2008 Will Be The Year Of Olympics And Obfuscation
By:
Angelo Mathews
| Dec 07,2007
Attending the BankTech Congress 2007 in Mumbai gave us more than one reason to be aware that the web in the future won’t be as safe as it is today. In a recent report, Gartner said that 2008 will be a real test for antivirus companies as more and more threats are added to the list. With code obfuscation – a new kind of threat – due to hit Indian cyber space in a big way, it’s better to be prepared now than wait for it to actually happen.
Yes Bank CISO Japjit Sandhu, while speaking on ‘Identifying the Latest Hacking Techniques’, mentioned that with the entry of Web 2.0, a new era of cyber threats has arrived. He elaborated on a new technique used in the US by many hackers called ‘code obfuscation’, wherein the source code is modified and written in such a way that it’s absolutely not understandable unless decrypted for the actual code.
A source code obfuscator identifies a source file and generates another functionally equivalent source file that is much harder to understand. “They have started identifying India as a big market, as the rupee gives a hard time to the dollar. Thus more and more criminals are here to create a specific and geographically isolated attack to pounce on the IT infrastructure and sniff loopholes in the network if any,” said Sandhu, who was formerly with ABN-AMRO holding the post of a Local Information Security Officer (LISO).
Cyber criminals are opting for a more evasive attack that functions along the lines of an ‘attack and avoid detection’ model. In a recent attack on Bank of India’s website, the attackers used an Iframe which is normally created to fill the webpage with malware such as trojans, diallers and binaries that automatically download themselves on to PCs that are not sufficiently secure. Sandhu explained that the attacks are more focused so that concentration on a particular region is maintained and the attack source can’t be verified.
Other techniques like RSS feeds, widgets, DNS poisoning, sniffing and phishing are also increasingly becoming a big challenge to the banking and financial sector, and these will only affect computers to a greater extent in 2008.
With the Beijing 2008 Olympic Games just around the corner, McAfee has stated that cyber attacks in the next year are likely to more or less revolve around the Olympic theme. So if you get a mail on the Olympics or a page link, especially from unknown persons, be very careful not to read it or visit the page. Right now, however, what can be done is wait and watch, and if need be make that big investment and beef up the security as much as you can.
Yes Bank CISO Japjit Sandhu, while speaking on ‘Identifying the Latest Hacking Techniques’, mentioned that with the entry of Web 2.0, a new era of cyber threats has arrived. He elaborated on a new technique used in the US by many hackers called ‘code obfuscation’, wherein the source code is modified and written in such a way that it’s absolutely not understandable unless decrypted for the actual code.
A source code obfuscator identifies a source file and generates another functionally equivalent source file that is much harder to understand. “They have started identifying India as a big market, as the rupee gives a hard time to the dollar. Thus more and more criminals are here to create a specific and geographically isolated attack to pounce on the IT infrastructure and sniff loopholes in the network if any,” said Sandhu, who was formerly with ABN-AMRO holding the post of a Local Information Security Officer (LISO).
Cyber criminals are opting for a more evasive attack that functions along the lines of an ‘attack and avoid detection’ model. In a recent attack on Bank of India’s website, the attackers used an Iframe which is normally created to fill the webpage with malware such as trojans, diallers and binaries that automatically download themselves on to PCs that are not sufficiently secure. Sandhu explained that the attacks are more focused so that concentration on a particular region is maintained and the attack source can’t be verified.
Other techniques like RSS feeds, widgets, DNS poisoning, sniffing and phishing are also increasingly becoming a big challenge to the banking and financial sector, and these will only affect computers to a greater extent in 2008.
With the Beijing 2008 Olympic Games just around the corner, McAfee has stated that cyber attacks in the next year are likely to more or less revolve around the Olympic theme. So if you get a mail on the Olympics or a page link, especially from unknown persons, be very careful not to read it or visit the page. Right now, however, what can be done is wait and watch, and if need be make that big investment and beef up the security as much as you can.
| Ads by Google | ||
Post a Comment on “2008 Will Be The Year Of Olympics And Obfuscation”
Code obfuscation itself is not a threat. It only encrypts program code. The successful execution of the malicious source code depends on the security and vulnerability of the machine, which anyway is possible even without unencrypted program code. In fact, the obfuscated code is executed at runtime after decrypting it. So the decrypting mechanism also exists with the source code directly or indirectly. Code obfuscation is not a successful way of encryption with Javascript and client side scripting. It maybe useful with compiled programs as it MAY discourage a programmer from decompiling the source code. You may please note that the malicious programs exploits the security holes in Internet Explorer. There are other less vulnerable browsers such as Firefox.
Thomas Varghese @ Dec 08,2007
LATEST NEWS
- "Change In CIO Mindset Can Foster Open Source Adoption"
- Platform Players Lead APAC BI Solution Innovators Ranking
- IBM Unveils Project Big Green 2.0 In India
- SAIL Plant EPS Adoption Earns Govt Recognition
- Services-Oriented Approach Optimises Storage Resources
- S M Electronics To Represent GainSpan In India
- Novatium Appoints Kohli As Chief Operating Officer
- Cisco Expands Virtualisation Across Data Centre Portfolio
- AFP News To Be Available On Mobiles Via AvantGo
- Mobile Computers Drive Global PC Shipment Growth
| Ads by Google | ||
RELATED
| Ads by Google | ||
Hot Searches & Keywords :
APAC
Acquisition
Asia Pacific
Asian Paints
BFSI
BI
BSNL
Bangalore
Bharti Airtel
Blackberry
Broadband
Business
Business Objects
Business intelligence
CA
CIO
CIOs
CRM
Cisco
Cisco Systems
Compliance
Data
Data Centre
Datacentre
Dell
EMC
ERP
Frost & Sullivan
Gartner
Google
Growth
HP
IBM
IDC
IT
India
Innovation
Intel
Internet
Linux
Manish Choksi
McAfee
Microsoft
Mobile
Nasscom
NetApp
Network
Networking
Novell
Open Source
Oracle
PLM
Red Hat
Retail
SAP
SMB
SMBs
SME
SMEs
SOA
SaaS
Satyam
Security
Servers
Software
Storage
Sun
Sun Microsystems
Symantec
TCS
Unified Communications
VMware
Virtualisation
VoIP
Web
Web 2.0
Websense
WiMax
Wipro
e-governance
healthcare
outsourcing
partnership
telecom
|
|
||
| Ads by Google |
Sections
Applications |
Audits&surveys |
Bfsi |
Bookreviews |
Businessintelligence |
Businessprocesses |
Ciscosmenews |
Ciscowhitepapers |
Computing |
Contactcenters |
Contributedvideos |
Crm |
Ctoprofiles |
Datasecurity |
Databases |
Datacenters |
Education |
Energy |
Erp |
Focusspecials |
Government |
Guruspeak |
Hardwaresecurity |
Indialogue |
Innovation&leadership |
Innovators |
Intrusiondetection |
Intrusionprevention |
Ites |
Knowledgeprocess |
Lenovo |
Linux |
Managedservices |
Manufacturing |
Media |
Mobile |
Mobility |
Movement |
Networking |
Oncuewithitleaders |
Peoplemanagement |
Pharma |
Platforms |
Policies&compliance |
Recruitment |
Retail |
Saas |
Scm |
Securitymanagement |
Servers |
Services |
Softwaresecurity |
Softwareservices |
Specialreports |
Storage |
Storagesolution(apps) |
Techaction |
Telecom |
Telecommunications |
Theinsider |
Trendwatch |
Web |
Webisodescisco |
Weeklywrapup |
About Us | Copyright © 2006, Biztech2.com India - A Network18 Venture