Georgia Tech report highlights threats in Web 2.0, botnets, messaging, mobile, and RFID, as well as countermeasures
In 2008, the number of user machines that become bot-infected will be one in 10 or greater, according to the Georgia Tech Information Security Center (GTISC), which earlier this week released a report on the main threats for next year.
Botnets, not surprisingly, are one of the top five threats the GTISC says will plague the Internet in '08. Tens of millions of computers -- about 10 percent of those connected to the Net -- are already acting as bots in botnets today, the GTISC says. And next year, botnets will not just be mainly spam and denial-of-service attack weapons, but also more for data theft and DNS abuse. And look for more botnets to move to peer-to-peer networks to evade detection, the report says.
“We’ll see a continued increase in the amount of fraud carried out by botnets in 2008, pushing the levels of users infected by a bot to 1 in 10 or greater. The entire IT community -- service providers, security vendors, websites and users -- all must play an active role in protecting from this evolving and expanding threat,” says Wenke Lee, associate professor of GTISC and the College of Computing at Georgia Tech, in the report, which was released in tandem with a GTISC-sponsored cybersecurity panel.
The other threats that will evolve and increase next year are Web 2.0 and client-side attacks; targeted messaging attacks; mobile attacks; and attacks on RFID systems, the GTISC says.
Among other things, the report proposes educating Web developers on secure coding techniques; adopting more behavior-based protection; enabling protection engines to understand JavaScript; and encouraging Website remediation and better content-filtering by browsers.
And the GTISC says mobile services providers next year will begin promoting more anti-malware solutions for mobile devices on their networks, and add firewalls and IPSes for tighter security. The GTISC also recommends more vulnerability research in the session initiation protocol (SIP) for voice-over-IP and mobile convergence applications.
— Kelly Jackson Higgins, Senior Editor, Dark Reading
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024