National security, VoIP and malware set 2008 security agenda

The third annual Virtual Criminology Report released today from security vendor, McAfee warns of new and developing methods and targets for cyber crime that have emerged this year, which will increase the risk to government, organisation and individual technology users into 2008.

Governments are targeting and being targeted with cyber espionage tactics, said McAfee security expert, Sal Viveros, with over 120 countries involved in gathering sensitive information as they increasingly rely on digital means to carry out their administrative and legislative duties.

"Just as espionage has always been a means of political, economic and military defence or attack, the internet has become a new tool in an internet-based 'cold war' against governments, allied groups like NATO and militant groups," Vivero told IT PRO.

He pointed to the distributed denial of service (DDoS) attacks on Estonia's government, news and bank servers that took place in April earlier this year as an example, while countries including the UK, US, Germany and China have admitted using cyber espionage techniques as part of their national defence strategies.

He added that 2008 would likely see more legislation, regulation and treaties to strengthen the weak levels of global governance in this area.

The report also found both public and private organisations face an increasing threat to online services such as banking through the emergence of a complex and sophisticated market for malware.

Meanwhile, malware is being written to further the self-propagating ability of internet worms such as the Storm worm or 'Nuwar' demonstrated this year. Such malware can create armies of infected computers, or botnets, that can avoid attack by updating their defences without the end users' knowledge.

Vivero also highlighted the threat to individuals from new tactics like 'vishing' (phishing via VoIP or voice over internet protocol) attacks and 'phreaking' (hacking into telephone networks to make long distance phone calls).

"In the case of vishing, most people aren't aware of the threat and still trust their phones more than they do their computers," he said.

"But if millions are still falling victim to online phishing tactics, even though the IT industry has been trying to educate users about how to avoid the threats, then it's likely the tactic of getting someone to hand over sensitive information to an automated call facility is more likely to catch out people that are not aware of this issue."

Overall, Vivero said organisations must update their defences with data leakage prevention and endpoint encryption software.

While individuals must realise antivirus software is no longer sufficient protection for their systems: "Complete endpoint protection, including a firewall, as well as antivirus an antispam tools are needed," he added.

Dr Ian Brown from the Oxford Internet Institute and Professor and Lilian Edwards from the Institute for Law and the Web in the UK, together with Eugene Spafford and his team from the CERIAS centre at Purdue University in the US, undertook extensive research amongst law enforcement agencies and cybercrime experts across the globe to assess the current trends and emerging threats to security.

Email to a friend

Print this page

Social Bookmark this article: What is this?

Digg

Delicious

Reddit

StumbleUpon

Slashdot

Google

Facebook