There’s no question that malware is a hot topic in the tech world, as stories of new hacks and attacks seem to be popping up on a daily basis. All it takes is a quick look at recent news to realize that malware’s presence is strong and appears to be gaining in sophistication.
The Sony PlayStation Network breach compromised the privacy of data contained in millions of user accounts, with damages potentially reaching the $2 billion mark. Massachusetts’ state attorney general claimed that approximately one-third of the state’s residents had their personal information compromised in a recent breach. Even security firms have been affected, as RSA stated that cybercriminals may have impacted its two-factor SecurID tokens. While those examples are serious enough, they are just a peek into the increasing malware problem. As groups such as Anonymous become increasingly innovative and malicious with their attack methods and targets and the popularity of the smartphone and social networking arenas grows, malware promises to wreak even more havoc on consumers, corporations, and agencies in the future.
Although many hackers practice their mischievous trade in the name of profit, others do so to make a point. AntiSec, a collection of hackers from Anonymous and the former LulzSec group, recently showcased such a motive when they compromised and released information from 70 law enforcement agencies within the United States. Todd Feinman, CEO of Identity Finder, explained the reasoning behind the August attacks: “Apparently, they don't like how various law enforcement agencies operate and they're trying to embarrass and discredit them.”
Though the release of information taken from government agencies may be intended for use as a tool for public embarrassment, unintended consequences often arise. As the personal information becomes available, other cybercriminals can use it to commit identity theft. Breaches of data from agencies, businesses, and universities occur on a weekly basis, and Feinman states that anywhere from 250,000 to 500,000 records are breached per year. Unfortunately, collateral damage does not appear to be a concern of hacking groups. Feinman noted, “In one online post, AntiSec came right out and said 'we don't care about collateral damage. It will happen and so be it.”
As mentioned, the growing popularity of social networking opens up a huge avenue for hackers to exploit. For one reason or another, many internet users trust social networks to safeguard their personal information. By making information such as the names of siblings, parents, pets, plus divulging everyday activities, however, social networking users are giving away valuable information to cyber thieves. Hackers can create phony profiles and make friend requests to get the information they desire, or they can simply view data on profiles that are left open to the public.
Having such data offers the potential to guess or reset passwords, which would lead to a compromised account. Program chair of RSA Conferences Dr. Hugh Thompson said, “Password reset questions are so easy to guess now, and tools like Ancestry.com, while not created for this purpose, provide hackers with a war chest of useful information.” The presence of corporate executives or their family members on social networks puts businesses at risk as well. Clever social engineering attacks by hackers can use information derived from a social networking profile to compromise an entire corporation.
As the popularity of smartphones grows, so does the potential of hackers using them as an avenue of opportunity. For the time being, major incidents have been avoided due to platform fragmentation. It’s much simpler for cybercriminals to target Windows PCs or websites, and they get a better return on their investment of time and money. That could change, however, as platform-agnostic malware develops. The push towards compatibility across devices, while convenient for users, means that hackers can exploit HTML, XML, and other common traits in a variety of environments to receive a higher bang for their buck.
The use of smartphones to make mobile payments presents additional opportunities to hackers. Mark Maiffret, CTO of eEye Digital Security, said: “The forthcoming ubiquity of near-field communication payment technology in smartphones is especially worrisome. Once the U.S. adopts mobile payments in significant numbers, more hackers will focus on these targets.”
The thought of attacks via social networks and smartphones is certainly disconcerting, but the possibility of more malicious attacks showcased at the recent Black Hat and Defcon conferences is even scarier. Vulnerabilities in automobiles were discussed that could pop up as the result of a heavier reliance on technology. One presentation showed how hackers could hijack a car by disabling its alarm system and locks and starting it remotely via text messages to any wireless devices on the premises. Anti-lock braking systems, electronic stability controls, radios, airbags, and other devices were also said to carry the risk of being manipulated.
Senior VP and GM of McAfee Stuart McClure described the double-edged sword that comes with improved automobile technology: “As more and more functions get embedded in the digital technology of automobiles, the threat of attack and malicious manipulation increases. Many examples of research-based hacks show the potential threats and depth of compromise that expose the consumer. It's one thing to have your email or laptop compromised but having your car hacked could translate to dire risks to your personal safety.”
For more on this topic, visit http://www.pcworld.com/article/240970/the_future_of_malware.html
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting Security Articles
More By wubayou