Cloud Botnets, Search Poisoning and Mobile Attacks Among 2013's Biggest Security IssuesAdded 15th Nov 2012
Researchers from the Georgia Tech Information Security Center released their official 2013 cyberthreats forecast, detailing what they say will be the most serious computer security issues in the coming year.
MORE ON SECURITY: Firefox users slowest to update browser, Kaspersky Lab finds
First on the list -- the use of cloud computing for malicious purposes. The same flexible provisioning capabilities that let legitimate businesses quickly add or subtract computing power could be used to instantly create a powerful network of zombie machines for a wide array of nefarious purposes.
"If I'm a bad guy, and I have a zero-day exploit and the cloud provider is not up on their toes in terms of patching, the ability to exploit such a big capacity means I can do all sorts of things," Microsoft WindowsAzure Distinguished Engineer Yousef Khalidi said in the report.
Globalized supply chains pose another, potentially even more serious security problem, according to the Georgia Tech researchers. The ongoing controversy over possible security flaws in products manufactured by some Chinese companies like Huawei and ZTE has businesses worried that their systems could have a built-in back door, making them vulnerable to compromise. (The researchers cite reports from Washington think tanks, as well, noting that the Chinese are concerned about the same issue where U.S.-made products are concerned.)
It's difficult to address this problem, according to the report, given the expense and headache of constant, floor-to-ceiling monitoring -- one of the central reasons the researchers take it so seriously.
The danger of search engine poisoning, as well, was cited in the report as one that businesses would do well to pay attention to. While garden-variety black-hat SEO and straightforward compromises of legitimate websites are serious enough threats, the authors say that tampering with a user's search history provides a new attack vector.
"If you compromise a computer, the victim can always switch to a clean machine and your attack is over," said Professor Wenke Lee. "If you compromise a user's search history and hence his online profile, the victim gets the malicious search results no matter where he logs in from."
Perhaps unsurprisingly, mobility was also highlighted as an area for concern, although the threats are not as serious as some have claimed. The app store model through which most mobile software is distributed provides a relatively stalwart first line of defense against a lot of smartphone-based malware, though the researchers added that a more aggressive patching policy from OEMs and carriers would help.
The director of the Georgia Tech Research Institute's Cyber Technology and Information Security Laboratory, Bo Rotoloni, said these problems demand responses on several fronts.
"Our best defense on the growing cyber warfront is found in cooperative education and awareness, best-of-breed tools and robust policy developed collaboratively by industry, academia and government," he said in a statement accompanying the report.
Email Jon Gold at firstname.lastname@example.org and follow him on Twitter at @NWWJonGold.
Cisco today announced Managed Threat Defense, a set of security services for the enterprise that Cisco is providing through two new operations centers to remotely support intrusion-detection, incident response and forensics, among other services.
Sometimes a security patch isn't all it's cracked up to be. The security researcher who first found a vulnerability affecting more than 20 different router models says the patch meant to fix it only hides the initial weakness and doesn't remove it whatsoever.
Salesforce.com recently celebrated its 15th year in existence, and as the SaaS (software-as-a-service) vendor races toward US$5 billion in revenue its influence on the industry is being felt more than ever. At the same time, some signs indicate that Salesforce.com is having a few growing pains, as well as showing some trappings of the mega-vendors it once mocked with its "End of Software" marketing campaign.
Can your tablet withstand a 2-meter drop or be submerged in water for 30 minutes and keep functioning? The new $5,000 tablets from Xplore Technologies can.
A malware campaign of yet-to-be-determined origin is infecting jailbroken iPhones and iPads to steal Apple account credentials from SSL encrypted traffic.
Mainframe operators using BMC software may now be able to enjoy the speedy, devops-style development pace that is quickly becoming the norm for customer-facing mobile applications and Internet services.
Dell released a new virtualized storage accelerator appliance called Fluid Cache for SAN on Tuesday, designed to help customers keep data-intensive applications working quickly under load.
Gone are the days when a company could deploy a standalone security appliance to protect an entire network, McAfee network security general manager, Pat Calhoun says.
Verizon today issued its annual data-breach investigations report, a study of what happened in 1,367 known cases across dozens of industries in 95 countries last year, and the most common form of attack was breaking in through Web applications.
The panic over the Heartbleed bug is proving to be a convenient distraction for hackers using standard techniques in a fresh wave of attacks targeting at least 18 U.S. universities, according to a computer security researcher.
A notorious Windows leaker dubbed 'Wzor' says Microsoft will issue yet another update to Windows 8.1 later this year, evidence of an even-faster acceleration in the company's development tempo.
Jurors in the Apple v. Samsung case have heard a lot of big numbers in the past few weeks.
Wireless technology changes quickly. This matters if you're running a business, as faster Wi-Fi can improve employee productivity as well as customer service. These advances in wireless tech are therefore worth watching.
As CIO at Boeing, Ted Colbert is no stranger to the Internet of Things. For more than a decade, the aerospace giant has deployed thousands of communications-enabled smart devices to sense, control and exchange data across the factory floor, on the battlefield, and within the company's 787 Dreamliner aircraft.
Falling hardware sales and the cost of layoffs hit IBM's profit hard in the first quarter, sending it down 21 percent from a year earlier.