Phishing, pharming can cause monetary loss, identity theft, warn experts
Pune, Dec. 26
Keeping information and infrastructure secure is a problem which recurs very often in the guise of new and smart attackers. And it is a tough task for the security chiefs to stay that one step ahead.
Mr Srikiran Raghavan, Regional Sales Head, RSA, Security Division of EMC, says virus threats and spam will continue to be areas of traditional concern for 2007.
But the areas to watch out for include the growing menace of phishing and pharming that can potentially cause monetary loss, and more importantly identity theft.
"Consumer awareness will never scale to a level that will eradicate the success rates of phishing attacks, but what is imperative is that as consumers start using the innovative and cost-efficient delivery channels that financial institutions offer them, they must be more careful. One must try to always remember that personal data is never solicited from the consumer," he points out.
Identity theft can potentially result in a consumer's creditworthiness being devalued, thereby increasing the cost of maintaining the credit instrument or it being revoked. Another area of concern is in the laptop/PDA theft, which would continue to increase with the cost of mobile IT assets reducing. Consumers should use licensed software to manage security controls on these assets and avoid as far as possible any confidential or personal data being stored on the hard drive or memory, he states.
Mr Niraj Kaushik of Trend Micro notes that in 2007, users can expect Web threats to emerge as the prevailing security threat. Web threats include a broad array of threats originating on the Internet, and are typically blended threats that use a combination of files and threats. Web threats will impact consumers and corporations alike through confidential information leakage, identity theft, bot infection, adware/spyware installation, and the like. He says 2007 will continue the "high focus/low spread" tendency of 2006.
"Whereas in the past, we experienced widespread mass-infections, now we see smaller-scope regional outbreaks. These targeted attacks have more specific objectives and they are more difficult to eradicate. In some cases, they are so specific as to target single companies in order to steal certain internal information".
Trend Micro in its report has also stated that it expects to see the bot threat grow, as creators find newer methods for installing them in users' machines.
Since crimeware creators have a way to fund their activities, crimeware attacks will not go away. PC users must be prepared for, and be familiar with these novel ways of being attacked in order to prevent being robbed or scammed. Spyware and other aggressive marketing campaigns will continue to be a threat.
Developers of these adware campaigns usually pay per each copy of the software installed. Their distributors, therefore, resort to questionable methods of installing as many copies as possible, even against the user's will or knowledge.
According to Capt Raghu Raman, Chief Executive Office, Mahindra Special Services Group, phishing would continue to be the major concern but will be much more sophisticated. Perpetrators will choose victims with more care and customisation. Mr Patrik Runald & Jari Heinonen, F-Secure Corporation are of the viewthat security concerns will not be too different in 2007. "We will continue to see a huge growth in malware - again motivated and driven by money. Phishing will also increase next year but we will see more localised attacks where they are using the local language instead of English. "Next year we will probably see more threats using WiFi as a carrier and perhaps even WiFi worms. The best way to protect yourself against this is to make sure you install the latest drivers for your wireless card in your computer,'' he notes.
cyber crimeWebsense in its 2007 security threat predictions has stated that in 2006, cyber crime and the evolution of new cyber-criminals increased. In 2007, it expects underground cyber crime to become better organised and run a better economy. The burning issue: Would the attacks be more vicious or more sedate? Mr Srikiran notes that this is more specific to virus attacks or malicious software attacks on consumer PCs, for example, but if one were to consider the impact of phishing and pharming on consumers, it really cannot be discussed in terms of being vicious or sedate, but rather in terms of the potential to erode a consumer's financial status and overall creditworthiness, which is far more debilitating than a virus attack on one's PC. Mr Patrick is of the opinion that they will become more complex but there will not be big outbreaks like Blaster in 2003 or Sasser in 2004. Security updates In addition, it is very important that the security updates for Windows are installed as soon as they are available, he says. In addition, things to remember: If you receive an e-mail attachment that you didn't expect, don't open it. Your credit card company or bank will never, ever send an e-mail asking you to confirm your details or to login about irregular activities on your account. They will call you or mail you using regular post if that would be the case. If you receive an e-mail asking you to confirm your details online, don't do it.