IBM warns of a blizzard of malware and phishing this Christmas

Its view of major security risks includes: a new wave of malcode-carrying spam, new phishing themes, Spoofed online portals, Tainted toys and gadgets, and additional risks around web browsing. Looking at online portals, for example, IBM ISS expects phishing gangs to launch a new generation of fake online shopping portals that spoof well-known brands, in an effort to steal credit card information. They are also likely to promote these counterfeit sites with emails, offering discounts. Similarly, while cybercriminals have been increasing their efforts to deface public web sites in recent months, by hiding malicious links and exploiting vulnerabilities within users web browsers to install malware, IBM’s warning is that efforts are likely to be redoubled. Apart from more careful scrutiny of incoming emails, and updating all security patches IBM ISS recommends that businesses resist deploying unapproved ‘gadgets’ on corporate networks. “The X-Force strongly advises companies to disable USB port access throughout the corporate environment, but it is the end-user’s responsibility to get clearance before putting a cool new ‘toy’ on their employer-issued laptop,” says Big Blue.