7JANUARY/FEBRUARY 2007
NEWS
Network Box, an international threat management service, expects that with advancement
in Trojan software, the threat from botnets will be reduced. But something needs to be done
fast. In 2006, a 200% increase in spam attacks occurred, a large percentage of which were
recognised as a result of botnet activity. In December, seven out of the top ten threats were
Trojan horses, designed to gain unauthorised access to infected machines in pursuit of
criminal activity.
Using Trojans, attackers have been able to develop increasingly sophisticated data-stealing
malware. Simon Heron, technical director of Network Box is confi dent that despite the
progression of Trojans, defences will be stronger. “Trojan software is now getting sophisticated
enough to look for updates to remove these bugs. These campaigns will become much more
successful in 2007”, he says.
In 2006, there was a noticeable reduction in new viruses emerging, although worm
variants were on the increase. New versions of the Warezov worm, designed to carry and
install Trojans, emerged in the last few months of the year and was named, amongst others,
as aiding the rise of the botnets.
But how is the security threat landscape set to change in 2007?
The uptake of VoIP is expected to become a victim of attack for 2007. Heron says: “VoIP
is an ideal target for hackers in 2007. It’s a new protocol and is quite complicated. It has not
been integrated well into fi rewalls”.
WiFi attacks are also set to increase. Mikko Hyppönen, chief research offi cer for F-Secure
predicts that vulnerabilities in WiFi drivers will be exploited in 2007. Hyppönen also expects
an increase in MMS and SMS spam in the new year, and predicts a rise in spyware on
smartphones, used to monitor calls and messages.
Phishing is forecast to remain a growing problem, although the target for attackers is
expected to change. Phishers will target smaller banks and major brand names, such as
Flickr and MySpace. Hypponen says: “[phishing] is a perfected crime: the money is good and
nobody is getting caught.”
And fi nally, the launch of Microsoft’s Vista is expected to impact largely on the changes in
the malware and security world in 2007. Writers will be forced to re-compose malware to get
through Vista’s rules, but attackers are already racing to develop ‘Visa-compliant’ malware.
Patchlink announced fi ndings from a customer survey that revealed that IT professionals
are aware of the security threats expected in 2007, and are taking necessary precaution.
Sixty six per cent of IT professionals plan to spend more on security in 2007 than they did in
2006. Happy new year!
Cisco buys IronPort to feed NACCisco has agreed to buy email fi ltering vendor IronPort for $830m. The deal is said to add
some fl esh and blood to the networking giant’s ‘self-defending network’ framework, of which
its Network Access Control initiative is part.
IronPort sells email security appliances that fi lter email by sender reputation. Its
technology marks Cisco’s fi rst foray into the anti-spam market.
Richard Palmer, senior vice president of Cisco’s Security Technology Group, said in a
statement. “We feel there is enormous potential for enhanced email and message protection
solutions to be integrated into the existing Cisco self-defending network framework [NAC]”.
IronPort will become a Cisco unit. Upon close of the transaction, the 408 strong IronPort
team and product portfolio will operate as a business unit in Cisco’s Security Technology
Group, reporting to Richard Palmer.
The deal is yet another instance of mainstream IT vendors acquiring security pure plays,
following such acquisitions as EMC’s of RSA and IBM of ISS. Last year, in another lateral
security move, Cisco acquired video surveillance company SyPixx.
With reports common that spam now accounts for 90% plus of enterprise email, it seems
a timely acquisition.
IN BRIEF
MI5 gives some the vapoursMI5’s recently launched email alert
service to keep people informed of
changes in the national security threat
level has drawn criticism for causing
information privacy concerns. The
service was sending unencrypted
registration information to an American
contractor. MI5 has reportedly dropped
the US company, and is using servers
in the UK over SSL links. The Register
and the BBC, which slammed the Alert
‘a shambles’, covered the story which
originated with activists at Spyblog.
Anti-security predictions 2007CA’s Simon Perry, VP Security Strategy,
EMEA, and a man whose visage has often
graced this magazine, has come up with fi ve
counter-predictions for this year.
1. The internet will not be taken down by (so
called) cyber terrorists in 2007.
2. Ransomware will not hold the majority of
people hostage in 2007.
3. Boards will not pay noticeably more
attention to IT security in 2007.
4. Microsoft’s Vista will not prove to be full
of security holes.
5. Microsoft’s Vista will not solve all our
security problems.
Opting out is hard to doReports have emerged that current GP and
hospital records, will be uploaded to UK
NHS regional hosting centres without any
provisions for opting out from the system’s
database. There are plans to implement
‘sealed envelopes’ that would allow
individuals to seal portions of their health
care records.
Almost one third of UK companies spam happyA study of compliance to the EU Directive
on Privacy and Electronic Communications
among large UK companies has found
that 31% of them do not provide ‘non-
customers the opportunity to actively opt-in
or otherwise consent to further marketing
emails.
IS071p6_9.indd 7IS071p6_9.indd 7 24/01/2007 14:57:4924/01/2007 14:57:49
Top Related