Financially Motivated Cyber Attacks Rising

by CXOtoday Staff    Sep 20, 2006

Gartner has identified the five major security threats for businesses in the coming two years as targeted threats, identity theft, social engineering, spyware and virus.

As part of its 2006 Cyberthreats Hype Cycle, the research firm published its findings in which it assessed initial awareness, maturity, impact and market penetration of 35 IT security threats that are likely to affect the manner in which IT enabled organizations conduct their daily business.

It believes that security scenario in the cyberspace has changed dramatically over the last few years and evolved into a riskier proposition given the sharp increase in the financially motivated cyber attacks.

Amrit Williams, Research Director at Gartner predicted that by 2008 nearly 40% of organizations will be targeted by financially motivated cybercrime. He said, “Cyber attacks are not new, but what is changing is the motivation behind them. They are no longer just executed by hackers for hobby or cybervandilism, but by professionals with a targeted aim at one person, one company or one industry. We have recently seen several companies hiring private investigators to spy on their competitors. Private investigators used Trojans to install targeted spyware on competitors’ computers to gather confidential information about such things as upcoming bids and customers.”

In light of a significant growth in the number of targeted attacks experienced by organizations globally, Gartner has urged businesses to invest more in preventive measures such as intrusion detection, prevention systems and performing security vulnerability assessment tests. Targeted threats can lead to exposure of mission critical business data and customer sensitive data and inflict serious damage to corporate reputation.

Another key security threat is Identity theft wherein an individual’s personal or financial information is fraudulently stolen for the purpose of stealing money or committing other crimes. Gartner advised businesses to club fraud detection, user authentication and transaction verification measures to combat the menace.

Social engineering is also likely to remain a major cause of concern for IT security managers in the next couple of years. Here, legitimate users are tricked by malicious hackers and attackers to reveal their sensitive information. Social engineering can be tackled by making users more aware of such manipulative tactics and by deploying content monitoring and filtering tools, said Gartner.

Besides these, Spyware and Virus will continue to keep preying on ignorant and unsuspecting users as highly sophisticated technologies and resources continue to be used by attackers in the coming years.

Giving a perspective on the future trends in the next five to 10 years, Gartner specified rootkit as the most potentially dangerous threat. A rootkit is a modified system file, such as Windows dynamic link library (WindowsDLL) or a collection of files that attackers use to replace desktop or server system files to gain undetected administrative access to the system. This provides the hacker with complete access similar to what system administrators have and allows him to perform any function he desires.