IBM's Internet Security Systems (ISS) division is warning people and businesses to be especially careful this holiday season as cybercriminals could leave malware laden gifts as stocking stuffers.
Earlier this year, hackers have been discovered tainting USB sticks and other gadgets that connect to the computer via USB drive with malicious software that infects the machine and attempts to steal sensitive data, such as account passwords, credit card information and personally identifiable information.
The problem has become serious enough to cause the U.S. Strategic Command to suspend the use of USB sticks, CDs, flash media cards, and other removable storage devices on military networks, said Gunter Ollmann, chief security strategist, IBM ISS.
"Attackers are going back to the floppy days of how worms were spread," Ollmann said.
Even USB sticks that purportedly come from legitimate sources could be tainted. In April, USB 2.0 floppy drive keys shipping with Hewlett-Packard Co. ProLiant servers were infected with malware. In 2006, a small number of Apple iPods were infected with malware. At the time experts pointed to pre-installed malware as a growing trend.
Related security news:
found on HP ProLiant server USB keys: USB 2.0 floppy drive keys shipping with some
Hewlett-Packard Co. ProLiant servers have been infected with malware. It's the latest sign that
pre-installed malware is on the rise.
phishers sharpen tactics for holiday season: Consumers may have a greater chance of getting
scammed this holiday season thanks to cybsersquatters and phishers offering free gift cards and
brand name items.
Infected iPods a threat to corporate networks: Rob Israel likes Apple Computer Inc.'s popular iPod as much as the next guy. But he's not about to let employees plug them into their work machines to download new tunes and videos.
Ollmann advised not to use USB sticks that come from an unknown source, keep your system patched and your PIN numbers secret. Users can also block their autoplay feature when connecting the USB device and terminate USB drivers. However, taking those steps can cause issues with printing and connecting to the network, he said.
Even with the demise of McColo, the ISP suspected of being the harbinger of malicious websites and spam bots, security pros say spam and phishing attacks will increase, as they traditionally do during the holiday season.
Spam and phishing attacks will also carry a holiday theme in the coming weeks, but IBM says users should be especially aware of messages that attempt to exploit the banking industry problems. Phishers are looking to take advantage of shaky consumer confidence, IBM said.
Phishing gangs will also return to an old method of launching new fake online shopping portals that spoof well-known brands in an effort to steal credit card information. The sites could be promoted using spam campaigns touting discounts, IBM said. The old method of exploiting cross-site scripting (XSS) flaws in websites can cause some legitimate websites to be redirected to a malicious page.
Many firms are turning to code scanning tools and penetration testing software to conduct application level scanning, but constant website changes could cause problems, Ollmann said.
"They're using third-party developers and often updating sites with new widgets and other code that could be vulnerable if they're not careful," Ollmann said.
Spam messages are getting a little more sophisticated, according to the IBM ISS X-Force security research team. The researchers are warning that new holiday messages coming from an unknown sender could contain a new form of "parasitic" malcode. The spam was discovered earlier this year and evades antivirus and personal firewalls to infect a victim's computer.
If the attack comes in the form of a spam message, end users will have to open an attachment for the attack to be successful. But Ollmann said some malware attempts to exploit vulnerabilities in email clients and browsers making it easier to dupe a victim.