7JANUARY/FEBRUARY 2007

NEWS

Network Box, an international threat management service, expects that with advancement

in Trojan software, the threat from botnets will be reduced. But something needs to be done

fast. In 2006, a 200% increase in spam attacks occurred, a large percentage of which were

recognised as a result of botnet activity. In December, seven out of the top ten threats were

Trojan horses, designed to gain unauthorised access to infected machines in pursuit of

criminal activity.

Using Trojans, attackers have been able to develop increasingly sophisticated data-stealing

malware. Simon Heron, technical director of Network Box is confi dent that despite the

progression of Trojans, defences will be stronger. “Trojan software is now getting sophisticated

enough to look for updates to remove these bugs. These campaigns will become much more

successful in 2007”, he says.

In 2006, there was a noticeable reduction in new viruses emerging, although worm

variants were on the increase. New versions of the Warezov worm, designed to carry and

install Trojans, emerged in the last few months of the year and was named, amongst others,

as aiding the rise of the botnets.

But how is the security threat landscape set to change in 2007?

The uptake of VoIP is expected to become a victim of attack for 2007. Heron says: “VoIP

is an ideal target for hackers in 2007. It’s a new protocol and is quite complicated. It has not

been integrated well into fi rewalls”.

WiFi attacks are also set to increase. Mikko Hyppönen, chief research offi cer for F-Secure

predicts that vulnerabilities in WiFi drivers will be exploited in 2007. Hyppönen also expects

an increase in MMS and SMS spam in the new year, and predicts a rise in spyware on

smartphones, used to monitor calls and messages.

Phishing is forecast to remain a growing problem, although the target for attackers is

expected to change. Phishers will target smaller banks and major brand names, such as

Flickr and MySpace. Hypponen says: “[phishing] is a perfected crime: the money is good and

nobody is getting caught.”

And fi nally, the launch of Microsoft’s Vista is expected to impact largely on the changes in

the malware and security world in 2007. Writers will be forced to re-compose malware to get

through Vista’s rules, but attackers are already racing to develop ‘Visa-compliant’ malware.

Patchlink announced fi ndings from a customer survey that revealed that IT professionals

are aware of the security threats expected in 2007, and are taking necessary precaution.

Sixty six per cent of IT professionals plan to spend more on security in 2007 than they did in

2006. Happy new year!

Cisco buys IronPort to feed NACCisco has agreed to buy email fi ltering vendor IronPort for $830m. The deal is said to add

some fl esh and blood to the networking giant’s ‘self-defending network’ framework, of which

its Network Access Control initiative is part.

IronPort sells email security appliances that fi lter email by sender reputation. Its

technology marks Cisco’s fi rst foray into the anti-spam market.

Richard Palmer, senior vice president of Cisco’s Security Technology Group, said in a

statement. “We feel there is enormous potential for enhanced email and message protection

solutions to be integrated into the existing Cisco self-defending network framework [NAC]”.

IronPort will become a Cisco unit. Upon close of the transaction, the 408 strong IronPort

team and product portfolio will operate as a business unit in Cisco’s Security Technology

Group, reporting to Richard Palmer.

The deal is yet another instance of mainstream IT vendors acquiring security pure plays,

following such acquisitions as EMC’s of RSA and IBM of ISS. Last year, in another lateral

security move, Cisco acquired video surveillance company SyPixx.

With reports common that spam now accounts for 90% plus of enterprise email, it seems

a timely acquisition.

IN BRIEF

MI5 gives some the vapoursMI5’s recently launched email alert

service to keep people informed of

changes in the national security threat

level has drawn criticism for causing

information privacy concerns. The

service was sending unencrypted

registration information to an American

contractor. MI5 has reportedly dropped

the US company, and is using servers

in the UK over SSL links. The Register

and the BBC, which slammed the Alert

‘a shambles’, covered the story which

originated with activists at Spyblog.

Anti-security predictions 2007CA’s Simon Perry, VP Security Strategy,

EMEA, and a man whose visage has often

graced this magazine, has come up with fi ve

counter-predictions for this year.

1. The internet will not be taken down by (so

called) cyber terrorists in 2007.

2. Ransomware will not hold the majority of

people hostage in 2007.

3. Boards will not pay noticeably more

attention to IT security in 2007.

4. Microsoft’s Vista will not prove to be full

of security holes.

5. Microsoft’s Vista will not solve all our

security problems.

Opting out is hard to doReports have emerged that current GP and

hospital records, will be uploaded to UK

NHS regional hosting centres without any

provisions for opting out from the system’s

database. There are plans to implement

‘sealed envelopes’ that would allow

individuals to seal portions of their health

care records.

Almost one third of UK companies spam happyA study of compliance to the EU Directive

on Privacy and Electronic Communications

among large UK companies has found

that 31% of them do not provide ‘non-

customers the opportunity to actively opt-in

or otherwise consent to further marketing

emails.

IS071p6_9.indd 7IS071p6_9.indd 7 24/01/2007 14:57:4924/01/2007 14:57:49