ISSE: Emerging security threats challenge businesses
By Stephen Pritchard in Warsaw,
Hackers and cybercrime gangs are increasingly targeting smart phones, Macintosh computers and other "emerging" platforms, delegates to Europe's largest independent security conference have been warned.
Speaking at this year's ISSE conference in Warsaw, Costin Raiu, head of research and development at anti-virus vendor Kaspersky Labs, said that security improvements in Windows Vista were making it harder for cyber-crime gangs to target PCs. At the same time, the growing popularity of alternative platforms, such as Mac OS and the Symbian mobile OS were bound to attract growing attention from hackers.
"Vista has security features which make many of the current attacks obsolete," said Raiu. "But there are also more and more people using smart phones. There are more banks using such phones for two-factor authentication, but cyber criminals are designing Trojans that look like [authentication] tokens."
Gangs are going to greater and greater lengths to improve the quality of malware, Kaspersky suggests.
Hacker teams are increasingly organised on similar lines to professional software development teams, with quality assurance and even marketing specialists, said Raiu.
One group has even gone as far as to submit its Trojan to Symbian as part of that platform's application signing process. The application purports to be a data backup utility but in fact diverts personal information to the crime gang's servers.
The cybercriminal's greater sophistication is also being tracked by Microsoft, which has noted a growing emphasis on highly-targeted malware attacks, especially phishing.
According to Steve Lipner, senior director of security engineering at Microsoft, malware authors' use of social engineering is becoming more skilled. "The cyber criminals will use a carefully socially engineered hook to get someone to open an attachment, which then tries to exploit a vulnerability and installs a back door for a bot client, or downloads additional software for logging key strokes or sucking down sensitive data," Lipner said.
Better software development methodologies, including building a security lifecycle into the software development lifecycle, will reduce the number of vulnerabilities and remove many of the opportunities for cyber crime, he explained. "We don't kid ourselves that we will get to perfect software but we will reduce the number of exploits and stop shortcomings being introduced in software," said Lipner.
Alternatively, end users could look for alternative platforms for sensitive transactions such as online banking. "At the moment, the closest thing to a secure platform is a Nintendo Wii," said Kaspersky's Raiu. "It is pretty limited, but it is pretty much malware proof."
advertisement
Latest Security Features
The continued curse of cybersquatting
For some, it’s a problem confined to the early days of the Internet. But current figures suggest that the cybersquatting problem is, if anything, growing.
- Where next for Microsoft, Yahoo and Google?
- Top 10 mobile features of 2009
- Top 10 security predictions for 2009
- Top 10 reviews of 2008
- The year in IT news
- Top 10 security stories of 2008
- Top 10 business phones of 2008
- 15 tech charities that need your help
- PCI's Bob Russo: Data loss hurts brand more than a fine
Latest Security Reviews
Fujitsu Siemens FibreCAT SX80 iSCSI
Rating: 
advertisement
Latest News Videos in Security
Video: Mobile security threats and Mac complacency
PlayPart two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?