Exploring the boundaries of IT security.

Author:Cosoi, Alexandru Catalin
Position:Infosecurity Europe 2010

Whenever we enter a new decade, many of us like to take stock and think about the things that have changed over the last ten years and what may happen during the next twelve months. But as Niels Bohr once said, prediction is difficult, especially about the future. Nevertheless, almost all network security companies try to assess risk and the potential impact of criminal behaviour, fraud and Internet malware for their clients.

This is necessary to stay ahead in the development of efficient countermeasures to match the creativity of cyber-criminals and fraudsters. The problem is that each time the number of variables change, and by that I am referring to the new emerging communication platforms, the number of attack vectors and the exposure to computer malware increase dramatically.

So what should we expect from the next year anyway?

Our research has shown that BotNets have been acquiring new computers continuously during 2009 and the criminal activities of renting these services is flourishing. But as in any economy, either legal or underground, once the market becomes saturated the competition becomes even more intense.

So we can expect BotNet owners will have to provide demonstrations of power in order to prove that their services are exactly as advertised. This can be done with DDOS attacks to different targets chosen by their prospective client. Also the competition might take the form of malware that would first strip the computer of any competitors' malware before infecting the computer and joining it in the BotNet. Another area of concern is social media. Will we see more menaces lurking on these platforms? Take for example, a successful fraudster, already achieving a significant income from spamming activities. Equipped with basic knowledge about computer security and software development, he is presented with a tempting environment where people are encouraged to make as many friends online as possible, to interact, share content and pop into conversations whenever it suits them.

We are therefore facing a rather interesting situation since, on one hand you see that millions and millions of people are joining social media websites and want to start sharing links, pictures and other media content, while on the other hand if you take a look at the code provided to interact with the network, you will see how easy it is to develop applications or manipulate different profiles. How can a fraudster resist such temptation?

Will mobile phones...

To continue reading

Request your trial