Security 2007: keeping ahead of the hackers

The web will take over from email in 2007 as the threat vector of choice for hackers and cyber-criminals, according to IT security firm ScanSafe.

The firm said that 2006 marked the ascendance of web threats such as the Windows Meta File flaw, and that this trend is expected to continue in 2007 as more and more threats shift to the web.

Malware authors are also expected to continue to target Web 2.0 sites making real-time scanning imperative.

As more users go online to take advantage of Web 2.0 applications like social-networking sites, blogs, wikis and RSS feeds, malware authors are going to be right behind them, ScanSafe warned.

The ScanSafe Threat Centre found that in August up to one in every 600 social-networking pages was hosting malware, including MySpace and YouTube.

Also of mounting concern is the potential for abuse of Ajax and Web 2.0 applications. Cross-site scripting worms, for example, can insert malicious code into dynamically generated web pages.

This could allow an attacker to change user settings, access account information, poison cookies with malicious code, expose SSL connections and access restricted sites.

The third most pressing IT security danger, according to ScanSafe, is that hackers will increasingly use instant messaging to send spam and malware.

According to a survey by the ePolicy Institute, 31 per cent of employees use IM at the office, and 78 per cent of those users are downloading free IM software from the internet.

However, only 11 per cent of organisations employ IM gateway/management software to monitor, purge, retain and otherwise control IM risks and use.