'Crimeware as a service' set to increase over the next two years
According to the Information Security Forum's (ISF) Threat Horizon list for 2011, it is already seeing a shift from indiscriminate events to highly targeted and planned attacks using a combination of social engineering and technical methods to steal identities and information for fraud.
The ISF also pointed to evidence that criminal organisations are recruiting employees as moles or sponsoring students through their IT education and placing them into targeted organisations.
Jason Creasey, head of research at the ISF, said: “Many of the threats in 2011 will be familiar ones that are evolving and will present new and sophisticated attacks to compliment tried and tested techniques.
“It is also clear that the financial crisis is accelerating these changes, fuelled by increasing staff turnover and dissatisfaction along with the increased involvement of organised criminal groups that see online crime as a lucrative and low risk alternative to other nefarious activities.”
Its top ten list of threats for 2011 also includes weaknesses in infrastructure, eroding network boundaries, mobile malware, vulnerabilities of Web 2.0 and incidents of espionage. It claimed that the ‘crimeware as a service' model offers services such as DDoS attacks, botnet rental, malware creation and electronic money laundering. For more exclusive, targeted attacks, the criminal world is using techniques such as whaling - targeting high net worth individuals - and attacks tailored to individual organisations.
Prof. Howard A. Schmidt, CEO of the ISF, said: “Data is now the gold, the silver and diamonds of the online world and criminals see it as a low-risk way to steal money without going anywhere near the crime scene.
“But even in today's financial climate and increased threat environment, we are better placed than ever before to meet these challenges – as long as we have the resolve to strengthen and invest in security rather than reduce it.”