Skip Links

The future of malware

Watch out for whaling, smartphone worms, social media scams, not to mention attacks targeting your car and house

By Jeff Vance, Network World
October 03, 2011 06:01 AM ET

Network World - Personal information belonging to a full third of Massachusetts residents has been compromised in one way or another, according to the state's attorney general, citing statistics gleaned from a tough new data breach reporting law.

Watch a slideshow version of this story.

RSA recently announced that security of its two-factor SecurID tokens could be at risk following a sophisticated cyber-attack on the company. And Sony suffered a massive breach in its video game online network that led to the theft of names, addresses and possibly credit card data belonging to 77 million user accounts. The cost to Sony and credit card issuers could hit $2 billion.

The data breach quiz

Of course, that's just a sampling of recent breaches, and if you think it's bad now, just wait. It's only going to get worse as more information gets dumped online by mischievous hacker groups like Anonymous, and as for-profit hackers widen their horizons to include smartphones and social media.

For example, in August AntiSec (a collaboration between Anonymous and the disbanded LulzSec group) released more than 10GB of information from 70 U.S. law enforcement agencies.

According to Todd Feinman, CEO of DLP vendor Identity Finder, AntiSec wasn't motivated by money.

"Apparently, they don't like how various law enforcement agencies operate and they're trying to embarrass and discredit them," he said.

But, he adds, what they don't realize is that when they publish sensitive personal information, they are helping low-skilled cyber-criminals commit identity theft. Every week, another university, government agency or business has records breached. Feinman estimates that 250,000 to 500,000 records are breached each year. Few details from those breaches are published on the Internet for everyone to see, however.

While certain high-profile attacks, like the one on Sony, may be intended to embarrass and spark change, the U.S. law enforcement breach could represent a shift in hacker thinking. AntiSec's motivations appear to have a key difference, with the attackers consciously considering collateral damage a strategic weapon.

"In one online post, AntiSec came right out and said 'we don't care about collateral damage. It will happen and so be it,'" Feinman says.

Social networking

Experts say the future of malware isn't so much about how malware itself will be engineered so much as how potential victims will be targeted. And collateral damage won't be limited to innocents compromised through no fault of their own.

Have you ever accepted a friend invite on Facebook or connected to someone on LinkedIn you didn't know? Maybe, you thought this was someone from high school you had forgotten about or a former business partner whose name had slipped your mind. Not wanting to seem like an arrogant jerk, you accept this friend and quickly forget about it.

"When people make trust decisions with social networks, they don't always understand the ramifications. Today, you are far more knowable by someone who doesn't know you than ever before in the past," says Dr. Hugh Thompson, program chair of RSA Conferences.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News