Page 1 of 2
Phishing scams. Malware. Data loss.
What was once the stuff of an action-packed techno-thriller now appears constantly in the newspapers and on the nightly news, not to mention the worried postings of nervous IT bloggers.
While IT and security professionals dispute exactly what constitutes the most serious security threat, almost all sources agree that over the past two to three years, cybercriminals have become amazingly professional. Large-scale Internet fraud and infiltration are evolving into complex, global networks with multimillion-dollar payoffs.
"It's become a business now," said Kevin Simzer, senior vice president of Entrust Inc., Addison, Texas, which specializes in digital identities and information security. "It's about money now. That's just the reality."
Across the board, attacks are becoming more targeted, acutely honing in on individuals with specific and personal demographic information. Instead of just credit cards and bank account information, they're going for everything—any and all information that can be used to create an identity, experts say. From there, attackers will either use the data or sell it on the black market to someone who will.
"You're starting to see a broader base of attacks. We're really seeing broad-based fraud activities," said Vincent Weaser, senior director of development at Symantec Corp., Cupertino, Calif. "Their ability to turn [information] into cold, hard cash—they're after a lot more than simply your bank account."
Something's Phishy
It's no secret that the phishers' nets are getting bigger and more advanced. Continuing a trend of increasingly sophisticated phishing attacks, cybercriminals will continue to target their victims more precisely with personal and more authentic-looking information. "It's just continued to run totally unabated,"
Simzer said. "The consumer's data is totally exposed, and lo and behold, someone is accessing their account."
Masked as legitimate Web sites from Ebay, Amazon and others, phishing sites will typically ask individuals to submit financial or identifying information such as credit card, bank and Social Security numbers. Security professionals expect that phishers will increasingly target smaller, less-popular sites as the big companies beef up their security and users become savvy about avoiding large-scale scams.
These kinds of scams will be much easier for cyberpredators as phishing toolkits become more ubiquitous. Forty-two percent of phishing Web sites observed in the first half of the year originated from just three phishing toolkits, according to Symantec's Top 10 Internet Security Trends for 2007. And those resources will likely become much more accessible as the need grows, experts say.
As individuals become savvy to widespread attacks, phishers will target their victims more precisely with highly researched personal information in schemes known as spear phishing, luring victims into attacks by using precisely targeted and individual-specific information. There's also whaling—targeting high-level, and often new, executives for sensitive company information.
"All the attacks we've seen in the past aren't going to go away—they never do," said Richard Stiennon, chief marketing officer for Fortinet Inc., Sunnyvale, Calif. "We'll see an increase in the level of targeting. It's a pretty scary concept to think someone picks you out of the fold."
Plus, with the upcoming presidential election, security personnel expect to see more political phishes. Scams will likely come in the form of political organizations or campaigns asking for "donations."
"There's some social reconnaissance being done," said Peter Bybee, president and CEO of San Diego-based Network Vigilance. "We're definitely seeing more sophisticated, socially engineered attacks. At least they have a more authentic message for coaxing you into doing something."
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
