Targets for malicious attacks in 2009

MX Logic published a list of New Year’s Resolutions that it predicts spammers to make this coming year. They are:

1. Harass users on Facebook, Twitter, MySpace and other Web 2.0 Sites
In 2008, spammers stepped up their efforts to hit interactive social networking sites with unsolicited email and malicious links. MX Logic expects a surge of attacks through these Web 2.0 vectors as membership continues to increase and business applications accelerate.

2. Infect legitimate Websites with malicious links
Attackers will likely accelerate efforts to hide malicious code within the deep layers of legitimate Websites, making visitors more vulnerable to “clickless” infections of malicious content.

3. Give mobile phone bots a makeover
While most of the current mobile malware exists for older mobile platforms, the ability to download applications to modern mobile devices like the popular iPhone creates new opportunities for spammers to exploit in 2009.

4. Make botnets more nimble and resilient
The shutdown of the infamous McColo provider severely disabled several botnets causing spam traffic to plummet as much as 50 percent. MX Logic expects spammers to create or update botnets that are more resilient and less reliant on any single hosting provider or registrar.

5. Improve and increase social engineering tactics
Spam campaigns based on timely news or events will continue to rise in 2009 as spammers make their campaigns more legitimate looking and difficult to detect.

To help protect against these and many other email and Internet threats, MX Logic recommends the following:

1. Secure in layers
Rather than rely on any single piece of anti-spam and anti-virus solution or technology, deploy multiple layers of security throughout the organization.

2. Automate security updates
As malicious attacks become more dynamic, it will become increasingly important to stay current on security updates and patches. Consider implementing a managed security service, which is constantly monitored or updated by a third-party vendor.

3. Invest more in end-user education
The weakest security link of any organization remains the end user. While IT and employee training budgets are likely to be tight this year, remember that an ounce of prevention is worth a pound of cure.

4. Eliminate “Network Perimeter” from your vocabulary
With today’s mobile workforce and the explosive growth of mobile devices, the notion of protecting the network perimeter is all but dead. Reinforce this idea with end-users and upper management by eliminating this idea altogether.

5. Get over the do-it-yourself IT trap
It’s easy to focus on cost cutting by doing it yourself, but you may be paying more in the end. Modern managed security services that filter email, protect Web browsing or even archive messages not only lower overall capital costs, but may be more effective as they’re monitored and maintained 24×7 by someone else.