Welcome!

XML Authors: Elizabeth White, Peter Silva, Carmen Gonzalez, Liz McMillan, Bernard Golden

Related Topics: Weblogic, XML, Microservices Journal, Cloud Expo, Security, GovIT

Weblogic: News Item

Security Report Predicts Cloud Computing Attacks in 2010

M83 releases Predictions 2010, a report on its expectations for Web and messaging-based threats for the coming year

Cloud Expo on Ulitzer

M86 Security, a leading global provider of Web and messaging security products, released Predictions 2010, a report on its expectations for Web and messaging-based threats for the coming year. The report is based on M86 Security Lab’s extensive research into the current trends in threats over the past year and its views on the major vulnerabilities facing organizations. The report highlights the increasing sophistication of traditional threats such as botnets, scareware, compromised legitimate Web sites and blended threats. However, it also projects what the company sees are new threat vectors coming from open API’s in Web 2.0 applications, the increased use of shortened URLs and the advent of non-Latin based domain names.

On the heels of a year filled with widespread exploits, including PushDo and Zbot trojans that have been reported on by M86 Security Labs, security professionals should apply lessons learned and brace themselves to combat an increase in the volume of attacks and new innovations in 2010. Specific 2010 security predictions from M86 Labs are as follows:

  • Botnets Grow in Sophistication: Botnets continue to be a major problem, driving the majority of spam output and mass Web site attacks. Botnets have moved away from traditional IRC-based command and control, in favor of HTTP or other custom protocols, utilizing Twitter, Google and Facebook.
  • Continued Rise of Scareware: Scareware is a traditional tactic that grew popular in the second half of 2009 because of its effectiveness. Consumers are prompted to download malicious software through convincingly crafted anti-malware landing pages. In 2010, these attacks should escalate, as the look and feel of scareware pages get updated and criminals find new ways to reach users.
  • Poisoning Search Engine Results: A growing trend is the use of Search Engine Optimization (SEO) techniques to drive users to Web pages hosting malicious code. Also known as SEO poisoning, the technique aims to elevate malicious landing pages in search engine results rankings to ensure a steady supply of victims. The technique is commonly paired with scareware to capitalize on users' trust in search engines.
  • Evolution of Web Site Infections: The standard attack vector for cybercriminals is to compromise legitimate Web sites to spread malware. In 2010, the majority of malicious behavior will reside on legitimate Web sites that have been compromised by various scripts and worms.
  • Setting Sights on SaaS and Cloud Services: Cloud computing and SaaS have exploded in popularity during 2009, leading to a vast increase in service offerings. As a result, more and more corporate data is being stored outside of the network, making it difficult for IT administrators to have direct control over the data. In 2010, cybercriminals will target the larger cloud-based providers and attacks will increase.
  • Exploiting Third Party Applications: Cybercriminals commonly exploit highly deployed third party applications, such as Adobe Flash and Acrobat Reader. The ability to embed one file type in another will result in more complex attacks gaining popularity in 2010, due to the ability to evade detection mechanisms.
  • International Domain Name Abuse: In 2009, ICANN approved the registration of Internationalized Domain Names, enabling the use of non-Latin characters in domain names. As a result, phishing attacks should rise, as cybercriminals can register phony Web sites with URLs that are nearly indistinguishable from legitimate ones.
  • Attacking Application Programming Interfaces: Social networks such as Twitter and Facebook are extending their services for third party development through the use of application programming interfaces (APIs). There is an implicit level of trust provided through the use of APIs, granting access to user profiles and data, so the threats that target them are likely to increase in 2010.
  • URL Shortening Services Hide Nefarious Means: The popularity of Twitter and link sharing has given rise to URL shortening services that reduce the number of characters needed to parse a link. However, these services enable cybercriminals to spread spam and malware by obfuscating the destination of posted links.

“Looking back at some successes in 2009, the security industry was successful in disabling the Mega-D botnet and eliminating significant spam hosting and service providers,” said Bradley Anstis, vice president of technical strategy, M86 Security. “However, the volume of spam and Web requests continues to grow and eclipses the levels seen before these takedowns. The first step in preventing serious Web abuse and widespread infection through the Web and other means is awareness of the threats. That is why M86 Security Labs is proud to share insight culled from our ongoing research in the Predictions 2010 report.”

More Stories By Pat Romanski

News Desk compiles and publishes breaking news stories, press releases and latest news articles as they happen.

@ThingsExpo Stories
Enterprise IoT is an exciting and chaotic space with a lot of potential to transform how the enterprise resources are managed. In his session at @ThingsExpo, Hari Srinivasan, Sr Product Manager at Cisco, will describe the challenges in enabling mass adoption of IoT, and share perspectives and insights on architectures/standards/protocols that are necessary to build a healthy ecosystem and lay the foundation to for a wide variety of exciting IoT use cases in the years to come.
17th Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS – software, platform, and infrastructure as a service.
Avnet, Inc. has announced that it ranked No. 4 on the InformationWeek Elite 100 – a list of the top business technology innovators in the U.S. Avnet was recognized for the development of an innovative cloud-based training system that serves as the foundation for Avnet Academy – the company’s education and training organization focused on technical training around top IT vendor technologies. The development of this system allowed Avnet to quickly expand its IT-related training capabilities around the world, while creating a new service that Avnet and its IT solution providers can offer to their...
@ThingsExpo has been named the Top 5 Most Influential M2M Brand by Onalytica in the ‘Machine to Machine: Top 100 Influencers and Brands.' Onalytica analyzed the online debate on M2M by looking at over 85,000 tweets to provide the most influential individuals and brands that drive the discussion. According to Onalytica the "analysis showed a very engaged community with a lot of interactive tweets. The M2M discussion seems to be more fragmented and driven by some of the major brands present in the M2M space. This really allows some room for influential individuals to create more high value inter...
SYS-CON Events announced today that B2Cloud, a provider of enterprise resource planning software, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. B2cloud develops the software you need. They have the ideal tools to help you work with your clients. B2Cloud’s main solutions include AGIS – ERP, CLOHC, AGIS – Invoice, and IZUM
It's time to put the "Thing" back in IoT. Whether it’s drones, robots, self-driving cars, ... There are multiple incredible examples of the power of IoT nowadays that are shadowed by announcements of yet another twist on statistics, databases, .... Sorry, I meant, Big Data(TM), tiered storage(TM), complex systems(TM), smart nations(TM), .... In his session at WebRTC Summit, Dr Alex Gouaillard, CTO and Co-Founder of Temasys, will discuss the concrete, cool, examples of IoT already happening today, and how mixing all those different sources of visual and audio input can make your life happier ...
The WebRTC Summit 2015 New York, to be held June 9-11, 2015, at the Javits Center in New York, NY, announces that its Call for Papers is open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 16th International Cloud Expo, @ThingsExpo, Big Data Expo, and DevOps Summit.
SYS-CON Events announced today that MangoApps will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY., and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides private all-in-one social intranets allowing workers to securely collaborate from anywhere in the world and from any device. Social, mobile, and easy to use. MangoApps has been named a "Market Leader" by Ovum Research and a "Cool Vendor" by Gartner...
The world's leading Cloud event, Cloud Expo has launched Microservices Journal on the SYS-CON.com portal, featuring over 19,000 original articles, news stories, features, and blog entries. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. Microservices Journal offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Follow new article posts on Twitter at @MicroservicesE
Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 16th Cloud Expo at the Javits Center in New York June 9-11 will find fresh new content in a new track called PaaS | Containers & Microservices Containers are not being considered for the first time by the cloud community, but a current era of re-consideration has pushed them to the top of the cloud agenda. With the launch of Docker's initial release in March of 2013, interest was revved up several notches. Then late last...
There is no doubt that Big Data is here and getting bigger every day. Building a Big Data infrastructure today is no easy task. There are an enormous number of choices for database engines and technologies. To make things even more challenging, requirements are getting more sophisticated, and the standard paradigm of supporting historical analytics queries is often just one facet of what is needed. As Big Data growth continues, organizations are demanding real-time access to data, allowing immediate and actionable interpretation of events as they happen. Another aspect concerns how to deliver ...
WebRTC defines no default signaling protocol, causing fragmentation between WebRTC silos. SIP and XMPP provide possibilities, but come with considerable complexity and are not designed for use in a web environment. In his session at @ThingsExpo, Matthew Hodgson, technical co-founder of the Matrix.org, discussed how Matrix is a new non-profit Open Source Project that defines both a new HTTP-based standard for VoIP & IM signaling and provides reference implementations.
In his session at WebRTC Summit, Peter Dunkley, Technical Director at Acision, will look at creating interactive communications via the web by adding messaging, file transfer, and group communication (group chat and audio/video conferencing) into the web experience. He will also discuss potential applications of this technology in areas including B2B, B2C, P2P, and gaming. Peter Dunkley is Technical Director at Acision. He graduated from The University of Edinburgh in 2000 with a BSc (Hons) in Computer Science. After graduation Peter worked on a PSTN switch developing signalling stacks for SS...
The security devil is always in the details of the attack: the ones you've endured, the ones you prepare yourself to fend off, and the ones that, you fear, will catch you completely unaware and defenseless. The Internet of Things (IoT) is nothing if not an endless proliferation of details. It's the vision of a world in which continuous Internet connectivity and addressability is embedded into a growing range of human artifacts, into the natural world, and even into our smartphones, appliances, and physical persons. In the IoT vision, every new "thing" - sensor, actuator, data source, data con...
What if, during a snow emergency, an on-the-ground sensor could automatically trigger a relevant emergency notification related to snowfall and road impact. And then, after it’s triggered, that notification is delivered intelligently to individuals based on an extensive set of rules designed to alert the most available and capable responders. This “what if” question about “smart highways” is short-sighted. We are already there, and we are only getting started. While mainstream attention is paid to machine-to-machine communications, new technologies are being developed to make these communica...
The Internet of Things is not new. Historically, smart businesses have used its basic concept of leveraging data to drive better decision making and have capitalized on those insights to realize additional revenue opportunities. So, what has changed to make the Internet of Things one of the hottest topics in tech? In his session at @ThingsExpo, Chris Gray, Director, Embedded and Internet of Things, discussed the underlying factors that are driving the economics of intelligent systems. Discover how hardware commoditization, the ubiquitous nature of connectivity, and the emergence of Big Data a...
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using the URL as a basic building block, we open this up and get the same resilience that the web enjoys.
Chuck Piluso will present a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. Speaker Bio: Prior to Secure Infrastructure and Services, Mr. Piluso founded North American Telecommunication Corporation, a facilities-based Competitive Local Exchange Carrier licensed by the Public Service Commission in 10 states, serving as the company's chairman and president from 1997 to 2000. Between 1990 and 1997, Mr. Piluso served as chairman & founder of International Telecommunications Corporation, a facilities-based international carrier licensed ...
There are lots of challenges in IoT around secure, scalable and business friendly infrastructure for enterprises. For large corporations, IoT implementations are one of the top priorities of the decade. All industries are seeing a competitive need to sustain by investing in IoT initiatives. The value addition comes from improved customer service, innovative product and additional revenue streams. The data from these IP-connected devices can be leveraged for a variety of business applications as well as responsive action controls. The various architectural building blocks of an IoT ...