Looming Online Security Threats in 2008

(page 2 of 2)

Although traditional PC software such as Microsoft's (MSFT) Windows operating system and Office programs still present the broadest target because of their hundreds of millions of users, hackers are increasingly attacking online services, says Scott Charney, Microsoft vice-president for trustworthy computing. Worse, traditional virus attacks that crash PCs or issue floods of commands to overwhelm Web sites are being augmented with malicious software that can swipe personal information, such as bank and credit-card numbers.

To be sure, it's in the interest of companies that sell security software to maximize fears that there's a cyberthreat lurking behind every mouse click. At the same time, the sheer size of attacks is getting larger, and the Web's incursion into nearly every facet of daily life presents attackers with more ways than ever to strike.

Cellular and Corporate Caution

For consumers, it's not just their profiles on social networks that can be mined for personal information. Sophisticated smartphones that run full-fledged operating systems and e-mail applications, and hence store more valuable data, could present tempting targets. Security researchers have found numerous ways to break into prominent mobile-phone platforms from Symbian and Microsoft, and quickly demonstrated ways to hack (BusinessWeek.com, 7/23/07) into Apple's (AAPL) new iPhone. "All of a sudden on that phone is the stuff the identity thieves go after," says Gartner's Pescatore, noting security vendors have been hyping the cell-phone threat for years, while the damage hasn't amounted to much.

In the corporate world, criminals are hunting for more of the valuable information stored on companies' servers. A computer breach at T.J. Maxx (TJX) in 2005 and 2006 may have handed hackers access to credit- and debit-card numbers for up to 94 million of the retailer's customers—double what the company originally reported, according to court documents filed by Visa and MasterCard (MA) in October.

Cyberthieves are also attacking corporate databases in search of undisclosed financial data or proprietary design and engineering information that can be sold, says Phil Dunkelberger, CEO of security software company PGP. "The really big money now is going to be in stealing intellectual property," he says.

Viruses: More Sophisticated Bait

Hackers are also unleashing viruses that can recruit armies of consumer PCs into larger networks of remote-controlled machines. These "botnets" can distribute spam, attack database software, or keep a record of users' keystrokes. One of the worst, Storm Worm, has infected tens of millions of PCs this year.

Even the messages containing virus payloads are getting slicker. In the past, as compared with the sophistication of the viruses, the e-mails carrying them were rather crude. That made users less likely to follow their instructions, says David Perry, director of global education at security software vendor Trend Micro (TMICY). "These were really well-written viruses, but nobody in the U.S. would click on them because they sounded like they came from Boris and Natasha," he says, referring to Cold War characters from the old Rocky & Bullwinkle cartoons. Now, he says, "they're hiring professionals" to write the e-mails.

Security Tips

Given the assortment of nasty behavior befouling the Internet, what's a PC user to do? BusinessWeek.com consulted the experts, who offered the following advice:

• Don't give away any valuable or sensitive personal information on your MySpace or Facebook profile, or within messages to other members of the network. And don't click on any links in social network messages from people you don't know.

• No reputable company will ask for your password, account number, or other log-in information via e-mail or instant message.

• Use one of the many antivirus, antispyware, and firewall programs on the market. Often, vendors offer all three functions in a single package. And many Internet service providers offer them free with your monthly subscription.

• Upgrade your browser to the most current version. From Microsoft, that's Internet Explorer 7. Mozilla's Firefox is on version 2, as is Apple's Safari browser.

• Pay attention to the messages from Windows that pop up on your screen, especially in the new Vista operating system. They often contain helpful security information that many users overlook.

• Turn on Windows' automatic-update function to get Microsoft's regular security patches.

Click here to see the slide show.

Ricadela is a writer for BusinessWeek.com in Silicon Valley.