Upcoming security threats in 2005
Security Information Week 2, 2005
They year of 2004 was an interesting year from a security point of view: lots of new threats, a record number of patches and the first real virus war. We also saw the interesting aspects of several arrests of both virus writers and spammers in 2004.
What will 2005 bring?
In 2005 the usage of social engineering will further strengthen. Not the least by spammers to avoid spam filters and/or spam traps, but also to ‘aid’ the criminals that are phishing for your confidential information. The phishing problem has increased already and nowadays it looks extremely professional, indicating that the attacks are organized. Phishers are hard to trace and often use a country without too much cyber-law as their point of operation.
In 2005 we will see spam and phishing go together, where viruses will be used to spread and install backdoors for spammers to be used as open relays. This will make sure that tracking them down will become more problematic.
The attacks on Mobile Devices will further increase in 2005. The recent discovery of the Cabir source code (the first virus spreading via Bluetooth) will most likely generate a flood of new variants and new viruses based on the ideas of Cabir. Although the active range of Bluetooth (about 10 meters) makes infection less likely as we are usually not that long in each others vicinity, and some operational issues in this virus only makes it attack the first possible connection, in the near future this will all change. Some airliners are already experimenting with in-flight usage of cellular phones. It is hard to escape each others vicinity on a 13 hour intercontinental trip, and with the mobile devices switched on, the attack-vector just increased.
Another upcoming threat less connected to computers will be SMS-phishing and spams. Receiving an SMS usually is free, but joining certain broadcast channels, most people are unaware that you also pay money to the sender per received SMS after subscribing. And unsubscribing is much harder than one thinks. But even if we don’t regard information broadcast channels, receiving spam SMS might cost the user money. When the recipient uses a pre-paid card and is abroad, using roaming facilities of a foreign telecom provider, he will pay for the transmission of the SMS from his home-country to the country he resides in at that moment.
Is 2005 going to be just ‘bad’?
We don’t think so. Norman assumes that the mass email viruses have topped and will become much less prevalent. People are getting used to them and do not open all attachments anymore if they even accept them. Also almost all ISPs are scanning emails by default now. Infection by email, although still possible, becomes harder and harder.
Therefore virus writers will look for different ways to spread and infect your system. Most likely they will focus on direct port attacks or holes in web browsers.
Righard J. Zwienenberg
