The latest edition of McAfee’s semi-annual Sage security journal is out with a warning we’ve been hearing a lot lately: The bad guys are making a killing off online exploits, and mobile phones are an increasingly tempting target.
The journal includes a series of articles from McAfee researchers. Among their conclusions:
— More attackers are targeting VoIP programs and RFID tags as the technology becomes more widely adopted.
— Application security is a continual race between malware writers and developers, and the developers are struggling to keep up.
— While Microsoft has taken steps to make the base of Windows Vista more secure, the improvements weaken third-party efforts to secure systems and don’t go far enough to do the job alone.
— Although programmers add security measures during development, new spyware technology often surpasses even the best planning of the most diligent engineers. Spyware will follow us into new technologies, like Bluetooth and RFID. In other words, spyware is growing up.
— While McAfee expects to see little increase in the percentage of spam volume over the next two years, the total volume of spam is expected to increase as worldwide bandwidth grows. Image spam is the latest way for spam writers to dodge defenses.
— While current mobile phone service is generally considered safe, McAfee is seeing a rapid growth in mobile attacks with increasingly technical diversification.
— Data leakage is a growing problem that can destroy the reputation of a business.
I asked McAfee Security Research and Communications Manager David Marcus how widespread the mobile phone attacks are at this point. While it’s not much of an issue in the U.S. at the moment, it’s already a full-blown problem in Europe and Japan.
“Culturally, they use their mobile devices differently than we do in the U.S.,” he said. “The Japanese are already using mobile phones to make financial transactions. Most of the world is using the Symbian platform and attackers absolutely love the convergence.”
A .pdf version of the latest Sage is available from the McAfee Threat Center. McAfee is not the only security vendor that has sounded the alarm over mobile threats. Mikko Hypponen, director of antivirus research for F-Secure, has spent the last two years warning IT pros to prepare for eventual attacks where phone infections could be passed to company networks.