Smartphone Attacks, Rogue Antivirus, Cloud Breaches Top 2010 Security Concerns

There has never been a year in which security threats diminished, so expect more hacks, exploits and scams in 2010, researchers warn.

By Ellen Messmer
Wed, December 23, 2009

Network World — The rise of the Conficker worm and Heartland Payment Systems' enormous data breach were two defining security events in 2009. What's in store for 2010?

"It's going to get worse," says Patrik Runald, senior manager of security and research at Websense, who argues there has not yet been a year when things got better in terms of security and the wider Internet. Criminals have been mastering botnets, phishing scams and fake antivirus software sales, and 2010 will bring new waves of attacks that exploit fresh targets. Specifically, smartphones such as the Apple iPhone and those based on Google's (GOOG) Android operating system will be in attackers' line of sight for 2010, Runald says.

The 2009 Data Breach Hall of Shame

New laws complicate security efforts in 2010

While a handful of malware attacks have surfaced of late against "jailbroken" iPhones (ones whose owners have deliberately disabled Apple controls), it's only the beginning.

People are jailbreaking their phones to "get out of what they see as a stranglehold by Apple so they can install what they want," Runald says, but one effect is that "they're opening themselves to greater risk."

As attackers accelerate malware attacks against jailbroken phones, the dilemma, Runald says, is that vendors "cannot develop an antivirus application for the iPhone" because of the way Apple engineered it to preclude low-level access. "There's no way you can intercept file transactions," Runald says. Though security vendors might eye writing antivirus software for iPhones, "no one will do it" because of the nature of the iPhone's underlying design.

Khoi Nguyen, group product manager at Symantec (SYMC), also says the current iPhone SDK doesn't allow third-party vendors to conduct the background processes for malware prevention that involve deep scans and checks for file protection. "We're hoping Apple will open up its SDK," Nguyen says.

Smartphones based on Google's Android present a different situation. Google has not made itself the gatekeeper of applications, but malware disguised as helpful applications could end up on Google application stores and people could end up downloading malicious code, unaware of the consequences.

Another accelerating security trend is the wave of criminals selling rogue antivirus software. Fake antivirus software is often called "scareware," since frightening the PC owner is often part of the scam. Rogue antivirus, which Symantec counts as a top threat going into 2010, is not only thriving, but criminals selling it are starting to display new tricks.

"They're selling and re-branding copies of software that could have been downloaded for free elsewhere," says Zulfikar Ramzan, technical director at Symantec Security Response, which has tracked several hundred distinct rogue antivirus software products and 43 million attempts to download it in the latter part of 2009. Social networking sites are becoming a way to disseminate it.

Continue Reading

Originally published on www.networkworld.com. Click here to read the original story.
White Papers »
DDoS Mitigation - Best Practices for a Rapidly Changing Threat Landscape
DDoS attacks are larger, stealthier, more targeted, and more sophisticated than ever. In this whitepaper, Verisign has identified a set of best practices that enables organizations to keep pace with DDoS attacks while minimizing impact on business operations.
Verisign State of DNS Availability Report
Few companies can afford the damage - financial and otherwise - that can result from a DNS failure. Yet, the latest Verisign State of the DNS Availability Report shows that DNS availability was a problem for many of the Internet's top-ranked sites. Read more about the risks and potential impacts of network downtime to revenue generation, business
2012 Cyber Crime Threats and Trends
This document provides a valuable overview of key cyber security trends during 2011 and how those trends and others might unfold in 2012. iDefense intends for this report to serve as a reference and a strategic complement to daily tactical intelligence reports for the purpose of providing IT security and business operations with actionable and relevant decision support.
DNS: Risk, Reward and Managed Services
In this report, Yankee Group Research outlines the pros and cons of in-house, ISP and managed service provider DNS management options.
Expert Guide to Secure Your Active Directory
Layered security is the way to go when it comes to protecting Active Directory. This expert e-guide explains the best method to use when planning and designing a security solution. Find out why it is important to secure Group Policy settings and discover how managed service accounts boost server security in R2.
Security-In-Depth Using Integrated Risk-Conscious Controls
Today's attacks on IT infrastructure are becoming more frequent, targeted and sophisticated. They range from well-funded, state-sponsored attacks to attacks from trusted employees and consultants.
Webcasts »
Gartner Next Generation Network IPS Webcast
Learn how Gartner's criteria for next generation IPS helps organizations achieve effective threat prevention despite changes in network communications, new applications, and changes in the threat landscape.
McAfee Continuous Compliance
3 minute Flash video - overview of the need for and value of Configuration Control.
Taming the Wild West: How to build a strong cloud security strategy
Cloud deployments are playing a critical role in propelling innovation for many companies. At the same time security has become the #1 one of the top concerns for IT and business leaders as they migrate into the cloud. In this webinar, learn from Accenture discusses how to recast the cloud as a "fresh chance to rethink your approach to security."
Virtualization Success is a Team Effort
As greater numbers of datacenter servers transition from the physical to the virtual world, the components of virtualization success come to the fore. What scores of organizations have discovered is that success is derived from an optimal pairing of the right software platform with the right hardware platform.
Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn about VMware customer, Navicure, and their experiences testing and evaluating the recovery manager, their progress in implementing it in their environment and their advice other customers considering using vCenter.
Quantifying the Business Value of VMware View - Webcast
Many enterprises have discovered that the use of virtualization to support desktop workloads creates a range of significant benefits. These benefits include price efficiencies, improved IT management and greater agility and choice for end users.

This VMware sponsored webcast with IDC will provide both quantitative measurement of the business value -- defined as the expected ROI -- and qualitative analysis associated with the use of VMware View™. IDC will also provide an analysis of the View Composer and ThinApp™ features of VMware View, including the business value of these solutions and an overview of how they work.

Attend this webcast to learn about:
- Challenges and barriers that might impede the adoption of desktop virtualization
- Navigating roadblocks to facilitate a strategic implementation
- Optimizing qualitative and quantitative benefits to IT and your business
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

DDoS Mitigation - Best Practices for a Rapidly Changing Threat Landscape

Verisign State of DNS Availability Report

2012 Cyber Crime Threats and Trends

DNS: Risk, Reward and Managed Services

Expert Guide to Secure Your Active Directory

Security-In-Depth Using Integrated Risk-Conscious Controls

Continuous Monitoring: Responding to New Threats in More Complex IT Environments

Overcome Top 7 Admin Challenges of Active Directory

Insiders Can Ruin Your Company. Take Action.

Top Solutions and Tools to Prevent Devastating Malware

X-Ray of the PCI Process-4 Proactive Steps

Streamline Compliance and Increase ROI

Identity Governance: The Business Imperatives

CA Technology Brief: CA Point of View: Content Aware Identity & Access Management

Aberdeen Analyst Insight: Does Your Enterprise Have a Dropbox Problem?

Google: Security for Google Apps Messaging & Collaboration

Architecting the Security of the Next-Generation Data Center

Who Owns Security in the Data Center?

Virtual Patching with Network Security

Gartner Next Generation Network IPS Research Note
Sponsored Links

Eliminate storage boundaries with HP.View the on-demand webinar to learn more

It's time to Be Bold. See what's new at BlackBerry World 2012.

Push the limits of virtualization with HP. Get the tech dossiers and learn how you can put an end to runaway virtual sprawl.

Splunk translates machine data into "aha" moments for IT and the business.

Evolving Your Data Center for the Cloud

Get Ethernet speeds from 1 Mbps to 10 Gbps - Comcast Business Class

Gain cutting-edge insights at MIT in 2-5 day executive programs.

Converge your infrastructure with HP. Access a valuable case study in the CI Resource Center now.

Redefine Software support with HP

Click to see how Accenture has delivered high performance to clients

Learn how Accenture helps clients become high-performing businesses.

Join the Conversation. Follow Oracle EPM & BI on Twitter Today.

Check Point Trusted by the Global 100

BlackBerry® Mobile Fusion. Different mobile devices. One platform.

HP Enterprise Security recognized as leader in Gartner's DAST Magic Quadrant - get it now!

Customized information views & Twitter events at New Fulcrum Point

ShoreTel UC cuts costs like no other. Mobilize your business today.

E-book: Discover Business-Ready Storage Systems For Oracle Environments

Managed Hosting Buyer's Guide - Benefits to key considerations

Discover how integration of operations mgmt and service mgmt enhances productivity.

Converge your infrastructure with HP. Access white papers, case studies, videos and more.

High performance. Delivered. Click to see Accenture's client successes

See how Accenture helps clients perform at the highest levels

Compare risk and TCO in single and multivendor networks on Feb 23.

Connect with global CIOs now at Enterprise CIO Forum

Resource Center
buy a link »
Ads by TechWords