Security experts are predicting that hackers and IT system attackers will be shifting focus slightly in 2010. Some of the threats identified have been around for a while – such as Web 2.0-based hacks and botnets.
But others are relatively new, with SEO poisoning, malvertisements and smartphone attacks set to go mainstream. Windows 7 is also expected to be targeted by cyber criminals and hackers.
IT security: Web 2.0
Web 2.0 attacks will increase in sophistication and prevalence in 2010, according to experts at security software maker Websense Security Labs. Their researchers saw increased malicious use of social networks such as Facebook, Twitter and MySpace in 2009. And that trend is set to continue, as hackers exploit the high level of trust placed by social networking users both in the platforms and in other users.
In particular, watch out for rogue Facebook widgets – the third-party applications you can add to your account. One of the earliest malicious widgets was 2008′s ‘Secret Crush’. Instead of helping you to find virtual admirers, as it promised to do, the app installed spyware on the user’s computer.
So be extra cautious when installing third-party applications on social networks. Don’t install widgets unless they are absolutely necessary to your business. And remember that when you accept installation of a widget (malicious or not), you are granting access to information stored in your profile.
Also, be sure to use antivirus software to protect against viruses on Web 2.0 sites.
If you are on Twitter, don’t automatically ‘follow’ people just because they add you; the site is rife with fake and spam-laden accounts. If you’re not using Twitter, don’t accept an invite to sign up to the site from someone you do not know.
Over the next decade, attackers are set to take advantage of the information stored on social networking platforms to create more targeted phishing campaigns, according to UK-based data security company Imperva. Using such information, attackers can make it appear that the phishing email they sent you was in fact sent by someone you know. There isn’t much you can do to protect against this sort of attack beyond keeping all your security software up to date, but you can avoid providing attackers with too much data by restricting the amount of information you put online.
Use different passwords for each social networking platform you use. That way, if one of your accounts is compromised, you still have access to the others.
Security firm Symantec has identified shortened URLs as another area of concern for social network users in 2010. Shortened URLs are truncated versions of long URLs and are particularly popular on sites like Facebook and Twitter. Watch out for links that could direct you to undesirable, malware-infected sites. Always avoid clicking URLs posted by unknown users.
IT security: Botnets
Botnets are groups of computers running a computer application that’s controlled and manipulated by the application owner. While the term can refer to a legitimate network of computers sharing program processing, in the IT security arena it is typically used to describe groups of computers infected with malicious software.
Malicious bot software (also known as malware) can convert your computer into a ‘zombie’, meaning that it can be controlled by the person who developed the software, allowing them to use your computer for nefarious purposes such as sending spam.
According to Websense, 2009 saw an increase in botnet groups following each other and using similar spam/web campaign tactics and other copy-cat behaviour. Experts expect this trend to continue in 2010 as botnets become more aggressive and fight turf wars in cyberspace.
Use firewall software and hardware and antivirus programs to help protect your network from botnets. Make sure you keep your antivirus and firewall software up-to-date. Also, make sure to keep your operating system protected by downloading all relevant patches and software updates.
IT security: SEO poisoning
Another thing to watch out for in 2010 is malicious search engine results. SEO poisoning, also known as a Blackhat SEO attack, is a technique used by hackers to make their links appear higher than legitimate search engine results. If you click on an infected link in the results, you may be sent to a website that downloads malicious software onto your computer.
In 2009, this technique was used to create false search engine results relating to the MTV VMA Awards, Google Wave invites and iPhone SMS features. Experts at Websense expect SEO poisoning to gain steam in 2010, potentially causing trust issues among users of search engines.
Antivirus software has poor detection rates for this kind of attack (though it will catch some), so until the antivirus and search engine companies catch up, take extra care before clicking on links – especially if they are directing you to a site that seems in any way suspicious.
In our follow-up feature we’ll take a look at malvertisements, Windows 7 threats and smartphone attacks, and how to protect your systems against them.
This article originally appeared in the eBusiness Live newsletter from Enterprise Ireland’s eMarketing Unit and was written by ENNclick.