Cloud Botnets, Search Poisoning and Mobile Attacks Among 2013's Biggest Security IssuesAdded 15th Nov 2012
Researchers from the Georgia Tech Information Security Center released their official 2013 cyberthreats forecast, detailing what they say will be the most serious computer security issues in the coming year.
MORE ON SECURITY: Firefox users slowest to update browser, Kaspersky Lab finds
First on the list -- the use of cloud computing for malicious purposes. The same flexible provisioning capabilities that let legitimate businesses quickly add or subtract computing power could be used to instantly create a powerful network of zombie machines for a wide array of nefarious purposes.
"If I'm a bad guy, and I have a zero-day exploit and the cloud provider is not up on their toes in terms of patching, the ability to exploit such a big capacity means I can do all sorts of things," Microsoft WindowsAzure Distinguished Engineer Yousef Khalidi said in the report.
Globalized supply chains pose another, potentially even more serious security problem, according to the Georgia Tech researchers. The ongoing controversy over possible security flaws in products manufactured by some Chinese companies like Huawei and ZTE has businesses worried that their systems could have a built-in back door, making them vulnerable to compromise. (The researchers cite reports from Washington think tanks, as well, noting that the Chinese are concerned about the same issue where U.S.-made products are concerned.)
It's difficult to address this problem, according to the report, given the expense and headache of constant, floor-to-ceiling monitoring -- one of the central reasons the researchers take it so seriously.
The danger of search engine poisoning, as well, was cited in the report as one that businesses would do well to pay attention to. While garden-variety black-hat SEO and straightforward compromises of legitimate websites are serious enough threats, the authors say that tampering with a user's search history provides a new attack vector.
"If you compromise a computer, the victim can always switch to a clean machine and your attack is over," said Professor Wenke Lee. "If you compromise a user's search history and hence his online profile, the victim gets the malicious search results no matter where he logs in from."
Perhaps unsurprisingly, mobility was also highlighted as an area for concern, although the threats are not as serious as some have claimed. The app store model through which most mobile software is distributed provides a relatively stalwart first line of defense against a lot of smartphone-based malware, though the researchers added that a more aggressive patching policy from OEMs and carriers would help.
The director of the Georgia Tech Research Institute's Cyber Technology and Information Security Laboratory, Bo Rotoloni, said these problems demand responses on several fronts.
"Our best defense on the growing cyber warfront is found in cooperative education and awareness, best-of-breed tools and robust policy developed collaboratively by industry, academia and government," he said in a statement accompanying the report.
Email Jon Gold at firstname.lastname@example.org and follow him on Twitter at @NWWJonGold.
An emphasis on evaluating personality traits is helping firms find, attract and retain talent.
The World Wide Web Consortium wants to bring the power of social media to the enterprise.
More than half of Asian companies (65 percent) reported that they have experienced data breaches within the past year.
Cybercriminals are spreading a new file-encrypting ransomware program that's more powerful and resilient than Cryptolocker, a threat recently shut down by the U.S. Department of Justice.
Tech bellwethers weigh in with second-quarter sales.
The company has to work faster to make up for the drop, CEO Marissa Mayer says.
HTC has posted a second quarter tax net profit before tax of $2.76 billion New Taiwan dollars.
Fastpass uses parallel processing to eliminate the need for complicated network queues, researchers say
Alternatives to "20-year-old" browser functions and search engines will be the next big disruptor, Microsoft's technical evangelist has said.
The Appcelerator mobile development platform has been updated for better metric collection and building of APIs
Romanian and French authorities have dismantled a cybercriminal network that infected computers at money transfer outlets across Europe and used them to perform illegal transactions.
Cybercriminals have inserted government-grade malware into run-of-the-mill ransomware and online banking Trojans to bolster their ability to avoid detection and block tampering.
Apple will provide an expanded set of support services to IBM customers with iPhones and iPads under a new enterprise-grade AppleCare plan.
Companies extend data center integration work with 3 year GTM agreement
Companies moving aggressively to adopt cloud computing are winning competitive advantage by reducing complexity and increasing business agility, according to a recent study by Harvard Business Review Analytic Services.