Custom Search

Top 10 Security Threats For 2011

Of the top ten security threats for 2011, some of them would make even the well informed and technical minded weak in the knees. Already this year, the number one threat has been identified. For the first time in the history of the Internet, hackers can buy a registered copy of a sophisticated “Malware kit” for $99.00, but more on this threat below. In no particular order, these are the other nine top security threats for 2011:

The Malware Toolkit: This Malware Kit includes all the needed tools to create and update malware as well as take control of a host computer, in addition to e-mail support and product updates. Why is this such as threat? Because no coding skills are needed; users simply need to master the clickable program options and they are presented with a Linux-based web exploit using the latest Botnet technology, ready to deploy.

Interested hackers can purchase the entire package for $99.00, or even less. Some of the lower priced Malware and Botnet kits cost about $40 or $50 dollars and the higher end packages cost upwards of $4000. These come with full technical support, customer service, and even installation and configuration services as well as cloud support. With the number of Internet connected devices on track to hit 6 billion by 2015, the malicious hackers that buy these toolkits will act like the next wave in disease evolution.

Cyber Criminal Communications: The dark vision of a malware toolkit means that more and more cyber-criminals will be communing with one another, working together and doing so dynamically and anonymously over social networks.

Smartphones: The spread of smartphone devices is viral, the more smartphones that are made, the more the market demands the devices be made. The next big thing in cyber-crime will happen on smartphones, like the virus that was crafted for the iPhone or someone making a virus to take over a corporate network, using employee smartphones to do it.

Distributed Denial Of Service (DDOS) attacks: Advanced technology will allow attackers to kill a server or website without the brute force tactics of the past. Smaller Botnets (like from a $50 kit) using this advanced technology will use pinpoint attacks against certain applications or services alowing them to kill the target quietly, users might not even realize the sites been attacked.

Social Networking: One of the world's most well-known cyber-criminals, Kevin Mitnik, worked mostly on the phone with secretaries or sales people and termed his work “social hacking.” LinkedIn is a social networking site that is business by nature; imagine the damage wrought by ambitious high school kids networking information out of unsuspecting “potential employees.” This brings us to….

Click-Jacking and Cross-site Scripting: These are a few of the latest in hijacking methods and like “Like-Jacking,” they are targeted to social networks like LinkedIn. With hackers working as teams, they could have someone on the inside, target a web hosting company, and gain access to all the customers’ websites, client data, and financial data.

Attacks on Mobile Devices and Wireless Networks: The future is mobile; billions of Wi-Fi network access points are just waiting for a well-crafted Botnet from the latest cyber criminal kit to come along and give an anonymous face in the crowd the ability to exploit thousands of mobile devices in a train station.

Phishing attacks from “trusted” third parties: Let us imagine that you and most of your colleagues use an offsite support contractor. The contractor’s support system is cracked and a Phishing attack goes out without their knowledge. The bank you work for is now under the control of a cyber-criminal. You had no way to know that the support ticket response was loaded, and neither did the bank’s support staff.

Data Exfiltration: This is the process of stealing data; rather than use brute force attacks to blow the wall of the data warehouse, the attacker uses more sophisticated means, such as logging on as a company employee to the company’s internal network and exploiting the opening. Security would see only the employee checking email and opening a document, but moments later, the company’s banking data is gone.

Hardware level cell phone attacks: There are more “old-fashioned” cell phones than smartphones in use and new exploits have been developed that attack the phone itself, rather than the OS or user level. Have you ever received a text message that “upgraded” your phone? Do you know where it came from? Millions of phones could be compromised, which allows them to be used in many really disturbing ways-all without the owner’s knowledge.

What if a company server has an account with a cloud computing service online? Taking that into consideration, what would happen to the company’s infrastructure if an inside employee is working with an outside group to take control of the cloud? What would happen to your job or your personal bank account? That data would be exposed and there is nothing anyone can do about it.

An overall large part of the many cyber threats above all contain one similarity; the insider. The insider is an increasingly dangerous weakness. Larger-scale and more sophisticated company networking infrastructures and less secure employee access makes it easy for cyber-criminals to find and recruit insiders to wreak havoc in one of the above ten ways.

By: Bob T. Wilson

Article Directory: http://www.articledashboard.com

Bob T. Wilson is the technology writer at velocity guide, a site dedicated to keeping its readers informed of the constant advances in mobile computing technology and Broadband Internet.
Misc
Print This Article
Add To Favorites
Email to Friends
Ezine Ready
Join Our Community
Sign Up for an account or learn more.
Sponsored Links
Article Dashboard Authors
Submit Articles
Member Login
Submission Guidelines
Article RSS Feeds
Site Information
About Us
Link to Us
Contact Us
Privacy Policy
Terms of Service
Favicon Generator

© 2005-2011 Article Dashboard