DHS Warns of Online Threats
The top Internet threats for 2006 will include more attacks targeting instant-messaging networks and handheld devices, the Department of Homeland Security and the National Cyber Security Alliance predict.
The National Cyber Security Alliance, a clearinghouse for security awareness and education, teamed with DHS to create a list of emerging threats in the hope that more U.S. consumers would prepare themselves for attacks, according to a NewsFactor report.
The predictions, which include cautions about an oncoming wave of identity hacks against online brokerage accounts, have been prepared over the past year, according to the NCSA, with the aim of focusing attention on online protection.
“Arming consumers with a list of emerging threats is just the first step to educating consumers about the ever-evolving online security environment,” Ron Teixeira, NCSA executive director, says in a statement. “It is critical that we also empower users with the how-to practices to protect themselves against these risks.”
According to the report, there are four main emerging threats likely to grow in the coming year: hackers using instant messaging to spread viruses and worms; phishing becoming more widespread; virus attacks on cell phones and PDAs; and hackers targeting online brokerage accounts.
The NCSA also expressed concern that a majority of Internet crimes go unreported, making the development of advanced protections against them more challenging.
Consumers are being urged to increase their preparedness by employing several strategies, including installing and regularly updating security software.
The report cautions users not to open unexpected e-mail or download attachments found in them. Precautions should be taken to protect mobile devices, the organization said. And, finally, Internet crimes should be reported to authorities.
Although the threats detailed by the NCSA and the report’s coverage in the media likely will cause consumers to take more action to protect themselves against the highlighted risks, enterprises also should take note of the potential for attacks.
Phishing, in particular, has begun to affect more companies, and enterprises should create strong controls for protecting their networks, Javier Santoyo, development manager for Symantec Security Response, tells NewsFactor.
Although Santoyo did not comment on the NCSA list specifically, he did echo some of its findings, reporting that Symantec has seen phishing not only become more prevalent and sophisticated, but also target specific corporate sites.
“The majority of vulnerabilities being discovered are turned into attacks designed for financial gain,” he says.
Companies can limit their vulnerability by educating users about configuration management and possibly employing heuristics-based products, he adds.
“The main thing is monitoring what’s going on at the desktop level and the network level,” he says. “Know what users are bringing onto the system in addition to who’s trying to break in.”