Hackers look to trick staff as software toughens up

Gartner Security Summit: IT leaders advised to prepare for more social engineering attacks and analysts assess new security features in the forthcoming Windows Vista

Businesses should prepare themselves for targeted social engineering attacks by cybercriminals as the security of software improves, delegates at the Gartner Security summit in London heard last week.

Security improvements in Windows Vista, the next version of Micro­soft's operating system, will lead to hackers increasingly preying on unsuspecting staff to obtain confidential information or plant malicious code on systems, said Gartner research director Peter Firstbrook.

"The approach [for hackers] now is, if we cannot find a vulnerability we will convince the end-user that malicious code is good for them to download," he said.

Firstbrook said hackers would increasingly borrow strategies from adware designers. These could include hiding malicious code in useful applications and making the code reproduce so that it is almost impossible to delete.

Criminals will also increasingly target organisations with custom code, distributed in such small quantities that it will not be worthwhile for anti-virus companies to add it to their threat signatures, said Firstbrook.

"Targeted attacks are most serious, particularly the ones that do not have mass distribution," he said.

E-crime has become big business and is now better funded than the drugs trade, said Firstbrook. Hackers are developing malicious code in well resourced teams to sell or rent to other criminal groups, he said.

These criminal groups are using advanced technology, including hiding viruses in rootkits, or developing poly­morphic viruses that continually change shape to evade anti-virus software.

IT departments should respond by pressing suppliers to integrate security products, delegates at the conference were urged.

Read article: Minor change can help train for disaster

Read article: Lack of openness could limit Vista security gain

Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at: www.computerweekly.com/ITgreats

Read more on IT risk management