Most of us know better than to open up suspicious attachments and are aware of tricks like phishing scams. But as those old scams stop working, attackers are coming up with new strategies to trick people into giving away bank information, credit card numbers and other critical data.
In its 2010 Threat Prediction Report, computer security firm McAfee Labs highlighted some of the new trends, vulnerabilities and threats that are emerging in this cyberwar.
Abbreviated URL Services. These services, such as bit.ly and tinyurl.com provide short aliases for redirection of long URLs, essentially masking the URLs that users are clicking. This has become a good way to direct users to Web sites that they would normally be wary about visiting.
Web 2.0 Services. As more of us get hooked on Web 2.0 services, such as social networking sites and video-sharing sites, the dark side is also getting in on the action. McAfee said it expects to see rogue services with the hidden purpose of capturing credentials and data. These scam artists count on you to let down your guard when clicking hyperlinks or installing applications.
Emerging Web Vulnerabilities. The technological advances brought about by HTML 5, an experimental new video format, will open the door for new attacks. HTML-5-based attacks will become an even greater risk once the Google Chrome Operating System is released, possibly in the second half of 2010.
Targeted Attacks. Attacks via e-mail aren't exactly new, but what is new is how clever these attacks have become. These e-mails are specifically crafted to get the attention of particular individuals. It also doesn't help that a number of popular applications have vulnerabilities.
Client Software. Adobe applications are now a hot target for malware writers. This is good for the criminals and bad for us because Flash and Acrobat Reader are among the most widely deployed applications in the world. In 2010, McAfee expects Adobe product exploitation to surpass that of Microsoft Office applications.
Banking Trojans. Criminals are getting smarter and more effective in their attacks on online banking. The latest Trojans can silently change the details a user enters to transfer money to the attacker during a transaction. The user is not aware anything is amiss until the next account statement arrives.
Botnets. The botnets have been used by cybercriminals and nation-states for launching nearly every type of cyberattack. But because a number of botnet operations have been severely disrupted in recent years, McAfee expects to see a trend toward a more distributed and resilient botnet infrastructure that relies more on peer-to-peer technologies rather than on the centralized hosting model.
Law Enforcement. Fortunately law enforcement has succeeded recently in cracking down on cybercriminals operating around the world. More successes are likely in 2010 as cooperation among international crime-fighting agencies improves, and as the crime fighters gain more expertise and sophistication.
PATRICIA VOWINKEL has worked for national media outlets for more than 20 years.
March 1, 2010
Copyright 2010© LRP Publications