As the New Year approaches, IT security vendors are inundating the world with their year-end threat assessments and projections for 2009.
McAfee Inc. found that the flagging economy did not hinder cyber crooks last year and, in fact, it may have been a boon. The security vendor's Virtual Criminality Report noted a discernible rise in attacks from false recruiting letters and other email designed to intrigue people whose jobs might be in jeopardy. And in this climate, that's just about everyone.
McAfee also saw an increase in spear phishing -- targeted attacks in which hackers research their recipients and devise legitimate-looking email messages.
"A good example is the LinkedIn attack this year, where about 10,000 users were specifically spammed and phished -- using first and last names and with resume information that looked like a LinkedIn update," said David Marcus, McAfee's director of security research and communications.
IT security resellers guard against attacks
In fact, more cybercriminals are using LinkedIn, Facebook, MySpace and other social networks to glean information about potential victims and generate targeted email that appears to come from friends or colleagues.
"In an economic downturn, this will be a big problem going forward," Marcus said. "People may click on something they wouldn't have clicked on if the climate was different."
There was also a rise in the number of fake job sites in the first half of 2008. In the United Kingdom, McAfee found 873, which was up 345% from the previous year. The fact that many companies are laying off employees sparked more fear of data loss, whether in the form of electronic theft or the low-tech theft that occurs when severed workers leave the building with data-crammed USB sticks.
"The top concern of my customers is people walking out with data," said Michelle Drolet, CEO of Towerwall Inc., a Framingham, Mass.-based Internet and information security solution provider. "Most of the threats now are through HTTP, much more malware than viruses."
Duncan Hume, director of Bell Micro's new North American security division, said data loss prevention (DLP) is the top concern he hears from customers and VARs alike. Companies always worry about data leaving the premises, but "when times get tough economically, defenses drop and phishing attempts [that] they ordinarily wouldn't give the time of day to become more tempting," Hume said.
Jonathan Dambrot, managing director of Prevalent Networks, a Warren, N.J.-based security specialist, said these DLP concerns escalate to the CEO level a lot faster than they used to.
"In some cases they're not sure how it's leaving the company, but they know it's out there getting posted," he said.
The bad guys are just getting smarter about presenting themselves as correspondents the recipient might know or want to hear from. Cisco's Annual Security Report, released Monday, cited 90% growth in threats originating from legitimate domains this year -- nearly double the 2007 figure. And in its Security Threat Report 2009, Sophos found that the United States was the country of origin for most Internet-based malware attacks in 2008.
Many IT security resellers and vendors said, almost nostalgically, that the days of the script kiddies are gone. Now, the vast majority of threats originate with organized criminals who are in it to make money, not prove their hacking prowess.
"It's no longer kids in their bedrooms writing viruses for grins and giggles," Hume said.
How IT security resellers can prevent breaches
McAfee also warned that there could be a lack of resources devoted to fighting cybercrime, with law enforcement spending crunched and much of what remains focused on terrorism and economic issues.
Successful penetration of corporate data repositories and harvesting of that data requires both technological and social smarts, so a huge component of security lies in talking to employees. Warning them about best practices when using social networks, for example, is critical.
"Companies have to train their people," Dambrot said. "They have to do content filtering based on reputation as well as context. They need to make sure they have strong antivirus both at the desktop and the network. The best practice is layering. You can't block everything, and even if you do, new sites pop up every day. It's an arms race."
That leads to the best advice IT security resellers can give their customers: that a total security solution must consider electronic safeguards as well as good human resources and training practices.
"That's a tough conversation to have with employees -- what they can and can't do in social nets," Dambrot said. "You can tell them to stay off the nets, but that's not really realistic, so you need to mitigate."
But it's not just on the users. IT security resellers and vendors alike say social sites must take on more responsibility themselves for policing their networks and protecting them from unscrupulous use.
"The pressure is on for them to do more to control this," Dambrot said. As an example, he pointed to Yahoo and AOL, which, he said, "now run antivirus in their clouds. They scan email, even free mail, as it's sent."