informa
/
Perimeter
Quick Hits

Top Five Threats for 2008

Georgia Tech report highlights threats in Web 2.0, botnets, messaging, mobile, and RFID, as well as countermeasures

In 2008, the number of user machines that become bot-infected will be one in 10 or greater, according to the Georgia Tech Information Security Center (GTISC), which earlier this week released a report on the main threats for next year.

Botnets, not surprisingly, are one of the top five threats the GTISC says will plague the Internet in '08. Tens of millions of computers -- about 10 percent of those connected to the Net -- are already acting as bots in botnets today, the GTISC says. And next year, botnets will not just be mainly spam and denial-of-service attack weapons, but also more for data theft and DNS abuse. And look for more botnets to move to peer-to-peer networks to evade detection, the report says.

“We’ll see a continued increase in the amount of fraud carried out by botnets in 2008, pushing the levels of users infected by a bot to 1 in 10 or greater. The entire IT community -- service providers, security vendors, websites and users -- all must play an active role in protecting from this evolving and expanding threat,” says Wenke Lee, associate professor of GTISC and the College of Computing at Georgia Tech, in the report, which was released in tandem with a GTISC-sponsored cybersecurity panel.

The other threats that will evolve and increase next year are Web 2.0 and client-side attacks; targeted messaging attacks; mobile attacks; and attacks on RFID systems, the GTISC says.

Among other things, the report proposes educating Web developers on secure coding techniques; adopting more behavior-based protection; enabling protection engines to understand JavaScript; and encouraging Website remediation and better content-filtering by browsers.

And the GTISC says mobile services providers next year will begin promoting more anti-malware solutions for mobile devices on their networks, and add firewalls and IPSes for tighter security. The GTISC also recommends more vulnerability research in the session initiation protocol (SIP) for voice-over-IP and mobile convergence applications.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5