Study: Growth In Social Networking, Mobile and Infrastructure Attacks Threaten Corporate Security In 2011

IID (Internet Identity), a provider of technology and services that help organizations secure Internet presence, recently released its list of the top enterprise security trends for 2011. Some specific areas that IID predicts significant spikes in attacks are social networking, mobile, and enterprise infrastructure. Below is the IID list of its top enterprise security risks to watch out for in 2011 (in no particular order):

1) Bank-Oriented Social Networking Attacks. With the growth of social networks, banks are getting on the bandwagon and using these networks to cater to their customers. But beware, there will be fakes that will utilize social networking sites like Twitter and Facebook to try to infect victims with malware and trick people into giving up their vital personal information like bank logins, social security numbers, etc.

2) Mobile Malware. Cyber crooks will cash in on the app craze even more in 2011, targeting mobile phones for malicious software (malware) attacks. They have already figured out ways to disguise malware as legitimate apps, and then steal account and login information or get victim phones to make expensive phone calls without the phone's owner ever knowing a thing. IID expects to see more and more rogue apps, along with attacks crafted to go after vulnerabilities in the smart phones’ operating systems or popular apps.

3) Infrastructure Hijackings. Expect DNS (Domain Name System) and BGP (Border Gateway Protocol) attacks to grab headlines in 2011. As the translator between domain names and IP addresses, DNS is the glue that holds everything together on the Internet, from keeping time to conducting transactions to transmitting messages to sharing corporate and consumer data. By hijacking these DNS translations, attackers can drive unsuspecting surfers and corporate users to malicious sites, making large parts of the Internet largely useless or insecure. BGP is essentially the routing system for the Internet. Much like DNS, when BGP is hijacked, everything from websites to e-mail to instant messages can be rerouted.

4) Growing Pains with DNSSEC. There will be problems implementing DNSSEC (Domain Name System Security Extensions) properly because of technical challenges, industry resistance to change and implementation problems. DNSSEC is being marketed as the silver bullet to stop DNS cache poisoning attacks -- where criminals can hijack a domain, email and much more.

5) Zeus Reborn. The person who wrote Zeus -- the malicious software used to steal more than $100 million so far in 2010 – says he is retiring from using Zeus. But don't believe the ruse. There is a good chance the programmer or a close associate will soon emerge with even more powerful ways to steal.

6) Sophisticated Mule Recruitment. In the world of phishing, a mule -- or money mule, to be more precise -- is the person who does the legwork of transferring the money from a phished bank account to a foreign bank account, typically through an intermediary money wire system like Western Union. IID expects more sophisticated mule recruiting operations in the coming year since moving money has been the biggest obstacle to criminals cleaning out bank accounts over the past year.

7) ACH Fraud Growth. Cyber criminals have found ACH (Automated Clearing House) fraud to be a simple way to swindle money from users. IID sees this scheme continuing for the foreseeable future due to its simplicity and the criminals’ ability to make millions of dollars from just a handful of ACH fraud victims.

8) Law Enforcement Busts. There has been a lot of money and manpower invested into fighting cybercrime by U.S. federal law enforcement as well as other countries over the past few years. Expect a continued uptick in taking cybercriminals down over the next year.

9) Extended Enterprise Problems on the Rise. Cyber criminals often take an indirect approach to compromise their targets by focusing on those targets’ trusted partners, vendors and others (the Extended Enterprise) that have access to valuable data. As enterprises strengthen their defenses against direct attacks, IID expects to see an increase in indirect attacks against the Extended Enterprise – essentially opening up a “back door” security vulnerability.

10) Malvertising Growth. Malvertising, the distribution of malware via fake online ads, grew steadily in 2010 with the volume of detected incidents more than quadrupling over the year. IID expects this growth to continue, as cybercriminals capitalize on the rapid growth in online advertising and compromised websites to distribute malware.

Featured

  • Video Surveillance Trends to Watch

    With more organizations adding newer capabilities to their surveillance systems, it’s always important to remember the “basics” of system configuration and deployment, as well as the topline benefits of continually emerging technologies like AI and the cloud. Read Now

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.