The Hindu Business Line : ‘Content-based Web attacks to top security threats in ’08’

Alarm bells
Malicious spam to invade blogs, search engines, forums and Web sites.
Attackers will use Web’s weakest links to launch attacks.
Vishing and voice spam will combine and increase

L.N. Revathy

Coimbatore, Dec. 11 Websense Inc is anticipating content-based Web attacks to top the list of threats in 2008, the others being cross-platform Web attacks, special interest attack targeted at specific groups, morphing of Java script and the like.

In its annual security predictions for 2008, Websense Security Labs has said that the Olympics would spark an outbreak of hacker activity such as compromises of popular Olympic news or other sports sites. Websense researchers foresee the possibility of large-scale denial-of-service (DoS) attacks on Beijing Olympic-related sites and fraud attempts through email and the Web surrounding the Olympics.

The lab has also predicted that “hackers would leverage the increased adoption of Macs and iPhones as new means for cross-platform Web attacks.

Special interest groups falling within a certain age group, wealth bracket or people with particular purchasing habits would become targets of Web 2.0 attacks and spam would increase in the blogosphere and ‘talk back’ sections of new sites to drive traffic and increase search engine rankings of infected Web sites.” The attackers, according to Websense research team, would increasingly exploit the weakest links within the Web infrastructure to target the greatest number of Internet users. Most vulnerable to these attacks are search engines and large user networks such as MySpace or other social networking sites as they have a higher probability of delivering a payoff.

The lab is anticipating the number of compromised Web sites to surpass the number of created malicious sites as the Web, as an attack vector, has been increasing steadily over the last five years.

With hackers upping the ante with evasion techniques by changing the code every time a user visits the malicious site, signature-based security scanning technologies have difficulty detecting the Web page as malicious.
Websense is expecting a crack down on key hacker groups and individuals by global law enforcement agencies and arrest of key members of a hacker group in 2008.
The cell phone user population is emerging a lucrative market to exploit with spamming and “vishing” for financial gain. To date, researchers have seen an increased number of vishing attacks but not a lot of spam – or pro-active automated calling.
In 2008, Websense predicts that “vishing” or the practice of using social engineering and Voice over IP (VoIP) to gain personal and financial information and voice spam would combine and increase.
A look at the current attack trend revealed that cyber criminal techniques were evolving quickly and efficiently not to evade detection but steal data and manipulate trusted content as well. “It is critical for organisations and individuals to recognise the changing techniques of the attackers,” said Mr Dan Hubbard, Vice President (Security Research), Websense.
The Labs Websense ThreatSeeker technology scans over 600 million Web sites every week searching for malicious codes. Its On Demand service scans more than 350 million emails per week for email security threats. The research team sends close to 80 security updates every day to protect its employees from external and internal computer security threats.

More Stories on : Security | Sports | Software

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page