Slurpware: You Heard It Here First - InformationWeek
03:15 PM

Slurpware: You Heard It Here First

The newest term in Internet security threats has just been coined: slurpware.

The newest term in Internet security threats has just been coined: slurpware.

"It's when all the effective Internet attack elements come together to potentially steal a lot of money," said Jay Heiser, a vice president and research director at Gartner said Tuesday. "'Slurpware' requires a community of trusted users, phishing mail, password slurping malware, and sponsorship of the Russia Mafia," he added.

Such convergence-style attacks aren't new, but they are the future, said Heiser, noting that organized crime-operated, slurpware-style assaults have hit e-commerce companies like eBay and PayPal, as well as some major financial institutions.

"This is indicative of a certain level of attack sophistication, and it's unreasonable to think that there won't be further convergence [of techniques]," he said.

By combining the automated properties of massive e-mail campaigns and keylogger-style spyware, the bad guys have the upper hand at the moment. "The criminals figured out how to automate their offense before we automated our defense," said Heiser.

The answer, he predicted, will have to be stronger authentication that goes beyond the simple usernames and passwords that most e-commerce or e-banking sites now use. "The viability of simple passwords on e-commerce sites won't be viable much longer."

Among the defenses being tried, said Heiser, are hardware-based tokens required to access confidential sites, such as banks and credit card companies. While the "U.S. is way behind on this," he said, other regions are moving fast. "Brazil is, and it's not because it's a hotbed of technology, but because there's been a lot of [online] theft there." Other areas with a head start on America include Western European countries like the Netherlands and the Scandinavian nations.

But unlike some prognosticators, Heiser doesn't' fear for the viability of online commerce. "The online market is too appealing to both buyers and sellers," he said. "They'll solve the problems as they come up, or maybe after they appear, but generally it will work its way out."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll