03:15 PM
Connect Directly

Slurpware: You Heard It Here First

The newest term in Internet security threats has just been coined: slurpware.

The newest term in Internet security threats has just been coined: slurpware.

"It's when all the effective Internet attack elements come together to potentially steal a lot of money," said Jay Heiser, a vice president and research director at Gartner said Tuesday. "'Slurpware' requires a community of trusted users, phishing mail, password slurping malware, and sponsorship of the Russia Mafia," he added.

Such convergence-style attacks aren't new, but they are the future, said Heiser, noting that organized crime-operated, slurpware-style assaults have hit e-commerce companies like eBay and PayPal, as well as some major financial institutions.

"This is indicative of a certain level of attack sophistication, and it's unreasonable to think that there won't be further convergence [of techniques]," he said.

By combining the automated properties of massive e-mail campaigns and keylogger-style spyware, the bad guys have the upper hand at the moment. "The criminals figured out how to automate their offense before we automated our defense," said Heiser.

The answer, he predicted, will have to be stronger authentication that goes beyond the simple usernames and passwords that most e-commerce or e-banking sites now use. "The viability of simple passwords on e-commerce sites won't be viable much longer."

Among the defenses being tried, said Heiser, are hardware-based tokens required to access confidential sites, such as banks and credit card companies. While the "U.S. is way behind on this," he said, other regions are moving fast. "Brazil is, and it's not because it's a hotbed of technology, but because there's been a lot of [online] theft there." Other areas with a head start on America include Western European countries like the Netherlands and the Scandinavian nations.

But unlike some prognosticators, Heiser doesn't' fear for the viability of online commerce. "The online market is too appealing to both buyers and sellers," he said. "They'll solve the problems as they come up, or maybe after they appear, but generally it will work its way out."

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.