New and old threats still menace Web users

Gordon Peters
Thursday, 25 November 2010 16:31

IT Industry - Market

The evolution of the threat landscape during 2010 has revealed new security threats and confirmed the ongoing menace of well-known threats, including attacks on mobile platforms like the iPhone.

In its latest report on cyberthreats and emerging trends for security in the next 12-months, Websense said today that some mobile platforms including the iPhone have already been attacked, and it warned that the 'continued consumerisation of these phones and the increasing amounts of financial data that touch these devices make them ripe future targets.'

According to Websense, there is a sizeable variance between the quality of available mobile applications, and it further warns that these applications will open the door for unintended security vulnerabilities. 'Jailbreaking iPhones is just a preview of the dark alley that many of these phones will enter. Legitimate apps will easily be repurposed for spam and phishing attacks,' Adam Bradley, ANZ Country Manager for Websense predicted.

Bradley says the Web has 'transformed into a business and application platform,' and he adds, 'in 2011, real-time social networking sites will continue to dominate the landscape and hackers will continue to mix social engineering tricks with modern blended threats making the Web more complicated than ever before. The blended nature of today's threats means that all security measures must integrate email, Web, and data technologies.'

On blended attacks, Websense also warns that SEO optimisation combined with rogue AV and email containing data stealing components will not slow down in the coming 12 months, and cautions that relying on reactive security measures such as standalone AV will simply 'fail to provide adequate protection against these sophisticated techniques that combine Web, data loss prevention (DLP), and email.'

On old vulnerabilities, Websense report that Adobe Reader and Microsoft Internet Explorer were prime targets throughout 2010, and that there is no sign of a change in course on the part of the hackers. The firm says old vulnerabilities will be subject to no shortage of exploits in the coming year.

In addition, according to Websense, spam campaigns will continue to target the walls of Facebook and other social networking sites, while email attacks will continue to become 'more sophisticated with a focus on links and attachments to help disguise their bad intentions.'

Bradley says that, as in the past, the majority of attacks will rely on botnets, which he notes are 'very cost-effective for cybercriminals and they have enough range to reach far and wide.'

Websense observes that the top 100 websites feature constantly changing content with billions of varied page visits per site, and Bradley says that many companies will find themselves 'caught off guard, placing their data at risk, due to bad business practices regarding the sensitivity of data on these sites.'

On the hate and terrorism front, Websense says that photographic evidence of terrorists hiding in caves doesn't serve as good examples of the level of sophistication in which these groups operate. 'We've already seen a rise in the presence of these organisations on the Web,' Bradley says, adding that 'numerous groups will continue to focus on the Web to recruit members, make money, and commit various crimes.'  Websense also says that it expects a tightening of the organisational structures in which these groups operate.