Expert Commentary

Emerging cyber threats report, 2013

2012 report report from the Georgia Tech Information Security Center and the Georgia Tech Research Institute on the greatest cybersecurity threats.

Cyberthief (iStock)
(iStock)

Computer malware is a multimillion-dollar business for both hackers and online security experts. The U.S. Department of Homeland Security reports that the Secret Service’s Cyber Intelligence Section helped to apprehend criminals who stole hundreds of millions of credit card numbers, which resulted in approximately $600 million in losses for financial and retail institutions in 2011. According to the National Criminal Justice Reference Service, the practice of buying and selling malware “bots” on Web forums is especially prevalent in Eastern Europe.

Some threats also come from “state actors” and may be motivated by geopolitics. Recent news reports have highlighted the apparent cyber conflict taking place between the United States and Iran, with the U.S. allegedly helping launch viruses such as Flame and Stuxnet against Iran’s nuclear facilities and Iran retaliating against American banks. Russian researchers recently discovered a malware named Red October that targeted oil and gas institutes, nuclear research centers and embassies — and was specifically designed to look for encrypted files.

A 2012 report from the Georgia Tech Information Security Center and the Georgia Tech Research Institute presented at the 2012 Georgia Tech Cyber Security Summit, “Emerging Cyber Threats Report 2013,” identifies significant risks to online security based on academic research, government reports and investigative journalism. Findings are organized around six themes: information manipulation; insecurity of the supply chain (or compromised hardware); the security of mobile and cloud technologies; the privacy of medical data; and aggressive malware.

Key study findings include:

  • Attackers have been known to manipulate online search results to increase the chances that users will visit pages that will try to install malware. “A more common attack in the future will use cross-site scripting to inject links from legitimate sites to malicious destinations.” Other strategies involve using cookies to compromise a user’s search history, which cannot be remedied by switching to a clean computer.
  • Novel malware strategies include attaching malicious code to digital rights management (DRM) software embedded in most media properties to prevent unauthorized duplication, capturing keystrokes from a nearby (and uninfected) device, using a phone’s camera to capture the environment without the user’s knowledge, and exploiting security vulnerabilities in the Java programming language to infect devices running the Mac OSX operating system.
  • Two Chinese manufacturing firms have been reprimanded by the U.S. government for producing counterfeit network hardware and software. Distrust of the supply chain has led some companies to test devices and applications for evidence of tampering or security gaps.
  • While malware developers have produced approximately 175,000 suspicious apps for the Android operating system as of September 2012, because of user and vendor vigilance, only about 0.002% of such phones in the United States have been compromised. In China and Russia, the infection rate for Android phones is closer to 40%.
  • The limited size of a mobile phone screen has led handset developers to opt for usability over security, and “mobile users are three times more likely to visit a phishing site than desktop browser users.”
  • Mobile phone users, citing concerns about security, theft and loss, have been reluctant to adopt technologies such as “mobile wallets.”
  • Providing easy patient access to digital medical records may also allow enterprising hackers to impersonate a patient, gain access to the system and “use it as a launching point for future attacks.”
  • Cloud-based data storage systems — data stored on a remote server such as GoogleDocs or iCloud — have improved over time, but make an attractive target for hackers. “Just as large collections of data in the cloud become a siren call to attackers, the ability to create vast computing resources will continue to convince cybercriminals to look for ways to co-opt the infrastructure to their own ends.”
  • A 2011 Ponemon Institute study (PDF) found that while 69% of cloud service providers believe that users are primarily responsible for their data, only 35% of cloud users agreed. “This disconnect will continue to cause security problems for companies that do not clarify the roles and responsibilities for protecting their cloud data.”

Tags: technology, crime, telecommunications, mobile tech

About The Author