Virtualisation will play an important role in defending users of
Web 2.0 technologies from malware attacks, it was claimed
today.
Virtualisation is likely to become a key proactive defence
against huge volumes of increasingly complex web-based attacks,
Stefan Tanase of Kaspersky Lab told the ISSE 2009 security
conference in The Hague.
Users will be able to run suspicious applications in a virtual
sandbox so that if the application is malicious, their systems will
not be harmed, he said.
The shift to virtualisation is being driven by an explosion of
attacks that exploit the technologies and trusted environments
created by social networking sites, he said.
Attacks that use social networking sites are ten times more
successful than email-based attacks, research by Kaspersky Lab
reveals
Cybercriminals are exploiting the fact that people are much more
likely to click on something if they think it comes from one of
their social networking contacts, said Tanase.
Criminals are also exploiting the growing number of applications
found on social networking sites because end-users cannot see the
malicious code behind apparently legitimate applications.
A good example is a photo of the day application on Facebook
that was running java scripts in the background to carry out
distributed denial-of-service attacks, said Tanase.
Facebook has been slow to respond and although it has announced
an application certification initiative, it unlikely that all
applications will be covered as it is costly for developers, he
said.
Social networking sites and other websites are focussed on
improving usability, but this does not go well with security, which
is often overlooked or neglected, said Tanase.
The complexity of these attacks will continue to grow, he said,
as cybercriminals tap into the same increasingly public information
used for targeted advertising.
In the same way criminals will be able to personalise attacks
based on the interests or geographical locations of their intended
victims, said Tanase.
The next step will be bulk, automated attacks of this kind, so
users should be careful of what information they share, he
said.