Arun Marballi

With the New Year already a month old � this may be as good a time as any to prognosticate the shape of threats to come this year. With a recession rearing its ugly head, the impetus for gaining financial advantage from unwary cyber surfers will be greatly enhanced. Being aware of the dangers is half way to steering away from them � so let us take a swipe at identifying these risks.

Perhaps, one of the most insidious threats that will be felt this year is from the increasingly sophisticated Web site attacks that exploit multiple vulnerabilities in the ubiquitous browser software that enables us access to the Web. What makes this threat more sinister is its ability to present itself on websites that we trust because Web sites have demonstrated a tendency to be somewhat lax in their programming and security standards.

Also looming large this year will be the threat from the increasingly sophisticated Botnets � the cloaked network of computers linked together by surreptitiously installed software that makes your computer a slave of another computer for carrying out tasks that you would not consider carrying out! This year, we might even see instances of �persistent bots.� These are bots that stay on your computer for three to six months silently collecting your passwords, bank information and e-mail addresses used � with the intent of passing this information to the controlling computer.

Smart phones (especially the iPhone) and �android� based phones (from Google) are increasingly crossing over into the world of computers and becoming portable handheld computers. You can bet the cyber-underground will notice this, especially as we start carrying out an increasing number of transactions using them (some banks have already started offering smart phone access for banking transactions), and begin seeing attacks on these mobile devices.

Malicious software of the spyware and virus genre will get more sophisticated as the authors morph from the sulky college kid looking for personal recognition to the wily criminals and anarchic nation-states seeking financial benefit and economic disruption. The newer malware will be harder to detect, as it will use disguising techniques such as evolving software signatures and varying symptomatic indications. Some malware will even attempt to �lobotomize� anti-virus and intrusion detection software.

A variation of an old vector for exposing our computers to the dangers of malware has recently made a resurgence and we will see more of this in the coming year. About 10 years ago, diskettes were the medium for transferring information and infection from one computer to another. These days, the diskettes have been replaced by CDs. Malware is sometimes packed along with the install software for electronic gadgets such as USB thumb drives, GPS systems and those popular LCD photo frames.

Our saving grace in avoiding all these threats is in recognizing the common thread that runs through all of them. They all rely on (a) insufficiently patched operating systems, software and Web browsers; (b) lax and insecure Web sites; and (c) social engineering of human nature. Of these, we have complete control over the first element by keeping our computer systems up-to-date on all software updates and patches. We can then go further by demanding that the service providers we choose to do business with maintain strong security and software standards on their Web sites.

The last element perhaps presents us with the greatest challenge. Alas, it is difficult to change human nature � especially when it comes to our obsession with gossip and sensational news; we just cannot steer away from our urge to find out more. To help you deal with this natural urge, let me present you with a couple of questions that you should ask yourself before clicking on that ever-inviting link � why would this person (most of the time someone I don�t know) want to give me this information? What�s in it for them?

The answer to those questions, my friend, will make you pause � just long enough to steer away. Give it a try! And if you come across any new social engineering tricks, feel free to send them my way.

Arun Marballi has worked in the Information Technology arena for more than 20 years with extensive experience in software development, process design and network/workstation management. For comments, questions, tips or suggestions, e-mail [email protected].

Home