Web-based services, including social networks MySpace and Facebook, are becoming prime targets for hackers seeking your personal information.
As Internet users display more of their personal information on social networking Web sites, and office workers upload more sensitive data to online software programs, computer hackers are employing increasingly sophisticated methods to pry that information loose. In many cases, they're devising small attacks that can fly under the radar of traditional security software, while exploiting the trust users place in popular business and consumer Web sites.
In September, the names and contact information for tens of thousands of customers of Automatic Data Processing (ADP) and SunTrust Banks (STI) were stolen from Salesforce.com (CRM), which provides online customer management software for those two companies. The incident occurred after a hacker tricked a Salesforce employee into disclosing a password.
A security researcher reported Nov. 8 that hackers had hijacked pages on News Corp.'s (NWS) social networking site MySpace, including the home page of singer Alicia Keys. Clicking nearly anywhere on the page would lead viewers to a Web site in China that tries to trick them into downloading software that can take over their PCs.
Exploiting Trust
These kinds of targeted attacks on Web-based services may constitute the top company security check (BusinessWeek.com, 11/12/07), according to security experts. "One of the biggest challenges of 2008 will be, how do you do business online when you know there's a bad guy in the middle?" says Chris Rouland, chief technology officer in IBM's (IBM) Internet security systems division. "The personal computer isn't the target of 2008; it's the browser," he says.
Although a rash of e-mail-borne virus outbreaks in recent years have made most PC users wary of opening attachments or clicking on links in suspicious messages, it may be harder to prevent attacks that exploit the Web-based lists of friends and business contacts that users store in widely used services and social networks.
By targeting a relatively small number of users at a time can elude efforts to detect the hackers. Hackers also are employing more professional approaches to maximize damage without being caught. These include division of labor by hacking expertise and wider use of black-market sites to hire programmers and purchase professional malware-writing tools.
Hackers Shift Attacks
Factor in the growing variety of places where people are connecting to the Internet—from work, from home, from Wi-Fi hot spots—and the growing array of devices they're using to do so, and the coming year could present a potent brew of problems.
Although traditional PC software such as Microsoft's (MSFT) Windows operating system and Office programs still present the broadest target because of their hundreds of millions of users, hackers are increasingly attacking online services. Worse, traditional virus attacks that crash PCs or issue floods of commands to overwhelm Web sites are being augmented with malicious software that can swipe personal information, such as bank and credit-card numbers.
Cellular and Corporate Caution
For consumers, it's not just their profiles on social networks that can be mined for personal information. Sophisticated smartphones that run full-fledged operating systems and e-mail applications, and hence store more valuable data, could present tempting targets. Security researchers have found numerous ways to break into prominent mobile-phone platforms from Symbian and Microsoft, and quickly demonstrated ways to hack (BusinessWeek.com, 7/23/07) into Apple's new iPhone.
Cyberthieves are also attacking corporate databases in search of undisclosed financial data or proprietary design and engineering information that can be sold.
Viruses: More Sophisticated BaitHackers are also unleashing viruses that can recruit armies of consumer PCs into larger networks of remote-controlled machines. These "botnets" can distribute spam, attack database software, or keep a record of users' keystrokes. One of the worst, Storm Worm, has infected tens of millions of PCs this year.
By:
Lim Hooi Ting 0701396
No comments:
Post a Comment