2009 has seen new technologies being improved, adapted and adopted on a massive scale, with over 350 million active users of Facebook, downloads of iPhone Apps recently topping 2 billion, and more that 1.6 billion devices being used to access the internet, including PCs, mobiles and online gaming consoles. There has also been an increase in the number, and sophistication, of internet threats being produced by cyber criminals.
Trojans have been around for some time now, but the level of sophistication and the improvement in their development has been of particular concern in 2009. One’s to watch in 2010 include; ZeuS which steals user data, ranging from passwords to social networking sites to financial log-in details, Urlzone which re-writes your online bank statement to cover its tracks once the money has been taken and Clampi which steals banking log-in details. With the ability to mount man-in-the-middle attacks, users are increasingly vulnerable to account takeover without having the slightest idea that something untoward is happening.
Phishing and Botnets
We have also seen an increase in the deployment of increasingly resilient botnets (responsible for most of the spam we see these days), intelligent clients and the development of creditable emails and websites that are believable to even the most wary of us.
Also of concern is the way that some of these new technologies are being developed. Is enough time given to develop in a secure fashion? 2009 has seen numerous attacks against Twitter, Facebook and other social networking sites, which suggests that more time and attention needs to be paid to the security of these sites. Furthermore, greater consideration must be given to the data being stored, the latest Facebook fiasco where accounts were created with ‘everyone’ permissions allowing the world outside of Facebook to have access to information. It is crucial that greater attention is paid to security at all levels.
Corporate Data Breaches
The number of data breaches throughout the year has been a major concern; there is still a problem with keeping electronic data secure. These breaches not only have a serious impact on people’s security but also on developments like cloud based solutions that go beyond email and web scanning.
Targeting the Cloud
Working ‘in the cloud’ is becoming ever more popular as businesses realise the economic and environmental benefits of home working; some analysts predict that businesses using the technology will double to 9 per cent by 2012. It seems likely that, as with application development, in the rush to get to market that security will have been sacrificed to some extent. And whilst the security of these solutions is likely to be better than the,majority of small to medium sized companies, they will present an attractive and lucrative target for hackers. The benefits of using the cloud may outweigh the risks involved, but all companies and individuals should seriously consider the risks before they make the leap.
Macs under threat
Apple sold 3.5 million Macs and 7.4 million iPhones in the fourth quarter of its fiscal year. Whilst PC’s still have the predominant share of the market, and therefore are at the greatest risk of attack, the rapid growth and the ability to connect and share data between Apple products, combined with the aura of security that surrounds Mac’s has made Apple products an attractive target for malware writers.
2009 has seen Macs increasingly targeted, with a number of malware programs being written or being effective against a Mac (with a small Mac botnet being detected in April). Although threats against Macs are likely to increase in 2010, we can still expect Windows to be the main targeted as it still holds around 90 per cent of the desktop market.
2009 has been a year of cross platform communication. People want to call, text, work and communicate over many platforms from a simple mobile device, They want to be able to plug this device into their computer at home or work and transfer their work instantly. Many also want to do the shopping, or check their bank accounts from their mobiles or computers. Unfortunately, this increased collaboration between devices, applications and platforms will mean that malware writers, who may have previously targeted PCs, now have a plethora of devices, websites and applications available to target and a diverse amount of increasingly sophisticated methods to employ with which to bamboozle their victims.
The one good trend to come out of 2009, the increase in international co-operation that has seen Egypt and the US collaborate to catch one gang, will need to be strengthened and formalized if the international community is serious about tackling cyber crime. When a spammer can hide in New Zealand from a penalty that has been handed out in the US, the gap that is yet to be covered is revealed. We can also see this in cases like Gary McKinnon – if extradition treaties are not reciprocal or punishments not measured, then international co-operation is going to be obstructed and cybergangs, who may be three individuals in separate countries, will remain free to exploit new technology and the trust we place in it.