Research: Content-Based Threats Top List Of Security Concerns In 2008

Websense Inc. has issued its annual security predictions for 2008 with content-based threats topping the list.

"Looking at the current attack trends, cyber criminal techniques are evolving quickly and efficiently to not only evade detection, but to steal data and manipulate trusted content such as websites and applications," said Dan Hubbard, vice president of security research at Websense. "It's critical that organizations and individuals recognize that attackers are changing techniques and launching targeted attacks."

1. Olympics -- new cyber attacks, phishing and fraud. Event-based attacks and scams are popular, and with the whole world watching, the 2008 Olympics may fuel a surge in cyber attacks. As the Olympic torch burns, Websense researchers predict the possibility of large scale denial-of-service (DoS) attacks on Beijing Olympic-related sites as political statements and fraud attempts through e-mail and the Web surrounding the Olympics. Additionally, Websense predicts compromises of popular Olympic news or other sports sites -- attacks designed to install malicious code on end-users' machines and steal personal or confidential business information.

2. Malicious spam invades blogs, search engines, forums and Web sites. Websense predicts that hackers will increasingly use Web spam to post URLs to malicious sites within forums, blogs, in the commentary or ‘talk-back’ sections of news sites and on compromised websites. This activity not only drives traffic to the infected websites but also assists in the purveyor's site sitting higher on search engine rankings, increasing the risk that users will visit the site.

3. Attackers use Web's 'weakest links' to launch attacks. The Web is an entanglement of links and content. The advent of Web 2.0 additions such as Google Adsense, mash-ups, widgets and social networks along with the massive amounts of Web advertisements linked to Web pages have increased the likelihood of 'weak links' -- or Web sites and content that are vulnerable to compromises. Websense predicts that attackers will increasingly exploit the weakest links within the Web infrastructure in order to target the greatest number of Internet users. Most vulnerable to these attacks are search engines and large user networks such as MySpace, Facebook or other social networking sites.

4. Number of compromised Web sites will surpass number of created malicious sites. The Web as an attack vector has been steadily increasing for the last five years and now attackers are using compromised sites as their launching platforms -- even more than their own created sites. Compromising sites, particularly, sites well-visited by end-users, such as the Dolphin Stadium attack that occurred a few days prior to the 2007 Super Bowl XLI in Miami, provides attackers with built-in Web traffic and minimizes the need for lures through e-mail, instant messaging or Web posts.

5. Cross-platform Web attack -- Mac, iPhone popularity spurs increase. With the brand popularity and growing use of iPhones and Macintosh computers, Websense researchers predict attackers will increasingly launch cross-platform Web attacks that detect the operating system in use and serve up code specifically targeting that operating system instead of attacks based on just the Web browser. Operating systems that are targeted now include Mac OSX, iPhone and Windows.

6. Rise in targeted Web 2.0 special interest attacks-hackers targeting specific groups of people based on interests and profile. Web 2.0 has spawned a proliferation of Web users that visit chat rooms, social networking sites, and special interest websites such as travel sites, automotive, and more. These sites provide attackers with potential victims that fall within a certain age group, wealth bracket, or people with particular purchasing habits. In 2008, Websense researchers predict targeted attacks will rise toward specific social networking or special interest sites that have a higher probability of delivering a payoff.

7. Morphing JavaScript to evade anti-virus scanners. Hackers are upping the ante with evasion techniques that use poly-morphic JavaScript (Polyscript) -- which means that a uniquely-coded Web page is served up for each visit by a user to a malicious Web sites. By changing the code every visit, signature-based security scanning technologies have difficulty detecting Web pages as malicious and hackers can extend the length of time their malicious site evades detection.

8. Data concealment methods increase in sophistication. Websense predicts an increased use of crypto-virology and sophistication in data concealment including the use of stenography, embedding data within standard protocols, and potentially within media files. Toolkits widely available on the Web will be used to embed proprietary information and steal data.

9. Global law enforcement will crack down on key hacker groups and individuals. In 2007, large-scale Internet-based attacks garnered the attention of law enforcement officials around the world. Websense anticipates that through the global cooperation of enforcement agencies, in 2008 the biggest crackdown and arrests of key members of a hacker group will occur.

10. Vishing and voice spam will combine and increase. The vast cell phone user population has grown into a lucrative market to exploit with spamming and ‘vishing’ for financial gain. To date, researchers have seen an increased number of vishing attacks but not a lot of spam-or pro-active automated calling. In 2008 Websense predicts that vishing, or the practice of using social engineering and VoIP to gain personal and financial information and voice spam will combine and increase-users will receive automated voice calls on LAN lines with voice spam to lure them to input their credentials through the telephone.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3