Hackers to Take Aim at the Cloud, Virtualization
Malware authors and hackers are looking to take advantage of the newest developments in enterprise technology.
The booming popularity of virtualization, cloud computing and other new technologies may prove too tempting for malware authors to resist -- and could prompt a wave of attacks in 2009, according to security vendor AppRiver.
Businesses may be especially at risk because they're looking to such technology to help them cut costs during the recession, Fred Touchette, senior security analyst at AppRiver, told InternetNews.com.
While these technologies will see strong growth this year, despite the grim outlook for overall IT spending, they also could mean better potential paydays for the hackers.
Concerns about cybercrime's growth peaked in recent months, following several recent, high-profile data breaches at large corporations or targeting public figures. Worries about the trend led senior California Sen. Dianne Feinstein (D-Calif.), who is the incoming Senate Intelligence Committee chair, to re-introduce legislation on data breaches and protection of individual privacy last week. These measures seek to ensure victims of security breaches are informed promptly when these breaches occur.
Meanwhile, malware authors are creating ever more sophisticated attacks, Touchette said.
Some viruses are already showing signs of being able to detect when they're in virtualized environments, he added, but they then either refuse to run or remove themselves completely so they cannot be tracked. That's because research analysts use virtual machines when they analyze viruses -- and the malware authors are aware of this, he said.
Likewise, as more enterprises begin moving into the cloud, they will also begin to encounter security vulnerabilities because it will be a new area for them, Touchette said.
The same may hold true for the proliferation of advanced smartphones, which make it simple for developers to create new applications that users can download to their devices.
Touchette said the Apple iPhone and Android-based devices may emerge as significant targets, given the popularity of the iPhone -- which is increasingly being adopted in the enterprise -- and the ease of developing on the Google-backed Android platform.
"The code is readily available so you can write your own applications, whether they are useful or malicious," he said.