The new year could usher in a steep rise in targeted attacks, as would-be hackers move away from headline-grabbing viruses to focus on lower-profile, profit-motivated attacks targeting the most vulnerable users.
A number of security vendors have published reports or press releases that identify the top security trends for 2006. These companies all have charted a steep rise in targeted attacks over the past year as would-be hackers move away from headline-grabbing, far-reaching attacks to more profit-motivated ones targeted at a narrower range of victims.
In an interview this week with VARBusiness, Symantec's senior director of security response Vincent Weafer said that while widespread worm and virus outbreaks aren't totally a thing of the past, they are being overshadowed by these new threats.
"We're seeing a significant decrease in global events and moving toward low-volume, low-profile attacks that are based on profit," he said.
He noted that Symantec has identified a 700 percent increase in bot-nets over the past year, along with a 143 percent rise in the amount of malicious code traveling across the Internet, and a doubling of phishing attacks during the same period. These are the instances -- only recently getting more publicity -- of infiltrators trying to dupe people into giving away personal information, such as social-security numbers and passwords to banking or credit-card sites.
Weafer said this new trend is especially troubling because it targets the most vulnerable users and is not yet seen as that big a deal by many users.
"Because we're not seeing this on the news the way we do with attacks like the Sober or Zotob worms, there is apathy and a general lack of interest about it," he said. "But the attacks are being targeted more and more at SMBs, and they're broadening beyond financial institutions to target e-commerce transactions like shipping and wire transfers, because these organizations have less established security practices than banks or credit-card companies." He added that emerging technologies such as wireless and peer-to-peer messaging applications are increasingly vulnerable.
Although strict and focused enforcement of security policies always has been critical, greater attention to security policies has never been more crucial than it is now. This is because things like spyware and adware simply have become an unavoidable part of the Internet user's daily life, so following your organization's usage policies to the letter is as good a defense as any technology a vendor is likely to develop.
"A lot of smaller companies struggle with deciding what's allowed and not allowed on their networks," Weafer said. "Adware and spyware programs are often just a nuisance, but they can eventually become the equivalent of a malicious virus because they're designed to be difficult if not impossible to get off your machines."
He said the trend toward smaller, more targeted attacks provides an opportunity for VARs to provide much-need services to their clients.
"Users need constant education; this is not a static landscape," Weafer said. "There's an opportunity there for resellers to provide new tools and services, and a large part of what we do is to work with partners to get the message out."
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.