The internet is a constantly evolving system, which results in ever-changing user behaviour and technologies. While users delight in this evolution, it does present new opportunities for cyber criminals who pan through the internet’s shadows and mirrors.
The advent and increasing business and consumer adoption of cloud computing and virtualisation has marked a significant shift in online information storage and security. Cloud computing offers significant benefits, including decreased capital expenditure and increased computing capabilities. However, these benefits come at a security cost as servers are outside the traditional scope of internet security, which puts them under threat.
Cloud adoption expected to grow
A 2009 Trend Micro cloud computing survey showed that while businesses were interested in cloud computing, 61 percent of respondents had not taken up cloud computing solutions as they were uncertain of the security risks to their network. In spite of these concerns, cloud adoption is expected to grow dramatically as businesses yield to competitive pressures.
With the economy still licking its wounds, cloud computing provides tempting savings for businesses trying to boost profitability. Many businesses are already enlisting cloud computing and reaping the productivity and profit margin benefits, placing pressure on others to move with their industry to stay competitive. The more investment and information that goes into the cloud, the more opportunities there are for predatory cyber criminals to attack.
The current flaws in cloud security have not yet been fully realised and it is a security vulnerability that is likely to attract attention in 2010. Trend Micro predicts cyber criminals will prey predominantly on either the connection to the cloud or the data centre and cloud itself.
Criminals attracted to social media
Cyber criminals are attracted to the grouping of systems, such as social media networks, as they provide access to several ‘victims’ in the same contained space, often with limited security. Social media sites attempt to regulate the interaction of individuals through certain invitation and verification processes.
However, in the past it has been these processes, which have been used as cybercrime tools. Users were invited to create a “circle of trust” and thus generate privacy settings, access permissions and activity notifications, giving the user a sense of control over their network. However, these features would then flood the user with information, lulling the user into mindlessly clicking buttons to avoid pop-ups and notifications, making the inattentive user vulnerable to malicious bait.
Social networks are also key platforms for cyber criminals seeking personally identifiable information, due to the sheer amount of personal information put on open display. The KOOBFACE botnet was the social network disease of 2009, installing itself on users’ Windows machines and stealing Windows’ digital product IDs, internet profiles, email credentials, FTP credentials, and IM application credentials.
This botnet turned trusted, high-use programs such as Microsoft Outlook and Outlook Express, FileZilla and Windows Live and Passport.NET profiles into vulnerable cyber crime hotspots. This trend in malware exposes the user to the risk of identity theft, bank violation and other related security threats. In the past, using a less popular OS platform like the Mac OS was a common security measure to minimise these threats, however with the increase of Mac usage coupled with cyber criminals’ love of a challenge, adopting new technology is no longer a safety net.
Expect the unexpected
Technology ultimately aims to make life more convenient by promoting connectivity and mobility. However, making life more convenient for the consumer often makes crime more expedient for the cyber criminal. In 2010 this trend will continue, but its execution may be a little different, a little more sophisticated and crop up somewhere a little more unexpected.
–Greg Boyle is Global Product Manager (Small Business) at Trend Micro Australia and New Zealand.