FBI warns of dreadful cyber attacks in future

Researchers have mapped for the first time how the last British ice sheet shrank during the Ice Age.

Updated: Feb 15, 2011, 12:17 PM IST

Washington: The year 2010 might have ended with a bang for most consumers as well as large MNCs, but the one aspect that really has seen change is the behavior of malware.

In fact it’s more than just a behavioral change, 2010 was more of an evolution as far as malware coding is concerned.

A report released by the FBI, USA says that more than half a billion users connected via social networks such as Facebook, Twitter, MySpace, and the likes, users are prone to infections that spread via USB or CDs.

Malicious links or click-jacking (as it’s called) is the next step to tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous Web pages. So what does the year 2011 hold for us users? Here is a brief outlook of what we can expect in the year 2011.

Year 2011 will see a new wave of cyber-terrorism where nations will prefer bringing down high value targets through cyber attacks rather than calling for a military strike. Such was the case in 2010 where Israel and the US played a major role in bringing down a Nuclear Power plant in Iran. India too is beginning to see the light of cyber-warfare with the recent defacement of the CBI website by programmers identifying themselves as ‘Pakistani Cyber Army’. While this was just a breach, ‘Nation Sponsored Hacking’ will be taken to greater heights starting 2011.

As mentioned, 2010 saw a rather radical change in the way cyber attacks are getting target specific. For instance, the Stuxnet worm that was discovered in July 2010 was and is still considered as a groundbreaking piece of malware ever created. So complex was the worm that it not only consisted of multiple layered attacks but also contained 4 zero-day vulnerabilities (Windows). In addition to this the attacks were more target specific and affected only industrial infrastructure. In this case, the Stuxnet worm was specifically designed to take control of nuclear power plants.

The Stuxnet worm is by no means going to be the last and major industrial attack we will be seeing. As a matter of fact 2011 will be the year where we will see a drastic change in the way cyber-attacks are going to be carried out.

With Facebook and Twitter becoming one of biggest and sort after social networking sites cyber criminals are using this as a launch pad to target users. With access to over a million applications and without any sort of application authenticity in place getting infected is just a click away. A method known as click-jacking is fast growing in the social networking world. Here the infection passes on only when the unsuspicious user grants access to the malicious application thereby giving full access to retrieve user information. Here common sense is the best defensive tool.

Cybercrime is no more about money – it’s more about protests. Especially with the recent leaks of diplomatic cables that were produced by WikiLeaks. Attacks such as DDoS (Distributed Denial of Services) were carried out against governments and organizations that did not support or stand by the publication of the highly volatile documents that were uncovered.
Initiated by a group called Operation Payback, 2011 will see more such attacks either by Operation Payback or by newly emerging groups.
Financial Application Targeting / Man in the Browser Attack (MitB)
Viruses such as Zeus and URLzone have shown great interest in targeting financial sites; an attack best known as Man in the Browser attack. Once infected the Trojan has the ability to modify pages, transaction content or even insert additional tractions, completely invisible to both the user and host application. The Trojan basically hooks on to Browser extensions, scripts, Browser Helper Objects therefore making it virtually invisible to virus scanner. The only way to counter a MitB attack is by utilizing transaction verification.

Search Engine Optimizations or SEO is basically used for improving the visibility of a website in search engines. BlackHat SEO on the other hand helps index and position fake/fraudulent websites in search engines. This is best achieved by making use of widely used topics, events, celebrity name. Actually anything that is most searched for or that is of great interest to the public.

Bureau Report