — Much like the social networks, these game-type applications attract large numbers of people. These are also large, complex networked applications that have been, and will continue to be, targets for hackers to spread.

Buyer Beware
While the above may not be an exhaustive list of current and potential threats, it provides a sense of what to consider from a security perspective when considering new technology in your organization.