Panel: Cybercrime will grow in 2006
- By Michael Arnone
- Jan 25, 2006
Cybersecurity crime increased dramatically in 2005, and 2006 promises even more incidents, a panel of federal cybersecurity experts said Jan. 24.
Driven by profit, cybercriminals in 2006 will use the massive increase in malware variants created in 2005 to initiate even more insidious and hard-to-detect attacks, said Dave Cole, director of Symantec Security Response at Symantec.
Botnets – remote-controlled networks of hijacked computers – will grow in size and popularity, said Cole, who moderated the discussion that Symantec sponsored in Washington, D.C.
During the next 12 to 18 months, more cyberattacks will be for financial gain and cybercriminals will specialize in creating malware, bot networks and other tools that can take down a network, said Art Wong, vice president of security response and managed security services at Symantec.
Cybercriminals are moving from fame-seeking amateurs to profit-driven professionals developing crimeware during business hours, Cole said.
Cybercriminals are now attacking retirement and 401(k) accounts because that’s where more people are keeping their money, said Larry Johnson, special agent in charge of the Criminal Investigative Division at the U.S. Secret Service.
The Secret Service distributes a CD-ROM for state and local law enforcement to learn about cybercrime at the street level, where the information usually ends up, Johnson said.
Consumers must become more educated because the evolving environment is “more risky, more dangerous than it’s ever been in the past,” Wong said.
To help them, Symantec introduced a new Web site, www.symantec.com/avcenter/cybercrime, Jan. 24 to help the public better understand the changing threat landscape, Wong said.
Cybercriminals are committing financial crimes now but will eventually attack critical infrastructure and government operations, said Andy Purdy, acting director of the National Cyber Security Division at the Homeland Security Department.
To better protect the nation’s cyber infrastructure, DHS has issued a revised draft version of its National Infrastructure Protection Plan (NIPP), Purdy said.
Mandated by President Bush, NIPP establishes a framework for operational risk assessment. It sets measurable milestones of what government and industry need to do to protect major physical, human and cyber assets from terrorist attacks.
The second draft version is a substantial step forward because it clarifies the particular criteria to particular security methodologies, Purdy said. The plan will help the cybersecurity sector apply existing infrastructure to risk assessments in partnership with the federal government, he said.
“It’s important to realize that there is a tendency to think we know what we’re supposed to do,” but the threat environment is changing, Purdy said. “As attacks become more sophisticated, we need more-sophisticated defenses.”