In its annual report on the state of online security a GTISC panel, made up of members of the government, IT specialists and academics, warned that existing security systems were falling behind hacking techniques, which were becoming more popular and effective.
“The rapid rate of application development for these mediums has outpaced informa¬tion security technology so far,” the report concludes.
“While the emphasis on functionality over security may not change in 2008, GTISC expects collaboration between the security industry, carriers, ISPs, application developers and Internet users to begin closing the security gap.”
The report warns of five key areas that need addressing; botnets, Web 2.0 attacks, targeted messaging, telecommunications and RFID hacking.
The panel estimates that around ten per cent of the world’s computers are currently part of a botnet, and the rate of infection was increasing. Such networks were increasingly being used for fraud and the panel suggests carriers must do more to integrate firewalls within IP subsystems to check their spread.
The emergence of Web 2.0 posed new threats to internet users the report finds. Web developers need to be more security aware and security technology needs to make better use of heuristics to identify suspicious activity and curtail it.
“As the natural evolution of the Web progresses from 1.0 to 2.0 and beyond, more content and code from multiple and varied sources will be housed together on the client side, creating a highly complex environ¬ment for security governance and protection,” said Gunter Ollmann - director of security strategy at IBM Internet Security Systems.
“In 2008, expect to see underground organizations shift tactics and focus more on Web 2.0, particularly mash-up technologies, leading to more abuses at the user end wherever possible.”
Improvements in anti-spam technology have caused hackers to move towards more targeted messaging to steal data says the panellists. AS phishing sites get shut down faster these targeted messages will attempt to install permanent malware on user’s computers to steal information directly.
The increasing convergence of communications systems and computing into VoIP systems also poses new dangers. In one scenario the panel explained how a mass VoIP infection could be used to overload the 911 emergency phone system in a denial of service attack.
Finally RFID hacking is expected to take off in 2008. The report calls existing RFID security “extremely limited” and warns that hacking will become a major issue in 2008.
“In the early stages, only the hacking elite could exploit WiFi devices, but as the technology gained popularity and became standardized, the first generation of automated WiFi hacking tools and instructions became available,” the report states.
“In the near future, GTISC expects mainstream exploit tools to enable less technical hackers to attack RFID technologies.”
Security industry falling behind hacking technology
By Iain Thomson on Oct 16, 2008 2:57PM