2013's biggest security issues: Cloud botnets, search poisoning and mobile attacks

By Jon Gold, Network World |  Security, cloud security, Mobile Security

Researchers from the Georgia Tech Information Security Center today released their official 2013 cyberthreats forecast, detailing what they say will be the most serious computer security issues in the coming year.

MORE ON SECURITY: Firefox users slowest to update browser, Kaspersky Lab finds

THE CLOUD

First on the list -- the use of cloud computing for malicious purposes. The same flexible provisioning capabilities that let legitimate businesses quickly add or subtract computing power could be used to instantly create a powerful network of zombie machines for a wide array of nefarious purposes.

"If I'm a bad guy, and I have a zero-day exploit and the cloud provider is not up on their toes in terms of patching, the ability to exploit such a big capacity means I can do all sorts of things," Microsoft Windows Azure Distinguished Engineer Yousef Khalidi said in the report.

SUPPLY CHAIN

Globalized supply chains pose another, potentially even more serious security problem, according to the Georgia Tech researchers. The ongoing controversy over possible security flaws in products manufactured by some Chinese companies like Huawei and ZTE has businesses worried that their systems could have a built-in back door, making them vulnerable to compromise. (The researchers cite reports from Washington think tanks, as well, noting that the Chinese are concerned about the same issue where U.S.-made products are concerned.)

RELATED: Huawei security chief: We can help keep U.S. safe from 'Net threats

It's difficult to address this problem, according to the report, given the expense and headache of constant, floor-to-ceiling monitoring -- one of the central reasons the researchers take it so seriously.

SEARCH POISONING

The danger of search engine poisoning, as well, was cited in the report as one that businesses would do well to pay attention to. While garden-variety black-hat SEO and straightforward compromises of legitimate websites are serious enough threats, the authors say that tampering with a user's search history provides a new attack vector.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Ask a Question
randomness