Cloud Botnets, Search Poisoning and Mobile Attacks Among 2013's Biggest Security IssuesAdded 15th Nov 2012
Researchers from the Georgia Tech Information Security Center released their official 2013 cyberthreats forecast, detailing what they say will be the most serious computer security issues in the coming year.
MORE ON SECURITY: Firefox users slowest to update browser, Kaspersky Lab finds
First on the list -- the use of cloud computing for malicious purposes. The same flexible provisioning capabilities that let legitimate businesses quickly add or subtract computing power could be used to instantly create a powerful network of zombie machines for a wide array of nefarious purposes.
"If I'm a bad guy, and I have a zero-day exploit and the cloud provider is not up on their toes in terms of patching, the ability to exploit such a big capacity means I can do all sorts of things," Microsoft WindowsAzure Distinguished Engineer Yousef Khalidi said in the report.
Globalized supply chains pose another, potentially even more serious security problem, according to the Georgia Tech researchers. The ongoing controversy over possible security flaws in products manufactured by some Chinese companies like Huawei and ZTE has businesses worried that their systems could have a built-in back door, making them vulnerable to compromise. (The researchers cite reports from Washington think tanks, as well, noting that the Chinese are concerned about the same issue where U.S.-made products are concerned.)
It's difficult to address this problem, according to the report, given the expense and headache of constant, floor-to-ceiling monitoring -- one of the central reasons the researchers take it so seriously.
The danger of search engine poisoning, as well, was cited in the report as one that businesses would do well to pay attention to. While garden-variety black-hat SEO and straightforward compromises of legitimate websites are serious enough threats, the authors say that tampering with a user's search history provides a new attack vector.
"If you compromise a computer, the victim can always switch to a clean machine and your attack is over," said Professor Wenke Lee. "If you compromise a user's search history and hence his online profile, the victim gets the malicious search results no matter where he logs in from."
Perhaps unsurprisingly, mobility was also highlighted as an area for concern, although the threats are not as serious as some have claimed. The app store model through which most mobile software is distributed provides a relatively stalwart first line of defense against a lot of smartphone-based malware, though the researchers added that a more aggressive patching policy from OEMs and carriers would help.
The director of the Georgia Tech Research Institute's Cyber Technology and Information Security Laboratory, Bo Rotoloni, said these problems demand responses on several fronts.
"Our best defense on the growing cyber warfront is found in cooperative education and awareness, best-of-breed tools and robust policy developed collaboratively by industry, academia and government," he said in a statement accompanying the report.
Email Jon Gold at firstname.lastname@example.org and follow him on Twitter at @NWWJonGold.
Next year will see demonstrable evidence of the Internet of Things, real-time communications on the Web, and SDN-enabled platforms with killer applications for them.
A Stratecast survey has found that more than 80 per cent of employees admit to using unauthorised Software-as-a-Service (SaaS) applications during work.
Microsoft moved to reassure business and government customers worldwide that it is committed to informing them of legal orders related to their data, and will fight in court any 'gag order' that prevents it from sharing such information with customers.
Distributed denial-of-service attacks against financial firms and other industries have been mounting, so today the Cloud Security Alliance (CSA) announced it is establishing the Anti-Bot Working Group to help fight this threat.
The majority of today's CIOs see value in mobilizing enterprise applications and in deploying mobile-related innovations such as GPS features, location-based services (LBS), mobile payments and QR codes. Many also say their organizations are already somehow increasing revenue and developing new revenue streams directly related to mobile. But nearly as many CIOs also see the cost of deploying new innovations as prohibitive and complexity as a major concern, according to a new survey commissioned by Mobile Helix, a mobile security vendor.
The price of bitcoins may be soaring, but China isn't too thrilled with the virtual currency. On Thursday, the nation moved to regulate use of bitcoins, stating that its financial institutions could not deal in the virtual currency.
New attack campaigns have infected point-of-sale (PoS) systems around the world with sophisticated malware designed to steal payment card and transaction data.
Ruby on Rails users are advised to upgrade to newly released versions of the Web development framework that contain important security fixes, according to the Rails development team.
Mobile technology is increasing the complexity, usage and costs of mainframe applications, according to Compuware research.
Asian markets are ready for advanced mobile technology and fast connectivity, according to new insights released by Telenor Group in Asia.
Large smartphones with 5-in. or larger displays -- often called phablets -- are eating into sales of smaller tablets with screens in the 7-in. range.
Analysts have predicted that the Internet of Things will continue to grow in 2014, and more enterprises will start to realise the potential benefits.
When end users circumvent the IT department and start using software-as-a-service (SaaS) applications without permission, the IT pros complain about the plague they call "shadow IT." But it would seem the professionals are also operating in the shadows, according to a survey out today.
Once upon a time, not so long ago, the IT admin chose exactly what hardware and software would be used by employees. Recent trends like the consumerization of IT and BYOD (bring your own device) have shifted the balance of power, but IT still has to maintain some degree of control over the applications used and where sensitive data is stored. Many users just download apps or start using unsanctioned services, though, and introduce unnceccesary security risks through "shadow IT."
Once heavily reliant on the Chinese market, Lenovo is now looking to make acquisitions as it tries to expand its growing enterprise business to other countries.