The security evolution

Businesses are increasingly sharing information across their extended enterprises and engaging in more complex e-commerce transactions. These new technologies are creating great opportunities, but also introducing new security risks which will become apparent over the next five years.

“It could get to the point where a major election campaign gets hacked,” says Dzienciol. “As political candidates increasingly turn to the Internet it is important to understand the associated IT security risks. The diversion of online campaign donations, dissemination of misinformation, fraud, phishing and the invasion of privacy are all possible scenarios.”

Web services are becoming more and more common as a way of tying applications together. But as browsers continue to converge on a uniform interpretation standard for scripting languages, such as JavaScript, the number of new web-based threats will continue to increase.

It is also likely that persistent virtual worlds (PVWs) and massively multiplayer online games (MMPOGs) such as Second Life and World of Warcraft will have another thing in common with the real world as phishers, spammers, and others turn their attention to these new communities.

Eric Krieger, country manager A/NZ Secure Computing, says that just as IT departments are continually looking for efficiencies attackers are using resources more efficiently.

“They’re first checking whether or not your computer has a security patch installed that will prevent their malicious software from being successful. If it does have up-to-date security installed, it will not attack that unit.”

There will also be a change in emphasis from attacking operating systems to attempting to compromise applications such as the recent example of the Apple QuickTime header stack buffer overflow vulnerability. “In the past, most attacks have been carried out via operating systems because most computers come bundled with the software or have it preinstalled.

“However, as security measures have now made core software difficult to exploit, attackers may turn their attention to other, self-installed software that does not have automatic updates to protect it from being used maliciously,” Krieger says.

Although analysts and vendors have been predicting for several years that mobile phone malware was set to break out any day soon, Vasic believes that it will happen in the next five years. “The vast cell phone user population has grown into a lucrative market to exploit with spamming and “vishing,” the practice of using social engineering and Voice over IP (VoIP) to gain personal and financial information for financial gain set to take off.

“To date, researchers have seen an increased number of vishing attacks but not a lot of spam or proactive automated calling. Vishing and voice spam will combine and increase, users will receive automated voice calls on land lines with voice spam to lure them to input their credentials through the telephone.”

Vendors and analysts do get it wrong sometimes, however, to be fair it’s more often the case that time frames will be out rather than someone predicting something that just never actually happens.

One of the major predicted threats that so far has failed to materialise says Routley is SPIM – spam over IM.

“While it does exist, it has yet to achieve the predicted levels and is miniscule compared to spam. Viruses and spam via mobile phone technology hasn’t increased in line with adoption levels for the hardware, VoIP threats have also not risen as much as was predicted.”

On a lighter note, Costin points out that no one single vulnerability or threat has ended the Internet world as we know it.

“Mobile phone viruses of all types, SMS, MMS, spam, hijackings, direct virus infections and so on, are still not prevalent. The lack of a common OS and the number of proprietary OS have been the main cause of this.

“Although there is the issue of once you hijack a mobile phone what do you do with it? Right now, not much is the general answer. This will change as Smart Phones become more popular and the phone becomes a place to store credit and valuable content.”

Another dire prediction that has failed to come true is that spam was going to destroy email as a viable tool for anything but after many years of spam running at 70-98 percent of all email traffic, email is still usable, we still rely on it.”

Despite its many flaws and vulnerabilities, Windows is still here and hasn’t been compromised out of existence. On that note, no one major OS variant (Windows, MacOS, Linux) has proven itself to be implicitly safer than any other. The same goes for Open Source versus proprietary software. It’s still a case of user take care.