Top 10 cyber security threats for 2008

Twelve cyber security veterans, with significant knowledge about emerging attack patterns, worked together to compile a list of the attacks most likely to cause substantial damage during 2008. The list was released by the SANS Institute.

Here’s the list of the worst security threats companies will face this year:

1. Increasingly Sophisticated Web Site Attacks That Exploit Browser Vulnerabilities - Especially On Trusted Web Sites

Attackers are getting more savvy with exploit codes, and more and more are targeted trusted Web sites.

2. Increasing Sophistication And Effectiveness In Botnets

Bots made headlines throughout 2007, and botmasters are getting increasingly sophisticated in their tactics.

3. Cyber Espionage Efforts By Well Resourced Organizations Looking To Extract Large Amounts Of Data - Particularly Using Targeted Phishing

Well resourced organizations – namely, nation-states –will use phishing and other attacks to gain economic advantage.

4. Mobile Phone Threats, Especially Against iPhones And Android-Based Phones; Plus VOIP

The introduction of new mobile computing platforms will lead to increased attacks, and VoIP systems are also vulnerable.

5.Insider Attacks

The threat of an internal strike forces security pros to clamp down on access and set more rigorous policies.

6. Advanced Identity Theft from Persistent Bots

Some bots stay on computers for months, all the while collecting personal data that can be used for extortion and identify theft.

7. Increasingly Malicious Spyware

More sophisticated tactics will evade anti-virus, anti-spyware and anti-rootkit tools, leading to more persistent problems.

8. Web Application Security Exploits

Programming errors in applications like Web 2.0 tools are seen as increasingly vulnerable, giving attackers a new venue.

9. Increasingly Sophisticated Social Engineering Including Blending Phishing with VOIP and Event Phishing

Criminals are using targeted attacks –like a phishing e-mail on job offers for Monster.com users – combined with VoIP to amplify their impact.

10. Supply Chain Attacks Infecting Consumer Devices (USB Thumb Drives, GPS Systems, Photo Frames, etc.) Distributed by Trusted Organizations

USB connections from vendors or conferences increasingly contain dangerous software.

For more info click here.

On the other hand, the latest Internet Security Outlook Report issued by CA, Inc. forewarns that online gamers, social networks and high-profile events like the U.S. presidential election and the Beijing Olympics are among the top potential targets for online attacks in 2008. According to other predictions from this report, bots will dominate 2008 ,Windows Vista is at risk, but mobile devices will still be safe, despite rumors of mobile malware.

Flirting robots: sounds funny, but – is it?

If you speak Russian and think of searching for a wife in a Russian chat-room – think twice. Or at least, having gone into raptures at the fact that some maid from Siberia wants to elope with you, be sure not to give your interlocutor any personal details, like your full name, date of birth or address. Because your dream girl from Russia might turn out to be a chat bot, designed to steal your identity!

“CyberLover”, the software program developed in Russia, can mimic flirtation in chat forums and online dating sites, and then extract personal information from its victims. According to its creators, it can establish a new relationship online with up to 10 people in just 30 minutes. The program can also compile a detailed report - containing the victim's name, contact details and personal photos - on every person it meets which is then sent to hackers across the world.. This could be dangerous because personal information such as somebody’s address and date of birth can be used for example to access bank accounts. Security experts said that the answers to simple questions, such as "Where can I send you a Valentine's Day card?" or "What's your date of birth? I'm planning a surprise for your birthday", could leave people exposed to identity fraud. CyberLover will also often invite its unsuspecting victims to visit a personal website or blog, which is usually a fake page that hackers use to automatically infect visitors with malware.

Although the software is currently targeting Russian websites, all social networkers and online daters should avoid giving away crucial personal information to strangers. PC Tools, the online security company, believes that CyberLover's inventors plan to make it available worldwide in February.

Will online poker be bot-free?

After recent allegations that bots were playing online poker at Full Tilt, the site has issued several players that lost hands with the poker bots refunds. Reportedly, all "bot" accounts have been frozen. It is suspected that the bots played on Full Tilt at the Texas Hold’em Limit cash tables and possibly at some no limit style tables.

Although bots have been a common theme in online poker for several years now, it has been almost impossible to catch them. The case of Full Tilt shows that something can actually be done; hopefully they're able to prevent poker bots from entering their room again.