Network Security Watch list- 2012.
Top Threats in 2012..
We will see an big increase in attacks launched on social networks, mobile and by large infrastructures, like telcos and web servers. The gloves are off for ISP's to milk your personal information to track your every moment in the effort to sell you anything, Yes, we mean everything.
Risks to be aware of in 2012 include:
1.- Sons of ZeuS - A malicious software used to steal more than $100 million in 2010. We expect the surge to continue despite the originator's claim he is happy with his retirement fund. If anything, there could be a more dangerous intrusion of ZBOT, Zeus Ver 3, on the way to steal even more. Pick a security software suite that addresses ZeuS, head on.
2.- Social Networking Attacks via computers, PDA's and cell phones.
Banks are using these networks to cater to their Customers with more live interaction features. There are several bogus bank sites out there using social networking sites like Twitter, MySpace and Facebook to try to seize personally identifiable information. The intent is to steal your log in, so they can access your personal and business bank accounts.
Once the door is open, they can milk dry your hard earned dollars and even worse, draw down or apply for credit, acquire items in your name and even bind you to high ratio mortgages and equipment loans.
Most banks & insurance companies now post warnings on the net that they will never contact you by email which is an old trick to capture your account # and password for business or personal reasons. See more info on the top threats in 2012.
3.- Mobile Malware - Cyber crooks will cash in on the app craze even more in 2012, targeting mobile phones for malicious software (malware) attacks. They have already figured out ways to disguise malware as legitimate apps, and then steal account and login information or to get the victim's phone to make expensive phone calls without the phone's owner ever knowing a thing. We expect more fake apps to appear for free download to to take advantage of weaknesses in the smart phones’ operating systems. To combat this serious endpoint problem, we suggest you consider some mobile security software.
4.- IP: The most dangerous IP used in 2010 was Internet Relay Chat (IRC). Thirty percent of all botnets used IRC to communicate with infected machines and their command-and-control (C&C) servers. Fortunately, blocking IRC use in networks reliably stops botnets. For chats, there is opportunity to download infected files because of the file sharing capabilities with little protection from the content. There are plenty of safer ways to chat & exchange files online.
5.- Operating Systems: Their been some huge security related updates for all operating systems. Expect more in 2012 since many intrusions have been focused on the OS that have become so huge over the years they leave massive gaps for bots and viruses to penetrate to fix for multiple security vulnerabilities for users. So what can you do? The best advice is to make sure you and your network are staying current with all OS and application software updates. No choice, here since a fix is not done unless the problem is serious and impacting many users. See Windows- patches- updates
6.- Infrastructure Hijacking - Expect DNS (Domain Name System) and BGP (Border Gateway Protocol) attacks to be top billing this year.
Why? As the translator between domain names and IP addresses, DNS is the glue that holds everything together on the Internet. It keeps time and conducting transactions to transmitting messages to sharing corporate and consumer data.
By hijacking these DNS translations, attackers can drive unsuspecting surfers and corporate users to malicious sites, making large parts of the Internet largely useless or insecure.
BGP is essentially the routing system for the Internet. Much like DNS, when BGP is hijacked, everything from websites to e-mail to instant messages can be rerouted.
7.- Growing Pains with DNSSEC – There will be problems implementing DNSSEC (Domain Name System Security Extensions) properly because of technical challenges, industry resistance to change and implementation problems.
DNSSEC is being marketed as the silver bullet to stop DNS cache poisoning attacks – where criminals can hijack a domain, email and much more. The jury is still out on DNSSEC- so BEWARE.
8.- Mule Recruitment - In the world of phishing, a mule or money mule, is the person who does the legwork of transferring the money from a phished bank account to a foreign bank account, typically through an intermediary money wire system like Western Union. Usually, associated with work-from-home offers, there will be more innovative mule recruiting operations in the coming year. Do not consider getting drawn in since moving money has been the biggest obstacle and need for criminals cleaning out bank accounts.
