The security industry is lagging behind hacking technology,
warns a
report from the Georgia Tech Information Security Centre
(GTISC).
The rapid rate of web and mobile application development has
outpaced information security technology, said the report compiled
by a panel of security experts.
Collaboration between the security industry, mobile carriers,
ISPs and application developers is expected to begin closing this
gap.
However, the report concludes that "the emphasis on
functionality over security may not change in 2008."
According to the report the IT community needs to address
website, messaging, mobile and RFID attacks.
"In 2008, expect to see underground organisations shift tactics
to focus more on
Web 2.0, particularly mash-up technologies," said panel member
Gunter Ollmann, director of security strategy at IBM.
Websites need to be more securely designed, threat-detection
systems should be more behaviour-based and browser-level content
filtering needs to improve, the report said.
Advances in
anti-spam technology are expected to drive an increased number
of specifically targeted messaging attacks in the coming year.
The report predicts the increased use of spam disguised as
business content and links to malicious sites being embedded in
instant messages and video clips.
There will also be a move away from traditional phishing scams
to more permanent threats such as installing malware directly on
users' PCs to steal information.
As traditional security approaches become less effective, users
will need to be educated to be less trusting online, the report
said.
The GTISC estimates that one in 10 computers connected to the
internet are part of a botnet, used increasingly for fraud.
"We will see a continued increase in the amount of fraud carried
out by botnets in 2008, pushing levels of users infected by a bot
to one in 10 or greater," said panel member Wenke Lee, associate
professor of computing at Georgia Tech.
With the growing popularity of VOIP, voice spam and voice
phishing is likely to increase in the coming year.
"Countermeasures against mobile convergence threats include
security on the handset and more security at the carrier network
level," the report said.
Finally, the report said
security for radio frequency identification (RFID) systems is
still extremely limited and hacking attacks are expected to
increase.
The panel predicts this will change as RFID usage expands to
replace barcodes, track high-value items and mark high-denomination
bank notes.