| Symantec names top threats for 2008
25 November, 2007
By Vanessa Ho
With 2008 just around the corner, Symantec Corp.
has unveiled some of the top threats that people will
be seeing in the New Year.
Wayne Periman, director of operations with Symantec,
highlighted some of the trends that Symantec believes
will threaten the security landscape:
Election Campaigns
With the 2008 presidential campaign heading into
full swing in the New Year, so will malware writers.
A lot of these political candidates are increasingly
turning to the Internet for their campaigns but along
with that comes IT security risks. These risks include
the diversion of online campaign donations; dissemination
of misinformation; fraud; phishing; and the invasion
of privacy.
Bot Evolution
Symantec expects bots to diversify and evolve in
their behavior in 2008, for example phishing sites
hosted by bot zombies. Periman said that bots are
getting more and more sophisticated with bots using
peer-to-peer networks so that fluctuation in bot sizes
aren't dramatic.
Advanced Web Threats
As the number of available Web services increases
and as browsers continue to converge on a uniform
interpretation standard for scripting languages, such
as JavaScript, Symantec expects the number of new
Web-based threats to continue to increase. Periman
added that 89 per cent of browser vulnerabilities
involved Active X components and along with social
networking sites that have applications built in,
Symantec is seeing a lot of activity going around
exploiting some of those kinds of applications that
"find new ways to trick users to get credentials
stolen or cash stolen."
Mobile Platforms
Interest in mobile security has never been higher.
As phones become more complex, more interesting and
more connected, Symantec expects attackers to take
advantage.
"There are more and more mobile platforms out
there and now there are applications that run on them
and are carried around as a business-type device,
so we are anticipating that since they are a lucrative
targets, we will see more activity in the mobile space,"
said Periman.
He added that Symantec is also anticipating when
Google and Apple's iPhone puts out software development
kits (where third parties are able to build third
party applications to add to Google or the iPhone)
because they potentially could lead to vulnerabilities
being built.
Spam Evolution
Symantec also expects to see spam continue to evolve
in order to evade traditional blocking systems and
trick users into reading messages.
"We've seen the trend with image spam, which
was big for awhile, then started to slow up, then
we started to see PDF spam and different kinds of
attachments in attempt to get past spam filters. Now
we are anticipating seeing attachments like MP3 and
flash as well as [spam that] takes advantage of popular
fads and social networking sites," Periman said.
Virtual Worlds
Like McAfee reported in their 2008 trend report,
persistent virtual worlds and massively multiplayer
online games are becoming increasingly attractive
to new threats with criminals, phishers, spammers
and others as they turn their attention to these new
communities. "There is virtual money associated
with some of these communities," noted Periman.
Periman said that the real trend, which emerged in
2007 and would continue in 2008, is the overall commercialization
of attacks. "It is no longer about going on the
Internet and bad guys trying to make a name for themselves
by demonstrating their expertise to anyone but the
crime game."
|
