Date:08/03/2008 URL: http://www.thehindubusinessline.com/2008/03/08/stories/2008030851590400.htm
Back Browser-based security breaches on the rise

Problem accentuated by social networking: IBM

V. Rishi Kumar

Hyderabad, March 7

Vulnerabilities over the Internet have changed from simple unsuspecting e-mail attacks to browser-based. This has accentuated by social networking, which is growing at unprecedented pace, according to the Chief Security Researcher at IBM, Mr Kris Lamb.

Mr Lamb on a visit to India spoke to Business Line on how the nature of these security breaches have changed over the years and how most enterprises are not even aware that this could come through browsers.

Organised crime has now taken to browser-based deceit that helps steal valuable financial data. As Internet users clamour to join the move to be part of the Web by contributing user-generated content, be it through write-ups, photos or videos, browsers have become ideal engines to disguise attacks, he said.

Vulnerabilities

Mr Lamb, Operations Manager, X-Force Research and Development, IBM Internet Security Systems, explained that a sophisticated criminal economy has developed and thrives on Web vulnerabilities. Underground brokers deliver tools or camouflage attacks on browsers, to avoid detection by security software.

With these browser-based techniques, cyber criminals can infiltrate a user’s computer and steal their IDs and passwords or even obtain personal information like national identification number or even credit card information.

Interestingly, when attackers invade machines in enterprises, they could also steal sensitive company information or use the compromised machine to gain access to other corporate assets behind the firewall.

Pervasive attacks

Referring to the Storm Worm, which was one of the most pervasive attacks on the Internet in 2007, he said that this continues to infect computers. Malicious software referred to as malware, spam and phishing too have registered new highs.

So aren’t the security systems that companies have in place able to address these? Mr Lamb said each time the attack is in new form that bypasses the current day security. Therefore, no security is fool-proof. It calls for vigil all the time.

IBM conducts X-Force research and brings about patterns of attacks and helps technology sector with insights to address this problem.

© Copyright 2000 - 2009 The Hindu Business Line