 |
Global Business Security Index Report: Surge in Criminal-Driven Cyber Attacks Anticipated in 2006 |
IBM announced the contents of its 2005 Global Business Security Index Report and provided an early look at potential security threats in 2006. Based on early indicators, IBM anticipates a fundamental shift, or evolution, in cybercrime from pervasive global outbreaks to smaller, stealthier attacks targeted at specific organizations for extortion purposes.
According to the report, written by IBM's Global Security Intelligence team, the global IT threat landscape spent the majority of 2005 at the medium level. While the Zotob worm gained international attention, impacting well known media organizations, there were decidedly fewer global malware outbreaks than the previous year.
But that does not tell the whole story. The criminal element motivating many spam, malware and other IT attacks became apparent last year. High profile arrests of cybercriminals in the US and around the world pointed to individuals linked to organized crime and motivated to make money. With software and networks becoming increasingly more secure, it is anticipated that many of these criminals may target the most vulnerable access point within a company or organization - its personnel - to execute an attack.
IBM's Global Business Security Index report includes an early view of other potential trends in 2006, such as the following:
* Insider Attacks - As software becomes more secure, computer users will continue to be the weak link for companies and organizations. Criminals will focus their efforts on convincing end users to execute the attack instead of wasting time in lengthy software vulnerability discovery. Global resource, employee layoffs, mergers and acquisitions all present challenges for companies and organizations attempting to educate users against these threats.
* Emerging Markets - Cyber criminals take advantage of poor international cooperation against cyber-crime and launch cross border attacks with little personal risk, so the threat to and from emerging and developing countries is therefore increasing. It then becomes far more difficult to trace the attacks back to their source, especially when trends show attacks are increasingly originating from regions, such as Eastern Europe and Asia, where sanctions are more lenient and enforcement is limited.
* Blogging - The increased use of collaboration tools, such as blogging, also increases the possibility of leakage of confidential business data.
* Instant Messaging - Botnets, a collection of software robots that allow a system to be controlled without the owner's knowledge, will continue to represent one of the biggest threats to the Internet. Newer botnets, which will have smaller cells to better hide, will likely move to instant messaging and other peer-to-peer networks for command and control of infected systems.
* Mobile Devices - Malware affecting mobile phones, PDAs and other wireless devices increased substantially in the last year, but has not yet materialized into pervasive outbreaks since they cannot spread on their own - yet. Therefore, this trend continues to be on the radar for 2006.
