Log In

Reset Password
BERMUDA | RSS PODCAST

Search poisoning the latest in cyber threats

Cyber threats are the bane of every business, a cost to be borne with gritted teeth if one is to protect the vitals of an operation.

Business data, customer privacy and the actual operations of an enterprise can all be compromised by professionals and hackers alike. New threats arise all the time, as business incorporate new technologies and explore new ways of distributing and communicating services and content. Georgia Tech's 2012 cyber threats forecast lists “search poisoning” as the latest threat to your business, for example.

“The year ahead will feature new and increasingly sophisticated means to capture and exploit user data, as well as escalating battles over the control of online information that threatens to compromise content and erode public trust and privacy,” the university's Information Security Centre says.

Search poisoning refers to the use of search engine optimisation techniques to push malicious links to the top of search results. Users are more likely to click on a URL because of its high ranking on Google or other search engines. A click lands the user at the page, and opens the way for them to download malicious content or get sucked into a scam.

Mobile has been the new front for security IT for a while. With the increasing link up between smart phones and business operations expect increased attacks aimed specifically against mobile Web browsers. The balance between usability and security, along with device constraints, make it difficult to guard against mobile Web attacks.

Expect compound threats targeting mobile devices to use SMS, e-mail and the mobile Web browsers to launch an intrusion, which then silently records and steals data. Mobile phones are also becoming a new vector that could introduce attacks on protected systems, much like USB keys. Plug a hacked smartphone in a network and the intrusion is launched.

For mobile users that means using more protection, which is a hassle. Mobile devices must be protected by encapsulating and encrypting sensitive portions to strengthen security. IT departments must also regularly call all phones in and update them with patches. This is a headache, as mobile apps and software are being developed rapidly, much too rapidly, says Georgia Tech's experts.

The result is mobile software is being rushed to market without the necessary security features. Market now and patch later, seems to work.

It's not just smartphones but also tablet devices, which continue to blur the lines between the professional and the personal. Georgia Tech provides as best practice, the example of Equifax, one of the largest sources of consumer and commercial data.

The company's approach is based on encapsulation, which refers to the authentication and encryption of data packets sent over the Internet. Encapsulation enables the company to define boundaries and balance user productivity with security needs. The company dedicated significant time and resources to select a mobile phone management platform. It then launched a pilot programme to ensure complete encapsulation of mobile devices for more than 6,500 employees across the US and 15 other countries.

Equifax encapsulates and encrypts the corporate portion of an employee's smartphone, and can quickly and remotely address a device that is compromised in any way.

“We take a layered, holistic approach to security that includes multiple levels of defence,” said Spinelli. “Despite their rapid consumerisation, mobile devices are no exception.”

Botnets, another old but ongoing security threat, are also evolving with the marketplace. A botnet is a series of compromised computers connected to the Internet and used for malicious purposes. It is increasingly becoming a more sophisticated business.

Botnet controllers are building massive information profiles on their compromised users and selling the data to the highest bidder for marketing purposes, according the report.

Three or more years ago, botnet operators focused on stealing email and password credentials, which were useful to spammers. Now they are building massive user profiles, including name, address, age, sex, financial worth, relationships, where they visit online, for example. The information can be moved on multiple times, essentially being laundered so it can be sold to an unsuspecting and legitimate business for up to $30 for a qualified lead.

Botnets can also auto-fill online forms used to compile lists for marketing. The botnets have all the personal information necessary to fill out the forms, and devise an automated process resulting in a sophisticated fraud scam that is difficult to detect and prosecute.

Get the report at http://gtsecuritysummit.com/report.html and protect yourself.

Send any comments to elamin.ahmed[AT]gmail.com

You must be Registered or to post comment or to vote.

Published October 19, 2011 at 2:00 am (Updated October 19, 2011 at 9:00 am)

Search poisoning the latest in cyber threats

What you
Need to
Know
1. For a smooth experience with our commenting system we recommend that you use Internet Explorer 10 or higher, Firefox or Chrome Browsers. Additionally please clear both your browser's cache and cookies - How do I clear my cache and cookies?
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service
7. To report breaches of the Terms of Service use the flag icon