Security visionary Eugene Kaspersky sees Internet crime as tomorrow's biggest threat.
The Targets Are Changing
The new threat includes some of the same old techniques, but they're aimed at different targets. Plus, a couple of new and troubling practices are growing.
This version of Internet crime is simple in concept, easy to carry out and effective in its ability to extract money from its victims. In this type of crime, the perpetrator gains control of a large number of machines that he uses to send traffic to a single Web site. This is usually accomplished by sending out worms with a payload that will execute a command to send out traffic when needed. Once there are enough slave computers, they flood the targeted Web site with so much traffic that it effectively becomes useless to customers. The extortionist then demands payment to make it stop.
Most users have already seen emails that pretend to be from their bank. Those emails usually ask for account information. That information is then sent to a criminal enterprise where the identity and account information is harvested and sold to other criminals. Once that happens, your financial life rapidly hits the toilet and your peace of mind goes with it. While phishing doesn't initially seem to be an immediate threat to business, in reality it is. The practice erodes consumer confidence, and it will eventually result in charge-backs for transactions that involved stolen card information. In addition, targeted phishing attacks, which are already showing up at some companies, attempt to get employees to provide access to confidential company information that might otherwise be protected by your security department.
The scary thing about malware today is that it's getting smarter and sneakier. The worms and Trojans that in the past shut down whole networks and trashed computers are now better behaved. According to Kaspersky, the creators have figured out that well-behaved software can exist on a machine for a long time before it's discovered. Meanwhile it can record keystrokes that will provide account numbers, user names and passwords and access information that a criminal needs to raid the information you’re trying to protect. Some versions will even search for information on their own, but will do it quietly so you won't notice.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.