Home
Web Trends
Marketing Strategies
Search
Latest News
Conferences
Blogs
People
Daily News
Classified
Contact Us
ConnectThru RSS
LATEST EVENTS
LeadsCon East
July 26-27, 2010
Marriott Marquis, NY
Affiliate Summit
August 15-17, 2010
Hilton New York
SES San Francisco
August 16-20, 2010
San Francisco, CA
Security in Cyberspace

by Mike Stehn

The digital age has allowed individuals, businesses, and the government to manage valuable information extremely efficiently. However, it is no secret that capabilities from increased communications and intelligence come with the cost of informational vulnerability. In addition to financial losses, voids in the defense of digital infrastructure are creating a national security threat. Thus, the current concern over the protection of cyberspace is intensifying.

This past April leaders in the information security field met to share information and learn from each other’s ideas at the RSA’s annual conference in San Francisco. Among the speakers at the conference was Melissa Hathaway, the senior director for cyberspace for the National Security and Homeland Security Councils.

Hathaway stressed that information is not safe enough in today’s digital world, largely due to an initial focus on efficiency rather than security when the digital infrastructure was being constructed. She was quoted saying that the weakness of the global digital infrastructure “…poses one of the most serious economic and national security challenges of the 21st century.”[1] Hathaway called for an extension of the partnership between the private sector and the government to make cyberspace more secure. However, the scope of the government’s role was a chief concern following the senior director’s speech.

Opponents of big government were even more uneasy in May when President Obama gave a broad outline of his cybersecurity plan. Obama announced the creation of a group of advisors called the national security staff which will bring together personnel from international and homeland security. The staff includes a new position that is being referred to as the “cybersecurity czar.” Obama has yet to name who will fill this position, and it remains unclear what authority this person will have over private networks. According to InformationWeek, the czar’s role will include both creating policy and coordinating the cybersecurity roles of federal agencies[2]. The person will also have regular access to the president.

In a recent speech about the plan, Obama declared “From now on, our digital infrastructure – the networks and computers we depend on every day – will be treated as they should be: As a strategic national asset. Protecting this infrastructure will be a national security priority.”[3]

While many security professionals see the plan as a movement in the right direction, others believe the government will end up extending its hand farther than it should. Nonetheless, given the hacker incursion on the U.S. power grid, the U.S. Air Force’s systems, and the U.S. Army’s systems (most recently) there is general agreement that some increased level of government intervention is necessary.

Awaiting further reports from the Obama administration on the role the government will take in combating cybercrime, the standard web surfer should be aware of a number of trends in cybercrime which are threatening the micro level:

Hijacking of Legitimate Websites
Phishers are no longer stealing passwords and credit card numbers solely through sketchy domains they set up themselves. A new report from the Anti-Phishing Working Group revealed that over 80% of phishing attacks were carried out through hijacked legitimate websites.[4] This is part of a larger movement of cybercriminals becoming more creative and harder to catch.

Phishing Attacks on Social Networking Websites
Popular social networking sites such as Facebook and Twitter were targeted by hackers in May. Criminals use a compromised account to send a link to “friends,” leading victims to a mimicked Facebook login page that feeds the username and password to the phisher. Obtaining this information is particularly valuable because people often use the same usernames and passwords on various websites.[5] In addition, Kaspersky Labs recently found that malware spread through these sites are successful ten times more often than when distributed by Email[6].

Dangerous Keywords
McAfee released a report identifying cybercriminal use of certain keywords to trick consumers into downloading software which exposes valuable personal information. Unsurprisingly, 21.3% of results containing the word “free” lead to PC infection. The study also found criminals taking advantage of the recession, with the keyword “work from home” up to four times more dangerous than average popular searches. Finally, the riskiest keyword was found to be “screensavers,” with about 60% of the links containing malware.[7]

Specialized Search Engines
Online criminals used to focus on improving the rankings of their sites on well-known search engines. However, a study by PandaLabs found that they are now creating their own search engines which give victims search results full of sites specifically designed to spread malware.[8]

Email
Research by Symantec’s MessageLabs showed that spam makes up more than 90% of all Email messages. In May, the report found that one out of every 317.8 emails contained malware and one in 404.7 emails led to a phishing attack[9].

As the government extends its reach in cyberspace, a more secure digital infrastructure can be expected. However, the government cannot be relied on to protect web users every time Email is accessed or Facebook accounts are checked. As the new administration works to combat major cybersecurity threats, the average web surfer needs to take initiative to stay educated about trends in cybercrime in order to lessen the vulnerability of their own information.


1.Bill Brenner, “RSA 2009: Why the Top U.S. Cyber Official is Losing Sleep,” CSO
http://www.csoonline.com/article/490356/RSA_Why_the_Top_U.S._Cyber_Official_is_Losing_Sleep
2.J. Nicholas Hoover, K.C. Jones, “Obama, White House to Oversee Cybersecurity Leadership,” InformationWeek
http://www.informationweek.com/news/government/federal/showArticle.jhtml;jsessionid=ZCYAFQS0VNRHOQSNDLRSKH0CJUNN2JVN? articleID=217700171&pgno=1&queryText=&isPrev=
3.Mike Kent, “Obama Makes Cybersecurity a National Security Priority,” Enterprise Security Today
http://www.enterprise-security-today.com/story.xhtml?story_id=00100018OXZ4
4.Kelly Jackson Higgins, “More Than 80% Of Phishing Attacks Use Hijacked, Legitimate Websites,” DarkReading
http://www.darkreading.com/security/attacks/showArticle.jhtml;jsessionid=CHONEVOXBKDQIQSNDLRSKH0CJUNN2JVN?articleID=217700470
5.Gregg Keizer, “Phishers Harvest Facebook Passwords for Profit,” CSO
http://www.csoonline.com/article/492867/Phishers_Harvest_Facebook_Passwords_for_Profit
6.“Cybersecurity group launch Chain of Trust initiative to combat malware,” Help Net Security
http://www.net-security.org/secworld.php?id=7524
7.“The most dangerous and safest web searches,” Help Net Security
8.“Specialized search engines leading users to malicious websites,” Help Net Security
http://www.net-security.org/secworld.php?id=7452
9.Joan Goodchild, “Report: Spammers Work by US Clocks and Target Facebook, Twitter,” CSO
http://www.csoonline.com/article/493497/Report_Spammers_Work_by_US_Clocks_and_Target_Facebook_Twitter

Leave a Reply

Back to CONFERENCES
About Us   |   Advertising opportunity   |   Submit Articles   |   Posting Jobs   |   Contact Us
Copyright 2008 ConnectThru.com