Cybercriminals ahead of infosecurity

The security industry is lagging behind hacking technology, warns a report from the Georgia Tech Information Security Centre (GTISC).

The security industry is lagging behind hacking technology, warns a report from the Georgia Tech Information Security Centre (GTISC).

The rapid rate of web and mobile application development has outpaced information security technology, said the report compiled by a panel of security experts.

Collaboration between the security industry, mobile carriers, ISPs and application developers is expected to begin closing this gap.

However, the report concludes that "the emphasis on functionality over security may not change in 2008."

According to the report the IT community needs to address website, messaging, mobile and RFID attacks.

"In 2008, expect to see underground organisations shift tactics to focus more on Web 2.0, particularly mash-up technologies," said panel member Gunter Ollmann, director of security strategy at IBM.

Websites need to be more securely designed, threat-detection systems should be more behaviour-based and browser-level content filtering needs to improve, the report said.

Advances in anti-spam technology are expected to drive an increased number of specifically targeted messaging attacks in the coming year.

The report predicts the increased use of spam disguised as business content and links to malicious sites being embedded in instant messages and video clips.

There will also be a move away from traditional phishing scams to more permanent threats such as installing malware directly on users' PCs to steal information.

As traditional security approaches become less effective, users will need to be educated to be less trusting online, the report said.

The GTISC estimates that one in 10 computers connected to the internet are part of a botnet, used increasingly for fraud.

"We will see a continued increase in the amount of fraud carried out by botnets in 2008, pushing levels of users infected by a bot to one in 10 or greater," said panel member Wenke Lee, associate professor of computing at Georgia Tech.

With the growing popularity of VOIP, voice spam and voice phishing is likely to increase in the coming year.

"Countermeasures against mobile convergence threats include security on the handset and more security at the carrier network level," the report said.

Finally, the report said security for radio frequency identification (RFID) systems is still extremely limited and hacking attacks are expected to increase.

The panel predicts this will change as RFID usage expands to replace barcodes, track high-value items and mark high-denomination bank notes.

Read more on IT risk management