Making Security a Common Sense

1: Zombie storm attack

Botnet is a group of “zombie” computers controlled remotely, to craft attacks. The most common ways to make a computer zombie is by virus, and exploits on unpatched vulnerabilities. Botnets are not a new concept; they have been around for sometime. But attacks from botnets are expected to grow this year. Some attacks we see from zombie networks include Denial-of-Service attack, Spyware, E-mail spam, and Click frauds.

2: Web2.0 and SaaS attack

More and more software-as-a-service websites are coming up these days (like salesforce.com, Google docs, Spreadsheet, and so on). They will get more attention from attackers. Many of these hold your important personal/company information and that’s juicy information for attackers.

3: Parasitic attackware

These might look like legitimate and branded applications, but are infected by attackers and redistributed (similar to Firefox extensions). Fake shareware distribution sites might distribute legitimate but infected programs online. The Victim would, for example, think that they are downloading legitimate Adobe Acrobat Reader from a ‘xyz’ site (not parent site of the product). However, this site might have parasitic attack software patched onto it.

4: iPhone and smart phones

iPhone is expected in India this year. We can anticipate many attacks on the iPhone and other smart phones we see these days. These might get infected over GSM or some other malicious website. With the popularity of smart phones like HTC, Blackberry and so on, people are increasingly using internet on handheld devices. We haven’t seen antivirus products emphasizing much on theme.

5: Attack from your pocket

We can expect attacks being launched from new age phones and handheld devices. Most of the handheld devices these days have wireless connectivity, and Linux or windows as the operating system. We will see a trend of hacking tools on these devices which can be used for attack. Attackers know how easy it is to create an attack toolkit on a Linux based phone. We are also witnessing a trend in tools that can assist malicious acts from handhelds. Normal phones these days are more powerful in processing as compared to the first generation of computers we stared using.

6: Attack on Govt. websites

In the recent past, we have observed cybercrooks trying to hack Govt. and bank websites. Latest in series was the ‘Govt. of Maharashtra’ website. We can expect increase in the trend of hacking into Govt. websites. The need of the hour is to secure such websites and manage them properly

7: Phishing: Majorly targeting SSO based services

We are moving towards one username, one password, and many services kind of architecture, just like Google. It’s commonly known as single-sign-on (SSO) in the IT industry. We can expect malicious websites offering some services which pretend to, for example, use Google Auth API where you could avail the service under the Google services umbrella. It will look legitimate but the attacker might get away with your crucial information. This can directly relate to financial loses as well. We have seen a lot of people using Google checkout to shop. Attackers might try to take benefit of this fact.

8: Social networking websites

What with the way social networking websites are booming these days, we can expect more and more crime on that front. As of now identity theft is growing through these sites. Pornography might grow a great deal on these channels.

Attackers might also use these sites for mining data about people, fetching information that people share and use it to “authenticate” their attacks.

9: Lucrative websites

Fancy looking websites of greetings, gaming and cyber pornography has been a good source of attacks in the past and the same will continue in 2008 also. It targets the mentality and emotions of people to serve its purpose, and the same will remain a prime method for adversaries in future too. These might be used to spread malwares and steal financial or personal information.

10: Wireless attacks

The wireless medium is getting popular in India these days with cheap and affordable devices. But people are ignorant about the security aspects of the wireless. Wireless attacks are on a high prowl in the west where companies have incurred losses in millions. We will see a rise in wireless attacks in India too, if people are not educated in time.

What should a common man do to be safe?

There are a few things a common man can do to be secure online. Many of these have been told again and again in past, but people do not take it that seriously

a) Use genuine software

b) Update all the software with latest patch issued by the vendor

c) Use a good antivirus and antispyware tool

d) Keep antivirus antispyware updated

e) Use a good desktop level personal firewall

f) Abstinence: Avoid temptation of downloading anything and everything.

g) Open email attachment from trusted source only

h) Do not give too much personal information on public websites

i) Double check before using any executable, verify the integrity and the source.

j) Download software from trusted websites only

k) As far as possible use HTTPS and other encrypted protocols.

l) Never ignore any warnings, read them carefully & try to understand the reason behind it

m) Use best security practices to secure your networks, wired or wireless

n) Use smartphones responsibly.