News

Top 10 Internet Security Trends for 2007

Data breaches, ongoing integrity concerns about the Windows Vista operating system and spam, which reached record levels this year, topped Symantec's Top 10 Internet security trends of 2007 list.

In light of this list from the Cupertino, Calif-based IT security giant and maker of the near-ubiquitous Norton Anti-Virus program, a particular concern for IT pros in the Windows enterprise space is whether Vista, which has been patched 16 times as of Nov. 13, 2007, is worth the effort of implementing right now.

"I don't think the widespread adaptation of Vista has happened as fast as other operating systems in the past," said Dean Turner, director of Symantec's Global Intelligence Network, which publishes the firm's Internet Security Threat reports. "Enterprises are really cautious about moving on from legacy systems or other infrastructure because of the strenuous testing and deployment that is needed."

Meanwhile, as systems and security administrators continue to evaluate Vista's place on their respective companies' migration maps amid mixed reviews, Turner described the Web as "patient zero." This means hackers will continue to launch both client and server-side attacks via the Internet through more creative channels.

Here were the ten major security trends of the year as Symantec and others have seen them:

  1. Data Breaches. Late last month, documents from an information-breach lawsuit against the TJX Corporation -- owners of TJ Maxx -- revealed that as many as 94 million customers using Visa and MasterCard were exposed to hackers. Further, in addition to Monster.com and Salesforce.com being hacked, there is also a report coming out next week that suggests half a million database servers are vulnerable. Turner says these events are what made data breaches the top concern among security experts this year.
  2. Vista Introduction. More than a dozen security patches, perceived complexity and an ambivalent reception among tech media and some technologists have kept the much talked about OS in the news, making it a top issue of 2007.
  3. Spam. The hair-growth pill promotions, penny stock tips, and promises of money from deposed African dictators won't stop hitting your e-mail inbox anytime soon. Moreover, spammers are increasingly taking more sophisticated approaches such as sending disguised PDF files, pretending to know you in e-mail subject lines and delivering Storm Worm malware through e-greeting cards.
  4. Professional Attack Kits. Symantec believes that not only are hackers becoming more savvy but are also setting up a new revenue stream by selling hacker kits to peers. Such kits include MPack, which was popular this year and "phishing" toolkits pervade cyberspace as well.
  5. Phishing. Phishing, a cousin of spoofing and masquerade hacking, gets its name from the way hackers use friendly or seemingly benign programs as bait. Symantec's Turner says criminals no longer have to hack in, as some users are coming to them.
  6. Exploitation of Trusted Brands. By exploiting a trusted Website, hackers can trick someone into thinking they're getting on Bank of America's homepage by, for instance, sending them a link such as [email protected] Someone may then key in information on a false interface. While most browsers nowadays are equipped with warning messages, "Phishermen" also take advantage of misspellings of popular Internet addresses.
  7. Bots. Hacking by proxy is an increasingly common way for cyber criminals to maintain anonymity, and the use of "Bots", or Electronic Data Interchange translators, is one of the many malicious emissaries used to siphon protected information.
  8. Web Plug-ins. ActiveX control modules, derived from Microsoft's Component Object Model and used to manage multimedia applications, comprised the majority of plug-in vulnerabilities in 2007, according to Symantec. These modules are usually downloaded from Web pages and used to make programs more compatible with others -- but they can also be used as attack vectors.
  9. Vulnerabilities for Sale. This year the debate over the link between proof of concept exploits and "wild" exploits heated up after a decision in late September by Swiss tech upstart Wabi Sabi Labi Ltd., to create an eBay Inc.-style auction for unpatched, zero-day software vulnerabilities.
  10. Virtualization Machine Security. Software and server virtualization, as evidenced by VMware's multi-billion-dollar IPO and new entries by Oracle, Sun, Microsoft and others, is definitely here to stay. If two file servers can do the work of ten, as some proponents attest, then a hacker can have a field day exploiting such technology.

Click here for a listing some of the top predicted security trends for 2008.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.