We introduce you to this year's batch of security vulnerabilities to watch out for.
Threat 4: PDFs
What it is: It may be the oldest online scam in the book, but email loaded with malware attachments is still a big problem despite a high degree of awareness and robust antivirus scanning in webmail clients such as Gmail and Yahoo Mail. Cluley puts the number of malware-related emails sent every day in the "millions," and says that "more and more spam is less about touting Viagra or fake degrees, but [is] turning malicious in nature."
PDF documents appear to be a prime method for these attacks, according to a recent report by MessageLabs, a division of Symantec. "PDFs are potentially one of the most dangerous file formats available and should be treated with caution...Because it is significantly easier to generate legitimate and concealed malicious content with PDFs," MessageLabs said in its February 2011 Intelligence Report.
In 2010, 65 percent of targeted email attacks used PDFs containing malware, up from 52.6 percent in 2009, according to MessageLabs, which further predicts that by mid-2011, 76 percent of targeted malware attacks could be using PDFs as their primary method of intrusion.
It's not just businesses that are targets of -mail scams either. Sophos recently discovered an email scam purporting to offer a £50 gift voucher from pet suppies firm VioVet.
Protect yourself: Make sure you are running an antivirus program and that it's up-to-date. Also, never open an email attachment that you weren't expecting.
Last but not least, make sure that you keep Adobe Reader (or the PDF reader of your choice) up-to-date; Adobe regularly releases security updates that fix known flaws. The new Adobe Reader X has an updated security architecture that can better protect you against malicious PDF attacks.
Threat 5: War games
What is it: State-sponsored malware attacks, industrial espionage, and hacktivism are on the rise, according to Perimeter E-Security's Jaquith. They may not be threats that affect everyone, but if you manage security for a business, they are the sorts of issues you should be paying attention to.
The hacktivist group Anonymous, for example, grabbed headlines this year for mounting attacks in defence of whistle-blower site WikiLeaks, and attacking government websites in support of recent protests in Egypt, Tunisia, and Libya. The group also leaked a cache of email messages from a security researcher who was trying to identify Anonymous members. "Whether it's WikiLeaks, Anonymous, or a Chinese or Russian attacker, theft of industrial secrets is shaping up to be one of the key issues of 2011," Jaquith says in a statement.
Protect yourself: If you are trying to safeguard your company's secrets or are worried about data leaks, monitor your company's network traffic for suspicious activity and conduct regular reviews of employee data access privileges.
The internet may be filled with malware and potential threats, but that doesn't mean you need to panic. Keep your guard up, use common sense, and keep your software up-to-date, and you should be able to reduce your risk of falling victim to attack.