By Dilbag Koundal
Security is a huge part of the job for most IT administrators. We’re always striving to protect our organizations from the latest barrage of viruses, worms, and other malware. With 2009 over, what types of threats could we face in the year ahead? The recent 2010 Threat Predictions report from McAfee pegs a few different areas to watch out for in 2010.
Social networks will be one key breeding ground for cyber attacks, says McAfee. As sites like Twitter and Facebook (News – Alert) continue to grow in popularity, especially among the business crowd, cyber crooks will increasingly employ their usual bag of tricks to try to ensnare users.
A site like Facebook can be especially vulnerable as many people will implicitly and unthinkingly trust any “invitation” from their friends. But as McAfee points out, that next invite to play a cool game or run an interesting application from a Facebook friend could be a fake app created by a cybercriminal designed to infect your PC. We’ve already seen such malware attacking Facebook, such as the infamous Koobface worm that first reared its ugly head about a year ago.
Personally, I’ve just about stopped playing games, filling out quizzes, and running most applications in Facebook. I’ve never been comfortable with the way a Facebook app needs to gain access to your personal information in order to run. That’s always seemed like an open vulnerability that could easily allow the wrong people to learn too much about you. Now McAfee’s reminder that these apps are also a way to spread malware is something IT admins and Facebook users should keep in mind.
Another area to watch out for is the use of URL shorteners, popular on social networking and bookmarking sites. Services like bit.ly and tinyurl.com shorten URL strings so they can fit in smaller spaces, such as the 140-character limit imposed by Twitter. But you can’t preview a shortened URL, so you don’t know where it’s going to take you until the page pops up. This makes it easy for cyber crooks to point these URLs to pages that could deliver malware.
Microsoft apps have traditionally been a popular target for malware writers. But that “honor” may switch over to Adobe this year. As Adobe Reader and Flash have become more prevalent, they’ve also become more of a target for cybercriminals. Adobe Reader in particular has been hit by security holes over the past year, forcing Adobe to take a more active role in keep its app properly patched.
Other threats that McAfee sees in its crystal ball for 2010:
Banking trojans designed to grab your financial account information may become more advanced. Already in 2009, they showed off the ability to sneak past some of the protections currently used by banks. McAfee warns that this year they may be able to silently interrupt transactions and even make withdrawals without being detected.
E-mail attachments will also continue to grow as a primary means of spreading malware. McAfee believes that these attachments could even target specific audiences, such as corporations, journalists – not good news on my end – and individuals.
Botnets, which are responsible for carrying out cyberattacks, will also increasingly use peer-to-peer networking to hop from one computer to another without a central base of operations. Such a strategy will make it more difficult for security professionals to track them down.
So how do you prepare yourself for the potential threats that lie ahead? Well, naturally since McAfee wrote the report, the company would like you to buy its own security software to protect your users. And McAfee does offer software with certain capabilities, such as the ability to scan shortened URLs. The company also recently struck a deal with Facebook to provide Facebook users with a free six-month subscription to its security software.
But any good security suite or application would be your first line of defense in protecting you and your users from the coming threats. It goes without saying that choosing and using the right software and keeping it updated is critical, no matter what security software you deploy. Also, make sure that you keep your organization’s PCs updated with the latest patches from Microsoft to protect the operating system, office suite, and browser.
But beyond the right software, user education is vital. Make sure your users are aware of the latest threats and realize that their actions can have consequences. They need to think twice before opening a file attachment or downloading an application that could expose them and your business to malware. Though 2010 may bring its own share of cyber threats like any other year, protecting your organization and your users is the best role you can play.