Recent research conducted by IBM has further confirmed what security experts have long warned about: a shift from virus-based email attacks to targeted attacks on organizations for financial motives.
However, the findings of the investigation also indicate that the number of such attacks is not expected to be high.
The 2005 IBM Global Business Security Index report clearly states that, over the years, the trend of dangerous software attacks has gradually decreased, even though overall statistics from security firms regarding such attacks may still be on the rise.
Unlike the attacks seen in 2003 and 2004, which included computer worms like SQL Slammer, Blaster, Welchia, and Nimda, the attacks in the past year have been more targeted and discreet.
For example, in 2005, IBM frequently detected 2 to 3 targeted email attacks against its clients. Such attacks were quite rare in 2004, where they primarily targeted government agencies or military organizations.
These types of attacks have now shifted from aiming to slow down or incapacitate network systems to serving financial interests. This trend is expected to become even more pronounced this year.
“Organizations will increasingly become attractive targets for Denial of Service attacks on web servers that host data, utilizing means such as encrypted malware or exploiting serious security vulnerabilities within those organizations.”
The threat of attacks from “botnets” on businesses is also expected to rise this year, particularly with the increase of “small botnets,” as they are easier to conceal. Botnets are also shifting from being IRC-based to peer-to-peer networks or instant messaging networks.
Mobile devices pose a potential threat to businesses as well. Although attacks targeting mobile devices such as cell phones, PDAs, or other wireless devices were not particularly prominent in 2005, they still represent a latent threat.
