Malware-infected USB tops list of 2011 threats, says Narus

The threat posed by malware-invested USB drives is one of the top cybersecurity threats identified by Narus for this year. One out of every eight malware attacks on computers enters via a USB device, according to David Friedman, chief marketing officer at Narus.

Another threat is the growth of increasingly sophisticated peer-to-peer botnets. “Botnets have begun using protocols such as HTTP and DNS for coordinating their bots since these traffic flows are always allowed by firewalls by default. The challenge therefore lies in detecting which HTTP or DNS traffic corresponds to bots vs. legitimate users”, Friedman wrote.

In addition, distributed denial-of-service attacks will increasingly be used by political activists and by state and non-state actors to take down websites and critical infrastructure of opponents, the company predicts.

In addition, social network users should expect increasing attacks on their accounts, designed to steal personal information that can then be used to obtain fraudulent credit cards and bank accounts.

Clickjacking and cross-site scripting are expected to grow in frequency in the future as well. “The goal of clickjacking and cross-site scripting is to trick users into revealing confidential information, or taking control of a user’s computer while they click on seemingly innocuous websites. It takes the form of embedded code or scripts that can execute without the user’s knowledge, such as clicking on a button that appears to perform another function”, Friedman explained.

The explosion in the popularity of cloud computing is expected to trigger a similar explosion in cybersecurity threats to cloud-based services. “Companies that adopt cloud-based services are made vulnerable as sensitive information (financial, employee, corporate, and medical) travels to and from protected networks via a public pipe, creating many more opportunities for data infection or theft”, he wrote.

Friedman stressed that technology alone cannot stem cybersecurity threats. Technology must be accompanied by changes in people and processes. “First, we must ensure the proper processes are in place for airtight control over critical networks and technologies. Next, we must constantly educate our employees as well as leverage new talent to maintain an army of ‘cyber warriors’”, he concluded.

What’s Hot on Infosecurity Magazine?