Is no exaggeration, too easy, you are likely to become victims of computer crime.As the interests of the temptation, more lawless invasion by making ordinary user-virus software computer systems to steal valuable data and other information, the security environment is undergoing an unprecedented threat.For 2009, the area of security we may face an estimate of the threat, following a brief overview on each.
1. Trojan / keyloggers to steal information / rapid spread of botnets
Attackers often fake winning information by embedding procedures and keyloggers to steal, if users read the false information, theft of programs and keyloggers will mysteriously being automatically installed on the user's system,thus free to steal sensitive and financial data.According to the report of the authority of security agencies last year alone detected the number of new malicious software on more than 70,000.If the malicious software that rate continues, in 2009 this type of data will double the number of stolen software.
2. Data loss / damage
No one wants to be the next TJX.In the business battlefield, data has become the most important asset - the network of criminals is also seen that, so they "hard" and try to improve the attack techniques in order to be able to invade the data center core to steal trade secrets.Through social engineering (social engineering) and mixed threat of malicious software usually publish mysteriously broke into the user's computer, grab a lot of data, and send it to an external server, and finally collect these data together and get the black marketon sale at high prices.Although the financial data, such as Social Security numbers, credit card and bank account information is still chasing the goal of cyber criminals, but security experts say, intellectual property, passwords, and other types of identification information are also increasingly becoming the choice of criminals.
3. Internal threats
Whether intentional or accidental, in the next 12 to 18 months, internal threats will continue to be one of the biggest security threat.If a company's security policy is unknown or can not be executed, the behavior of ordinary users will continue to unwittingly play the role of safety bombs, such as surfing unsafe websites, click on a malicious link in the email or notsensitive data encryption.As enterprises become increasingly mobile staff who use mobile devices to use non-encrypted network will greatly increase the "exposure" of risk, and thus the opportunity for criminals.
4. Organized crime networks
Gray Pigeons does not sound like a child by a teenage garage band formed? But in fact they are highly organized and complex network of criminal syndicates.In the past two years, had scattered to hackers loosely scattered group (they are only consistent with the common goal) have been merged into a complex multi-level global network.A more well-known organization is Russian Business Network, it is mainly responsible for the creation and distribution of malicious software aimed at businesses.And other organized crime differently, the cyber crime hackers can rely on their anonymity and avoid detection and international law.
5. Phishing / social engineering
Social engineering is becoming a large mixing an effective way to attack one, it is becoming more creative and targeted.In phishing attacks, users will generally be anonymous e-mail subject line that attracts fascinating, such as news headlines or celebrity fake video.Once the user opens these links, they tend to see a brief message, encouraging them to click on a link embedded in the message to visit another site or video.The fact that the link is a malicious link, often targeted to the attacker's server, or virus-infected Web page, they will automatically install malicious software to the unsuspecting user's computer.Social engineering has become more complex, attackers have begun to design targeted deceptive e-mail, usually for managers and other staff hold sensitive information, which is the so-called phishing attacks.
6. Virus
Although the virus is not as arrogant, but it's still the company's network of very serious damage caused by the infection of all the files and applications, while the production company had to sacrifice valuable time to killing the virus and restore the system.A more well-known virus program is Parite, it was first found in October 2001, capable of infecting both local and shared network for all Windows executable files.
The first run, the virus creates a temporary file, the file name is random.Next, the virus will attach the file to reside in the Explorer.exe memory.Virus infection that can access local and network drives *. EXE and *. SCR files.Other viruses, such as Virut, there are several variations of a file infected with a virus, it can run other malicious programs, while infection in order to copy all the executable files.
7. Cyber espionage
Network attacks is not just contain the social security numbers and credit card theft information.Just shortly after Russia invaded Georgia, the two countries have begun to network hackers launched a full-scale war, attack each other's news and popular websites.Georgia was a comprehensive network attacks, leading to Georgia by Russia, the main site traffic within the server AS12389 Rostelecom, AS8342 Rtcomm and AS8359 Comstar control.Security experts said the spy network will soon become a standard international conflict means of attack.
8.0Day Vulnerability
Once hackers discovered in an application security vulnerability, then the uncertainty in the system they developed before the introduction to this vulnerability malicious code is only a matter of time.Impact of these vulnerabilities are often belong to a specific platform Web browser and applications.Recently, however, security researchers discovered a variant of cross-platform DNS vulnerability, the so-called cache poisoning attacks completely open the door, the so-called cache poisoning attack is to deceive accepted the incorrect DNS request, then re-locate to another malicious website.Once the user logs on a malicious Web site, then criminals have the opportunity to network users of the system to implant Trojan horses, keyloggers, and a series of malicious programs.At the same time, the attacker is trying to develop the ability to automatically use Web browser vulnerabilities to malicious software, thus reducing the time to attack the system.
9.Web 2.0 threats
As more applications migrate to Web 2.0 model, the security threats has shifted direction.In the near future, we should be able to see more for social networking sites such as Facebook and Myspace sites such as LinkedIn and professional attacks.An attacker will also find more popular sites to inject malicious code means, which can be malicious software installed on the user's computer or redirected to another site.A recent example: the United Nations and some of the British Government was attacked later on the infection.Users access to the infected site will unknowingly download a malicious file, it can launch 8 different exploits.Users should be wary of fake "clean" software which claims to clean up the user system, the virus, to attract the user pays for, in fact, most of these applications are useless.
10. Voice phishing (Vishing)
Security researchers have found that Voice over Internet Protocol (VoIP) attacks are very alarming rate of annual growth.While VoIP is not much progress seems threatening, but still need the appropriate technology to improve prevention.Although many users for spam, phishing and other Internet-related fraud is becoming more cautious, but this is often prudent to ignore the voice protocol.Security experts end of this year, VoIP threat will grow 50 percent.