Cloud Botnets, Search Poisoning and Mobile Attacks Among 2013's Biggest Security IssuesAdded 15th Nov 2012
Researchers from the Georgia Tech Information Security Center released their official 2013 cyberthreats forecast, detailing what they say will be the most serious computer security issues in the coming year.
MORE ON SECURITY: Firefox users slowest to update browser, Kaspersky Lab finds
First on the list -- the use of cloud computing for malicious purposes. The same flexible provisioning capabilities that let legitimate businesses quickly add or subtract computing power could be used to instantly create a powerful network of zombie machines for a wide array of nefarious purposes.
"If I'm a bad guy, and I have a zero-day exploit and the cloud provider is not up on their toes in terms of patching, the ability to exploit such a big capacity means I can do all sorts of things," Microsoft WindowsAzure Distinguished Engineer Yousef Khalidi said in the report.
Globalized supply chains pose another, potentially even more serious security problem, according to the Georgia Tech researchers. The ongoing controversy over possible security flaws in products manufactured by some Chinese companies like Huawei and ZTE has businesses worried that their systems could have a built-in back door, making them vulnerable to compromise. (The researchers cite reports from Washington think tanks, as well, noting that the Chinese are concerned about the same issue where U.S.-made products are concerned.)
It's difficult to address this problem, according to the report, given the expense and headache of constant, floor-to-ceiling monitoring -- one of the central reasons the researchers take it so seriously.
The danger of search engine poisoning, as well, was cited in the report as one that businesses would do well to pay attention to. While garden-variety black-hat SEO and straightforward compromises of legitimate websites are serious enough threats, the authors say that tampering with a user's search history provides a new attack vector.
"If you compromise a computer, the victim can always switch to a clean machine and your attack is over," said Professor Wenke Lee. "If you compromise a user's search history and hence his online profile, the victim gets the malicious search results no matter where he logs in from."
Perhaps unsurprisingly, mobility was also highlighted as an area for concern, although the threats are not as serious as some have claimed. The app store model through which most mobile software is distributed provides a relatively stalwart first line of defense against a lot of smartphone-based malware, though the researchers added that a more aggressive patching policy from OEMs and carriers would help.
The director of the Georgia Tech Research Institute's Cyber Technology and Information Security Laboratory, Bo Rotoloni, said these problems demand responses on several fronts.
"Our best defense on the growing cyber warfront is found in cooperative education and awareness, best-of-breed tools and robust policy developed collaboratively by industry, academia and government," he said in a statement accompanying the report.
Email Jon Gold at email@example.com and follow him on Twitter at @NWWJonGold.
A phenomenal idea that reveals the damage traditional toys have had on our children and facilities how we can encourage our girls to take up careers in science, technology, engineering and mathematics.
A new commercial tool designed to allow cybercriminals to easily transform legitimate Android applications into malicious software has hit the underground market, paving the way for cheap and easy development of sophisticated Android malware.
Malware often does strange things, but this one -- which looked like Skype installed on a corporate domain controller -- was most "peculiar," says Jim Butterworth, a security expert at ManTech International, whose security subsidiary HBGary recently found the custom-designed remote-access Trojan on a customer's network.
Microsoft will deliver five security updates to customers next week, two tagged as "critical," including one that will quash the open vulnerability in Internet Explorer that hackers have been exploiting since January.
Having lots of Wi-Fi networks packed into a condominium or apartment building can hurt everyone's wireless performance, but Stanford University researchers say they've found a way to turn crowding into an advantage.
Organizations can now add machine-generated data to their palate of information sources that can be aggregated and analyzed, thanks to a new connector jointly developed by Tableau Software, a provider of business intelligence software, and Splunk, which sells a log-file search engine.
The Tor network is in danger of being swamped by criminals abusing its anonymity to hide an underworld of parasitic botnets, malicious command and control and ‘darknet' markets, according to research from Kaspersky Lab.
Rogue adverts that use social engineering to persuade users to install malware have displaced porn as the leading method of attack on mobile devices, according to a report from security firm Blue Coat.
A convoluted web of applications is stunting the digital transformation of the world's biggest international organisations.
Goldman Sachs has been doing SDNs for a long time. It just wasn't called SDNs when the investment giant invested in network programmability. It was just a bunch of APIs, software development kits and other code used to cobble together a large number of various specialized networks – trading, investment banking and the like -- across the globe.
Bitcoin's biggest mystery has finally been solved: The crypto-currency's creator, Satoshi Nakamoto, has finally been unmasked. Well, maybe.
When it comes to mobile devices, it's well known that malware writers like to target Android. But a threat report published today by security firm F-Secure puts in perspective why Android malware attacks often flop and why Android itself is no pushover.
Shipments of new PCs, most of them equipped with Microsoft Windows, will decline more in 2014 than thought a few months ago, according to IDC.
SAN JOSE -- In an effort simplify enterprise customer procurements, Cisco is implementing a licensing model for data center, WAN and access product purchases.
Challenging Microsoft's Windows Azure on its own turf, Red Hat is ramping up services that would offer Microsoft .NET and SQL Server capabilities on its OpenShift platform as a service (PaaS).