March 4 Foreign Headlines: 10 latest security threats forecast cloud computing as new target

"51cto.com fast Translation" The continuous introduction of new technologies in a significant increase in computing power to facilitate people's lives, but also inevitable to make cyber criminals have the attack of new weapons. In the 2009, hackers will launch new attacks in many areas such as cloud computing and social networking. Here are the top ten threats we've listed: Malware entering the 2.0 era malware will go into the 2.0 era along with Web2.0, which will increasingly launch attacks on Web 2.0 services, including the latest cloud services. Many companies have just adopted cloud-based services, such as Amazon Web Services and Microsoft Azure, which have become new targets for hackers and spam. Cyber criminals can use cloud computing to simply send large amounts of spam, or they can launch more sophisticated attacks, such as sending malware groups for download. 51CTO Editor's note, cloud computing let positive and evil two camps to find a new battlefield, I have been dedicated to a cloud security topics, details: http://netsecurity.51cto.com/secu/yun/. "In the Web 2.0 environment, malware can also be changed according to specific events or circumstances." Malware can even sneak into the system disguised as a separate harmless data byte, and then construct a combination based on the situation to initiate a malicious attack. In this respect, there have been some typical cases, the data from different websites were reorganized into malicious software to destroy the system. While everyone is passionate about SaaS (Software-as-a-service, software as a service), hackers are also happily talking about Maas (Malware-as-a-service, malware as a service), in their philosophy, Automatic malware will be available as a service online purchase. This will bring a big problem! Because it lowers the technology threshold, it only costs money, which makes many people who don't know much about hacking become cyber criminals. A large number of malware variants anti-virus software manufacturer Symantec claims that there are new trends in malware that can be propagated from a simple, structured malware core to millions of different threats, which will lead to many malware cases that have to be handled separately. Research has shown that there are even more illegal software around us than legitimate software. Therefore, in order to ensure safety, enterprises and suppliers need to increase the intensity of detection methods, rather than continue to be based on simple signatures to prevent. As Web services continue to grow, and many browsers begin to move to a unified standard scripting language, the same new network threats will emerge. The spam pages of social networking sites over time, cyber criminals are moving away from sending spam to different technologies. One of them is to send spam pages (web spam) through social networking sites, and large social networking sites like Facebook and MySpace are naturally targeted. For cyber criminals,Personal information is what they most want to steal, they will try their best to get the user's detailed personal information and try to enter their private account. The current mainstream social networking sites encourage users to post original content (User-generated CONTENT,UGC), which can also pose a problem, with the number of spam pages in user forums and blogs increasing. Legitimate sites will suffer more attacks this is a big problem in the 2008 and will certainly continue in 2009. Criminals understand that if you breach a legitimate web site, a large number of users will click and download malicious files. Many users still don't know much about web-based malware, and criminals will use it in the 2009. Exploiting vulnerabilities in browsers and Web servers is a current trend, and new attack tools are being developed that use no expertise, making cyber criminals much more threatening than before. Unemployment brings more cyber crime economic depression will affect social security in many ways. It would be a terrible phenomenon if unemployed it employees use their expertise to commit cybercrime. As mentioned earlier, developing malware is a lucrative business and making it easier to make money if malware is provided online as a service, because it does not require buyers with relevant it knowledge. According to the 51cto.com security channel, a February 2009 study by a U.S. Institute for North American companies showed that 59% of respondents admitted to taking away their business confidential data from their jobs. Of those, 65% took the e-mail contact information, 45% took the company's non-financial business information, 39% took the customer's message, 35% took the company's employees, and 16% took the company's financial information. 79% of the employees knew beforehand that the company was not allowed to take the data away from the company. Of course, there are other security issues with the employee, and the details can be found in the 51cto.com Technical topic: the safety risks of departing employees. Security budgets are unlikely to grow although network threats have multiplied, the security budget is unlikely to grow significantly in the current economic climate. This means that there will only be more consolidation in the area of security, and it is hard to see new and emerging forms of security. This has happened in 2008, but the 2009-year budget pressure is undoubtedly greater, so consolidation in the security sector will continue. But it's also interesting to see how the way the business works will change after focusing on the security of the data, and whether the future focus of security will shift to ensuring data security without putting too much effort into protecting the network. Attacks on mobile devices The growth and popularity of smartphones makes them a bigger target for criminals, because as a new product, they obviously don't have enough security protection compared to PCs. Applications and data from smartphones can be accessed from anywhere, making them a big target for hacking attacks. IT administrators need to be especially vigilant,Because the threat to the smartphone will have multiple entrances for different devices and applications. The use of mobile Internet is expected to increase dramatically by the end of 09, so its security becomes particularly important. After the next generation of botnet Mccolo's servers were shut down in late 2008, many large botnet networks (Botnet) were eradicated. But, according to MessageLabs, botnets will never disappear, looking for new hosting services and improving technology. It is said that a very complex botnet has now emerged, taking hypervisor virtualization technology, placing malware on the virtual layer, controlling the hardware directly, and invoking the operating system. At the same time, the real operating system does not know that potentially malicious code is controlling the computer. As 51cto.com Expert Sorrows commented: Botnet has become an important platform for phishing, spam and pornography, and the implementation of click fraud and economic crime, which has become more difficult to detect. To "the threat of national security, national information architecture, and the national economy as a constant growth" (US Federal Bureau of Investigation). "51cto.com Editor's note, see 51CTO Expert feature: Botnet threats, defensive tips and Solutions" 2009, technologies like SQL injection and Cross-site scripting attacks will continue and become more common. Attacks on the virtual world like social networking sites, the virtual world could also be a potential gold mine for criminals. This will be in a variety of online games such as World of Warcraft, or a truer second life in which stolen virtual goods can be sold for real cash. In the virtual world, users tend to be wary of their personal data, which is a good opportunity for criminals to steal data more easily. Reputation hijacking prevalence last year, a security vulnerability in Domain Name System (DNS) was exposed by Dan Kaminsky, where criminals could infect server caches and hijack site visitors or email senders to the wrong IP address. This is important for banks and e-commerce sites because it means that the hijacked visitor will be sent to a bogus website where your personal data is likely to be stolen, and it all seems natural. This loophole will be a major security risk in the 2009, and if a hacker organization deliberately attacks it, it is likely to bring a series of serious problems. Last August, in response to this problem, the industry launched a multi-vendor patch to protect the server from attack, but the result clearly shows that the patch simply slows down the vulnerability and is not eradicated. "51CTO translation, cooperation site reproduced please indicate the original translator and the source for 51cto.com" Original: Top security predictions for 2009 Author: Asavin Wattanajantra