Hackers to Take Aim at the Cloud, Virtualization

The booming popularity of virtualization, cloud computing and other new technologies may prove too tempting for malware authors to resist — and could prompt a wave of attacks in 2009, according to security vendor AppRiver.

Businesses may be especially at risk because they’re looking to such technology to help them cut costs during the recession, Fred Touchette, senior security analyst at AppRiver, told InternetNews.com.

While these technologies will see strong growth this year, despite the grim outlook for overall IT spending, they also could mean better potential paydays for the hackers.

“The threat against virtualization will be a factor simply because more and more enterprises are going virtual,” Touchette said. “I see viruses being able to crack into virtual machines and getting past their shells.”

Concerns about cybercrime’s growth peaked in recent months, following several recent, high-profile data breaches at large corporations or targeting public figures. Worries about the trend led senior California Sen. Dianne Feinstein (D-Calif.), who is the incoming Senate Intelligence Committee chair, to re-introduce legislation on data breaches and protection of individual privacy last week. These measures seek to ensure victims of security breaches are informed promptly when these breaches occur.

Meanwhile, malware authors are creating ever more sophisticated attacks, Touchette said.

Some viruses are already showing signs of being able to detect when they’re in virtualized environments, he added, but they then either refuse to run or remove themselves completely so they cannot be tracked. That’s because research analysts use virtual machines when they analyze viruses — and the malware authors are aware of this, he said.

Likewise, as more enterprises begin moving into the cloud, they will also begin to encounter security vulnerabilities because it will be a new area for them, Touchette said.

The same may hold true for the proliferation of advanced smartphones, which make it simple for developers to create new applications that users can download to their devices.

Touchette said the Apple iPhone and Android-based devices may emerge as significant targets, given the popularity of the iPhone — which is increasingly being adopted in the enterprise — and the ease of developing on the Google-backed Android platform.

“The code is readily available so you can write your own applications, whether they are useful or malicious,” he said.

Site hackings to increase

While corporate databases have long been eyed by hackers seeking users’ personal information, career sites and social networking sites are also emerging as potential targets. That’s not surprising, considering the vast amount of data they may contain about their members, Touchette said — and the trend will accelerate in 2009.

Already, hackers have begun targeting Facebook and LinkedIn to get that information. And in the coming year, hackers will gun for more targets, Touchette predicted.

“I’ve already seen people phishing accounts on Monster.com, and I think more attacks will be coming as more people go to job sites during the recession,” he said.

Hackers will also continue to compromise legitimate Web sites to deliver their attacks. A survey conducted by messaging- and data-protection firm Websense found that more than 75 percent of Web sites containing malicious code are legitimate sites that have been infected. Touchette expects this trend to continue.

“Malware authors are at a pretty high level of professionalism and, in certain areas, they’re pretty well organized,” he said.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web