Exploring the Boundaries of IT Security - Page 2
Whenever we enter a new decade, many of us like to take stock and think about the things that have changed over the last ten years and what may happen during the next twelve months. But as Niels Bohr once said, prediction is difficult, especially about the future.
Targeting smart phones is the next logical step, since most users have their phones synchronised with their computers to allow better access to email, contacts and work documents. This opens up the possibility for an attacker to infect both the smart phone and the computer at the same time.
Fake/rogue antivirus products are likely to be a continuing nuisance during 2010. Whilst all Internet security vendors advocate having a security solution installed, this advice is also being copied by the fraudsters. Their tactics include ‘warnings' to their potential victims that they are already infected.
This bogus warning is usually accompanied by an offer to provide disinfection for a small fee. They promote their product by claiming to offer the fastest and best solution on the market. Unfortunately this deception often works, as users are becoming increasingly aware of the need for protection, and have not yet taken any action. As a result they may be inclined to accept this ‘helpful' prompt?
Some observers are predicting that there will be a decrease of e-mail spam, now that more people are using social networking for casual communications.
I am not convinced that this will happen. There is no motive for fraudsters to change their tactics now when they are really good at sending email spam. As long as there is email, there is going to be spam. It is true, that some types of spam will move to social media, like porn spam, while others will expand on various platforms, but regretfully spam is here to stay.
Finally, the new wave of social media poses a series of questions. What are the drivers for this behaviour? Is it our desire to own a piece of virtual world, where we can describe who we are, how do we live our lives, who are our friends and family and post our thoughts? Is this intended to be a depository for experiences that will remain for a long time; even after the authors have passed away?
So, besides the advantage of having a bit of immortality, what possible benefits do these social websites have to offer?
Well, from the point of view of a BotNet owner and his IT collaborators, there is the opportunity to add a personal touch to their phishing emails by reading every social network page concerning the individual being targeted and using this ‘intelligence' to craft some form of personalised message.
But this will take a lot of time, and….there is also the possibility of targeting an empty account. Then again, what if infected computers around the world would do the exact same thing automatically? Wouldn't this increase significantly the chances of making the fraudulent e-mails look more credible?
Drawing on the military adage; "hope for the best but plan for the worst”, there are clear lessons for the network and computer security companies. Whilst nobody relishes the prospect of such menaces, described above, we must continue our work to deal with these risks and make the Internet as safe as possible for all honourable users.
Bit-defenderare exhibiting at Infosecurity Europe is the No. 1 industry event in Europe held on 27th – 29th April at Earl's Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk