McAfee: Threats get small
The days of the mega-outbreak are over as financial motives rule
Computerworld New Zealand - The days of big virus outbreaks like MyDoom, Melissa and SQL Slammer are gone, said Joe Telafici, director of operations for McAfee Inc.'s Avert Labs.
Telafici was speaking at the recent AVAR (Association of Antivirus Asia Researchers) conference, which was held in Auckland. Today's cyber criminals don’t want to draw attention to themselves as the main motivation for cybercrime now is money, not fame, he said.
They are "clearly getting more devious," he said, but law enforcement cooperation across borders is also getting more efficient.
Telafici’s team of around 100 security experts in 16 countries builds McAfee’s security content. But they also educate and cooperate with law enforcement.
At the end of last month, McAfee Avert Labs made 10 security threat predictions for 2007. They are:
- The use of bots, computer programs that perform automated tasks, will increase. Botnetworks will also increase, but there will be a move away from internet relay chat (IRC) towards less obtrusive instant messaging and peer-to-peer communication, said Telafici.
- The number of rootkits on 32-bit platforms will increase, but protection and remediation capabilities will increase too. Telafici said that rootkits are becoming a de facto standard in malicious programs and that they will increase over the next couple of years.
- Vulnerabilities will continue to cause concern, fuelled by the underground market for them. McAfee Avert Labs thinks the number of vulnerabilities will grow because of the increased use of fuzzers -- automated tools and technologies that allow for large-scale testing of applications -- and "bounty programs" that reward researchers for finding vulnerabilities. McAfee is not involved in any such initiatives, said Telafici.
This year, Microsoft Corp. has already announced 140 vulnerabilities, compared with 62 in 2004 and 2005 combined, said McAfee. Also, zero-day attacks are being released soon after "Patch Tuesday" to get the most out of the vulnerability’s window of opportunity, said the company.
- Identity theft and data loss will continue to be issues --computer theft, loss of backups and compromised information systems are at the result of these crimes. According to the U.S. Federal Trade Commission, 10 million Americans are victims of identity fraud each year, said Telafici.
- The number of password-stealing Web sites will increase, using fake sign-in pages for popular online services such as eBay.
- The volume of spam, particularly bandwidth-eating image spam, will continue to increase.
- The popularity of video-sharing on the Web makes it inevitable that hackers will target MPEG files as a way of distributing malicious code.
- Mobile-phone attacks will become more prevalent as mobile devices become "smarter" and more connected.
- Adware will go mainstream, following the increase in commercial Potentially Unwanted Programs (PUPs).
- Parasitic malware that modifies existing files on a disk will make a comeback.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- Firewall Buyers Guide Operate as the core of your network security infrastructure
- Getting Started With a Zero Trust Approach to Network Security The Traditional Approach to Network Security is Failing. View Now>>
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts