Common Paradox Tech Blog

Cybercriminals have a lot in common with the Periplaneta americana, the common household cockroach. They seek out the dark, poking and prodding for ways to get in where they are unwanted. In their case it isn’t food, but the misery of computer users they seek out. And, just like cockroaches, once you think you’ve got them blocked, they find a new way in.

Kaspersky Labs’ Cyberthreat Forecast for 2010 says that IT managers and users are becoming more savvy, making fake programs, gaming Trojans, or web sites less useful for cybercriminals. Instead, it looks like they’ll be focusing their attention on P2P networks, botnets, and mobile platforms.

P2P networks will be used to support malware attacks. According to Kaspersky: “This method has been used to spread notorious threats such as TDSS and Virut as well as the first backdoor for Mac OS X. In 2010, we expect to see a significant increase in these types of incidents on P2P networks.”

Mobile platforms, iPhone and Android, will also be more frequently targeted. Kaspersky suspects that iPhone users, without compromised handsets, will be okay, but that Android users might be in for some pain: “The increasing popularity of mobile phones running the Android OS combined with a lack of effective checks to ensure third-party software applications are secure, will lead to a number of high-profile malware outbreaks.”

As for botnets, Kaspersky sees them as offering profitable possibilities by manipulating Internet traffic: “In the future, we foresee the emergence of more "grey" schemes in the botnet services market. These so-called "partner programs" enable botnet owners to make a profit from activities such as sending spam, performing denial of service (DoS) attacks or distributing malware without committing an explicit crime.”

Lastly, Kaspersky sees Google Wave as a potential target for 2010. It’s new. It’s untested. And therefore it’s vulnerable. Kaspersky says: “Attacks on this new Google service will no doubt follow the usual pattern: first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware.”

Image Credit: Gary Alpert/Wikimedia Commons

angry tapir writes “Cyber attacks on the US Department of Defense — many of them coming from China — have jumped sharply in 2009, a US congressional committee has reported. Citing data provided by the US Strategic Command, the US-China Economic and Security Review Commission said that there were 43,785 malicious cyber incidents targeting Defense systems in the first half of the year. That’s a big jump. In all of 2008, there were 54,640 such incidents. If cyber attacks maintain this pace, the yearly increase will be around 60 percent. The full report (PDF) is available online.”

Read more of this story at Slashdot.

Mid-sized businesses are finding themselves in a precarious position as of late. Forced to cut back spending because of the ongoing recession, many firms are spending less on security, but at the same time, cyber attacks are on the rise, according to a McAfee report released today.

McAfee surveyed 900 mid-sized businesses around the globe with workforces ranging from 51 to 1,000 employees, and more than half of them reported an increase in security breaches over the past 12 months. The United States, along with India, ranked at the top of the charts with 63 percent of organizations noting an increase in attacks, and only China was higher at 68 percent.

But what’s most frightening is how many of those same organizations think they’re only a single serious security breach away from being put out of business. Of those surveyed in the U.S., 71 percent said it’s a real possibility, yet IT budgets have either dropped or remained the same.

"An organization’s level of worry and awareness about increasing threats has not overcome the downward pressure on budgets and resources," said Darrell Rodenbaugh, senior vice president of global midmarket for McAfee, in a statement. "But this creates a vicious cycle of breach and repair that costs far more than prevention."

While most companies note that a single attack could do them in, McAfee notes that most businesses may underestimate the risk. Over 90 percent of those surveyed felt they’re protected from cybercriminals and aren’t in as much danger as larger businesses.

Image Credit: techdigets.tv

Trailrunner7 writes “A new report by a Washington policy think tank dismisses out of hand the idea that terrorist groups are currently launching cyber attacks and says that the recent attacks against US and South Korean networks were not damaging enough to be considered serious incidents. The report, written by James Lewis of the Center for Strategic and International Studies, looks at cyberwar through the prism of the Korean attacks, and calls the idea that terrorists have attack capabilities and just aren’t using them ‘nonsensical.’ ‘A very rough estimate would say that there is a lag of three and eight years between the capabilities developed by advanced intelligence agencies and the capabilities available for purchase or rental in the cybercrime black market. The evidence for this is partial and anecdotal, but the trend has been consistent for more two decades,’ Lewis writes.”

Read more of this story at Slashdot.

Lockheed Martin is getting a $31 million contract by the US government to work on reinventing TCP/IP for a new Military Network Protocol. Also lending a hand in this effort to create a proper cyber-arsenal is Microsoft. What a team!

Based on what Lockheed Martin’s John Mengucci is saying, the contract’s main focus is to make preparations for attacks through our most beloved medium:

“New network threats and attacks require revolutionary protection concepts. Through this project, as well as our cyber Mission Maker initiatives, we are working to enhance cyber security and ensure that warfighters can fight on despite cyber attacks.”

We’re not really seeing much more information about the details of what Lockheed and Microsoft will be doing, but we can start shouting about Skynet anyway, right? [The Register via Slashdot]

Photo by YOO – Social Software for Business