Posts Tagged ‘stolen cyber data for marketing’
Tuesday, October 11, 2011 @ 06:10 PM gHale
Next year will feature new and increasingly sophisticated means to capture and exploit user data, as well as escalating battles over the control of online information that threatens to compromise content and erode public trust and privacy, a new report said.
“We continue to witness cyber attacks of unprecedented sophistication and reach, demonstrating that malicious actors have the ability to compromise and control millions of computers that belong to governments, private enterprises and ordinary citizens,” said Mustaque Ahamad, director of Georgia Tech Information Security Center (GTISC). GTISC and the Georgia Tech Research Institute (GTRI) released the Georgia Tech Emerging Cyber Threats Report for 2012 at the annual Georgia Tech Cyber Security Summit, a gathering of industry and academic leaders.
“If we are going to prevent motivated adversaries from attacking our systems, stealing our data and harming our critical infrastructure, the broader community of security researchers — including academia, the private sector and government — must work together to understand emerging threats and to develop proactive security solutions to safeguard the Internet and physical infrastructure that relies on it,” Ahamad said.
Specific threats to follow over the coming year include:
• Search Poisoning – Attackers will increasingly use search engine optimization techniques to optimize malicious links among search results, so users are more likely to click on a URL because it ranks highly on Google or other search engines.
• Mobile Web-based Attacks – Expect increased attacks aimed specifically against mobile Web browsers as the tension between usability and security, along with device constraints (including small screen size), make it difficult to solve mobile Web browser security flaws.
• Stolen Cyber Data Use for Marketing – The market for stolen cyber data will continue to evolve as botnets capture private user information shared by social media platforms and sell it directly to legitimate business channels such as lead-generation and marketing.
“Our adversaries, whether motivated by monetary gain, political/social ideology, or otherwise are becoming increasingly sophisticated and better funded,” said Bo Rotoloni, director of GTRI’s Cyber Technology and Information Security Laboratory (CTISL).
“Acting as individuals or groups, these entities know no boundaries, making cyber security a global problem,” he said. “We can no longer assume our data is safe sitting behind perimeter-protected networks. Attacks penetrate our systems through ubiquitous protocols, mobile devices and social engineering, circumventing the network perimeter. Our best defense on the growing cyber warfront is found in cooperative education and awareness, best-of-breed tools and robust policy developed collaboratively by industry, academia and government.”
As far as advanced persistent threats (APT) go, they will adapt to security measures until malicious objectives are achieved, according to the report. In addition, human error, lack of user education and weak passwords are still major vulnerabilities. Also, cloud computing and computer hardware may present new avenues of attack, with all malware moving down the stack. And, large, flat networks with perimeter defenses at the Internet ingress/egress point break down quickly in the face of APTs.