2008 Security Threats Will Follow The Money

Phishing scams, malware, data loss -- many security professionals dispute exactly what constitutes the most serious security threat. But almost all sources agree that over the past two to three years, cyber criminals have become incredibly professional. What was once about bragging rights is now about high-stake payoffs illegitimately gained by large-scale Internet fraud and infiltration.

"It's become a business now," said Kevin Simzer, senior vice president of Entrust, specializing in digital identities and information security. "It's about money now. That's just the reality."

Across the board, attacks are becoming more individualized, acutely honing in on individuals with specific and personal demographic information. Experts say that instead of just credit cards and bank account information, they're going for everything -- any and all information that can be used to create an identity. From there, attackers will either use the data, or sell it blackmarket to someone who will.

"You're starting to see a broader base of attacks. We're really seeing broad-based fraud activities," said Vincent Weaser, senior director of development for Symantec. "Their ability to turn (information) into cold hard cash -- they're after a lot more than simply your bank account."

Something's Phishy

It's no secret that the phishers' nets are getting bigger and more advanced. Continuing a trend of increasingly sophisticated phishing attacks, cyber criminals will target their victims more precisely with personal information. "What we're seeing is more and more is phishing. It's just continued to run totally unabated," said Simzer. "The consumer's data is totally exposed, and low and behold, someone is accessing their account."

Masked as legitimate sites from Ebay, Amazon and others, phishing sites will typically ask individuals to submit financial or identifying information such as credit card, bank and social security numbers. Security professionals expect that phishers will increasingly target smaller, less-popular sites as the big companies beef up security and users become savvy to the large-scale scams.

In addition, the availability of phishing toolkits will make these kinds of scams much easier for cyber predators. In fact, 42 percent of phishing Websites observed in the first half of the year were associated with just three phishing toolkits, according to Symantec's Top 10 Internet Security Trends for 2007,

Also, as individuals become savvy to widespread attacks, phishers will target their victims more precisely with highly researched, personal information, in schemes known as spearphishing, luring victims into attacks by using highly focused individual-specific information. Or whaling, targeting high level executives for sensitive company information.

"All the attacks we've seen in the past aren't going to go away, they never do," said Richard Stiennon, chief marketing officer for Fortinet. "We'll see an increase in the level of targeting. It's a pretty scary concept to think someone picks you out of the fold."

Plus, with the upcoming presidential election, security personnel expect to see more political phishes in 2008. Scams will likely come in the form of political organizations or campaigns asking for "campaign donations."

"There's some social reconnaissance being done," said Peter Bybee, President and CEO of Network Vigilance based in San Diego. "We're definitely seeing more sophisticated, socially engineered attacks. At least they have a more authentic message for coaxing you into doing something."

Next: Web's Wealth Of Data Awaits Thiefs