In 2005, viruses and worms are likely to more aggressively target handheld devices, cell phones and embedded computers in cars -- including car and satellite communications systems -- according to a report released today by IBM.
Looking at coming trends for 2005, the IBM Global Business Security Index Report found several areas of concern:
- Mobile devices such as PDAs and cell phones, which the report called "the new frontier for viruses, spam and other potential security threats. Bluetooth and other wireless technologies that connect mobile devices pose new exposures for hackers to target."
- Identity theft, for which "there appears to be no end in sight. ... Phishing attacks ... will likely continue to plague businesses and consumers."
- Malicious software writers, who are getting smarter and employing basic software development practices to spread destructive software more effectively.
- Instant messaging networks, which could be increasingly targeted by efforts to take over command and control of infected systems.
- Voice-over-IP systems, which could see more disruptions. "In particular, eavesdropping and denial-of-service attacks carried out remotely against VoIP networks could provide significant damage for enterprise organizations," the report said.
Looking back at 2004, e-mail-based worms and viruses wreaked havoc on corporate networks, according to the report, which summarizes security threats in 2004 and looks ahead to trends in the year ahead. It was written by IBM's Global Security Intelligence Services team.
E-mail worms, including Bagle, Netsky and Mydoom, led the pack in the number of variants and overall impact, according to the report. Then, at the end of 2004, a growing number of viruses, such as the Cabir worm, appeared that were aimed at PDAs and other mobile devices. It is likely that such worms will be used by copycats this year and could spur an epidemic of viruses aimed at mobile devices.
"When we think about IT threats, we typically think about PCs and servers and networks," said David Mackey, director of IBM's Security Intelligence Services. "But what we're finding is those threats are now expanding past the traditional IT space to the mobile space, where we talk about PDAs and cell phones and embedded security systems like in cars.
"It's still new, so we don't know what the risk is, but it's one of those areas we're going to have to look out for in 2005," he added.
Mackey said future technology will have to secure the network communication piece of an in-vehicle computer to prevent unauthorized programs or information from being sent via Bluetooth into the car computer system. "We'll have to keep evolving that technology on communications just to make it more secure," he said.
Mackey said the big story from 2004 is that a lot of the malware that has hit the traditional IT environment is becoming smarter and more pervasive, making it more of a threat. "But the good thing from the other side is that companies and even home users are getting smarter about how they protect their systems," he said.
In addition, Mackey said recent natural disasters, including the tsunami that devastated South Asia the day after Christmas, highlighted the need for all organizations to have continuity and disaster recovery plans in place.
The IBM Global Business Security Index Report is a monthly report that measures potential network security threats based on data and information collected by the company's 2,700 worldwide information security professionals and half a million monitored devices, IBM said.