Don't have an account? Sign up now
Watch out for whaling, smartphone worms, social media scams, not to mention attacks targeting your car and house
It seems like there's a new data breach every day. And, the experts say, it's only going to get worse as hackers come up with new ways of getting their hands on our personal information. Here's a look at how malware is expected to evolve.
According to Todd Feinman, CEO of DLP vendor Identity Finder, groups like Anonymous aren't motivated by money. They're trying to embarrass their targets, which include government agencies and law enforcement. But when they post sensitive personal information, they are helping a second tier of lower-skilled cyber-criminals commit identity theft. "In one online post, AntiSec came right out and said 'we don't care about collateral damage. It will happen and so be it,'" Feinman says
Facebook Timeline, anyone?
Experts say the future of malware isn't so much about how malware itself will be engineered as how potential victims will be targeted. "When people make trust decisions with social networks, they don't always understand the ramifications. Today, you are far more knowable by someone who doesn't know you than ever before in the past," says Dr. Hugh Thompson, program chair of RSA Conferences.
"Password reset questions are so easy to guess now, and tools like Ancestry.com, while not created for this purpose, provide hackers with a war chest of useful information," Thompson says.
Chris Larsen, head of Blue Coat Systems' research lab, says the most common social engineering attack their lab catches is for fake security products. He also explained that social networks aren't just being used to target individuals.
Larsen outlined a recent attack attempt where the bad guys targeted executives of a major corporation through their spouses. The logic was that at least one executive would have a poorly secured PC at home shared with a non-tech savvy spouse, which would then provide the backdoor needed to compromise the executive and gain access into the target company.
"Whaling is definitely on the rise," says Paul Wood, senior intelligence analyst for Symantec.cloud. "Just a couple years ago, we saw one or two of these sorts of attacks per day. Today, we catch as many as 80 daily."
While smartphone threats are clearly on the rise, we've yet to see a major incident. Part of the reason is platform fragmentation. Malware creators still get more bang for their buck by targeting Windows PCs or websites.
Larsen of Blue Coat believes that platform-agnostic, web-based worms represent the new frontier of malware. Platform-agnostic malware lets legitimate developers do some of the heavy lifting for malware writers. As developers re-engineer websites and apps to work on a variety of devices, hackers can then target the commonalities, such as HTML, XML, JPEGs, etc., that render on any device, anywhere.
Smartphones are also poised to become e-wallets, and if there's one trait you can count on in cyber-criminals, it's that they're eager to follow the money.
"The forthcoming ubiquity of near-field communication payment technology in smartphones is especially worrisome," says Marc Maiffret, CTO of eEye Digital Security. Europe and Asia are already deep into the shift to m-commerce, but the U.S. isn't far behind. "Once the U.S. adopts mobile payments in significant numbers, more hackers will focus on these targets," he adds.
During the Black Hat and Defcon conferences in early August, researchers demonstrated a number of disturbing attack scenarios. One particularly scary hack showcased the possibility of hijacking a car. Hackers could disable the alarm, unlock its doors and remotely start it through text messages sent over cell phone links to wireless devices in the vehicle.
Other at-risk embedded devices include airbags, radios, power seats, anti-lock braking systems, electronic stability controls, autonomous cruise controls and communication systems. Another type of attack could compromise a driver's privacy by tracking RFID tags used to monitor tire pressure via powerful long-distance readers.
"As more and more functions get embedded in the digital technology of automobiles, the threat of attack and malicious manipulation increases," says Stuart McClure, senior vice president and general manager, McAfee. "Many examples of research-based hacks show the potential threats and depth of compromise that expose the consumer. It's one thing to have your email or laptop compromised but having your car hacked could translate to dire risks to your personal safety."
Of course, cars represent just one example of hackable embedded systems. With the number of IP-connected devices climbing to anywhere from 50 billion to a trillion in the next 5 to 10 years, according to the likes of IBM, Ericsson and Cisco, tomorrow’s hackers could target anything from home alarm systems to air traffic control systems to flood control in dams.