Highlights
– Hardware and software controlling the Internet’s infrastructure will be vulnerable to new recently discovered security flaws
– Radical extremists from the Middle East will increase their illegal activities online as new fatwas authorizing cyber attacks are issued from religious leaders
– Hospitals and other health care providers will need to boost their cyber security to protect themselves against new hacker attacks
Information technology (IT) security experts are predicting that in 2009, businesses, government entities, and Internet end users could become victims of four lesser-known cyber threats that have the potential to adversely affect global critical infrastructure systems and networks, communications systems, and could possibly have a deep impact on economies around the world. The four types of attacks predicted by IT security experts include:
• Large scale attacks on the hardware and software systems that handle all of the traffic traversing the Internet.
• Radical extremist hackers hacking into governmental or commercial computer systems and networks or participating in online fraud to fund illegal activities.
• Web attacks that adversely affect online advertisement revenue.
• Cyber attacks on healthcare systems and networks at hospitals and other medical facilities.
While the experts agree that some of these threats cannot be addressed by individual governments or businesses, they are urging organizations to become aware of these threats and develop contingency plans to minimize their impact should they occur. In the near to mid-term, we expect more hackers to develop sophisticated moneymaking schemes to turn a profit in the worldwide economic downturn. We also believe there will be an increase in the number of governmental systems attacked by independent and government sponsored hackers between nations in peace and in war. For example, the current conflict between Israel and Hamas in the Gaza strip has caused pro-Palestinian hackers to deface several hundred Israeli based websites, and the Israeli Defense Force (IDF) to hack into Hamas’ Al-Aqsa television station to broadcast pro-Israeli material.
Bringing Down Large Portions Of The Internet
A security expert with Errata Security, a privately held firm that provides in-depth analysis of events and vulnerabilities affecting IT systems and infrastructures, believes that in 2009 the Internet’s infrastructure could suffer its first large-scale and widespread attack. A prediction of wide-scale denial-of-service attacks, potentially from large Botnets, against flaws in the hardware and software that carry and route traffic on the Internet, could break peering (voluntary interconnection of administratively separate Internet networks for the purpose of exchanging traffic between the customers of each network) between Internet Service Providers (ISPs). The resulting effect would cause large portions of the Internet to become unreachable thereby affecting commerce, communications, critical infrastructure systems, and even defense systems.
Radical Extremist Hackers
Experts believe that in the next year, a new breed of hackers linked to Middle Eastern cyber-cartels will expand into online fraud. Research conducted by iDefense, a provider of IT security intelligence to governments and Fortune 500 organizations, indicated a recent wave of fatwas, a religious opinion on Islamic law issued by an Islamic scholar, were issued by religious leaders in the region authorizing individuals and groups with technical computer skills to conduct cyber attacks in defense of Islam. Some of the fatwas have also encouraged cyber-fraud as a means of funding terrorist activities. As a result, some experts fear that US financial institutions may come under increased attack from these extremist hackers.
Over the course of 2009, we expect to see terrorist groups focus more on using the Internet as a means of recruitment, financial gain, and the planning of physical and cyber related attacks upon a number of nations. The most recent example was the heavy use of technology and electronic devices by terrorist in the November 2008 Mumbai, India attacks.
Attacks On Online Advertisement Revenue
One technology that has the potential to become more vulnerable to new attacks that will drive down revenue for many websites who depend heavily on them to survive financially are online advertisements. An IT security expert with Perimeter eSecurity, a provider of on demand security services and technology via a subscription based model, said that their research showed that hackers are targeting Google’s AdWords, a popular means of online advertisement for many businesses and non-profits. The expert said he has seen hackers inject iFrames for SQL injection attacks and other exploits inside the ads on many different websites. Attackers embed the iFrame code in webpages to redirect victims to sites for purposes of fraud or other criminal conduct.
Experts predict that revenue from online advertisement will decline somewhat in 2009, and while hacker attacks might contribute to more users using software to detect and block these types of attacks, their predictions of declining advertisement rates are based more on the current economic down turn rather than hacker attacks.
Attacks Targeting Medical Providers
The last and potentially most damaging threat involves the computer systems and networks used by hospitals and other health care providers. In November 2008, three hospitals in the United Kingdom were forced to shutdown their computer networks after a malware outbreak infiltrated their systems. The hospitals’ networks were taken offline after a Mytob worm infection got out of control. Medical staff in some cases had to revert to using pen and paper.
With many hospitals and supporting specialists and pharmacies migrating to electronic medical records (EMR) to improve efficiency, accuracy and to reduce costs, the threat of hackers taking the electronic medical and records systems offline or erasing critical data is of dire concern. Security experts fear that a directed and sustained cyber attack against a hospital’s computer systems and networks or a critical infrastructure that the hospital replies upon such as electricity or telecommunications could have deadly consequences.
Constant Vigilance Needed
In 2009, it will be important for IT security professionals along with security vendors, consultants, and law enforcement to track the four aforementioned threats along with the other typical cyber threats security experts are expecting to increase. By taking a pro-active approach to auditing hardware and software machine code, and keeping systems patched, and strictly enforcing sensible IT policies, businesses and governments can help prevent large disruptions to their continuity of operations and online services.