by May 1, 2009 0 comments

The following are some key security risks, which we feel pose danger to
organizations, individuals, and the govt. You will notice that we haven’t
mentioned security threats like viruses, spam, etc in the list, simply because
they would be lurking beneath many of the threats we’ve described below:

Cyber Warfare
As the name suggests, this comprises of various techniques to use the
Internet for conducting warfare in cyber space. This includes cyber espionage to
obtain secrets of govt, corporates, or even individuals, DoS attacks to make
websites unresponsive, or even more severe types such as sabotaging IT hardware
and software of defense systems. Post 26/11 in Mumbai, cyber warfare has gained
a lot of attention, simply because terrorists are well-versed with using the
latest technologies. They can use cellphones, GPS devices, hack into networks,
send and receive encrypted messages, and much more. Cyber warfare is therefore,
a potential security risk to everyone.

SMS Ransomware
This is another type of threat to expect in the future. A Trojan would lock
your system, and maybe even encrypt certain files on it. It would then ask you
to send an SMS to a particular number in order to receive the unlock code for
it. In other words, it’s holding you to ransom. Possibly the creator of such
ransomware would make money out of receiving SMSes, or might even be able to
create a large database of mobile numbers, which could be mis-used later. Some
anti-virus software do have the solutions for this. Another way could be to use
an external OS system, like LiveOS to boot the system and then remove the Trojan
from the system.

Yes, this is the technology that’s creating waves in the enterprise world,
because it allows you to run more applications on lesser hardware. While that
improves efficiency, power consumption, etc, it’s also like putting more eggs in
fewer baskets. So if one basket gets attacked, then there are many more eggs for
the thief to take away.

Mobile devices and wireless networks
The sharp increase in mobile devices like laptops, smartphones, etc also
poses a serious security risk. Since they’re outside the physical boundary of
the organization, they become difficult to manage. First is the risk of theft.
Mobile devices can easily be stolen, if the owner is not careful enough. Another
risk is that of the owner plugging it into potentially unsafe networks, catching
an infection and later plugging it into the corporate network. A third risk is
where the owner installs a lots of software on the laptop from the Internet.
This increases the chances of malware programs also getting installed on the
laptop. Smartphones are also gaining popularity in the corporate world, and pose
another potential security risk. That’s because they carry critical data like
contact information, emails, etc. Lastly, the proliferation of wireless networks
is posing another security risk, especially if you don’t secure it using
standards like WPA.

Social networking sites
There would hardly be a youngster who hasn’t heard of Orkut, FaceBook, or
YouTube. These are all icons of the modern Web 2.0 enabled Internet and provide
a convenient medium for people to interact with each other, to share apps and
data. Hence, the serious security risk. You could get an email, supposedly from
a friend to look at a cool new video on YouTube. You click on the link, only to
be prompted to install the latest version of Flash to play it. That downloads a
malicious application on your machine, and the rest as they say is history.
Attacks similar to this are becoming quite common on social networking sites.

As more organizations start using IP based communication, their security
risk also increases. If the VoIP conversations are not encrypted, then they can
easily be captured using freely available network sniffers. These sniffers can
easily capture entire conversations and reconstruct them.

With a growing cyber crime industry, it’s only natural for the amount of
malware to also grow. Not only is it growing, but it’s also becoming more
malicious. In fact, malware is being generated faster than the patches that can
combat it.

Typically, a Botnet refers to a
collection of software robots, or bots, that run autonomously. The term is
often associated with malicious software but also refers to the network of
computers using distributed computing software. Two Botnets have been
hogging the limelight: Conficker and Ghostnet. Here’s an update.

Conficker: First detected in October last year,
it spread by exploiting a vulnerability in Windows that the early variant of
this worm propagated through. The latest Conficker variant, Conficker C,
downloads a fake antivirus program called Spyware Protect 2009. This program
delivers a pop-up message saying that your computer is infected, but for
only $49.95 the fake antivirus program can remove the malware. You are then
directed to a bogus website where you unwittingly enter your credit card
information and then the criminals are laughing all the way to the bank-your
bank, that is.

GhostNet: An operation discovered in March
this year, this is a large scale cyber spying movement. It originated from
the People’s Republic of China and has infiltrated high-value political,
economic and media locations in 103 countries. It works by disseminating
malware to selected recipients via computer codes attached to stolen emails,
thereby expanding the network. GhostNet infection causes computers to
download a Trojan known as ‘Ghost Rat’ that allows attackers to gain
complete, real-time control. Infected computers can be controlled or
inspected by its hackers, and even has the ability to turn on the camera and
audio-recording functions of an infected computer.

Web 2.0 apps
These pose another security threat, especially the ones that offer free
online access. How do you know that the free online office suite you’re using is
safe or not? How do you know that the data you’re saving on it remains
completely confidential and doesn’t get mis-used? Or how about the dozens of
online data storage sites, which claim to back up your critical data?

Other sources of security risk
There are several other security risks, which are likely to become common in
the near future. One of them is RFID tags, thanks to their growing popularity.
RFID tags suffer from the same problem as wireless networks-remote hacking. A
hacker could read the information stored on a RFID tag from a distance, without
being suspected. Another area that’s likely to become a security risk is RIAs,
or Rich Internet Applications. An RIA allows the developer to build an
application that can interact with the OS, just like an ordinary desktop
application. This makes it a point of vulnerability.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.