In lieu of an abstract, here is a brief excerpt of the content:

139 The proliferation of Internet-connected devices in the consumer market has created a dramatic shift from a single point PC-based threat risk to an expanded threat perimeter that includes tablet devices, smartphones, and Internet-connected televisions. Consumer home network growth now requires security for a consumer’s entire digital lifestyle and not just a singlepoint stationary device. The difficulty of securing this expanded threat landscape is exacerbated by the rise of unique attacks that sometimes render traditional antivirus strategies ineffective. This expansion of the consumer digital threat landscape presents new challenges for law enforcement and security professionals. The solution is improved reputation-based threat detection, effective public-private collaboration and increased user responsibility within the digital ecosystem. The Evolving Consumer Online Threat Landscape: Creating an Effective Response Adam Palmer 140 Adam Palmer The Expanding Consumer Home Network Evidence of the expanded threat against the digital home network was most recently demonstrated by the detection of the psyb0t botnet, regarded as the first recognized attack capable of directly infecting home routers and cable/ DSL modems. First observed infecting a Netcomm NB5 modem/router in Australia, researchers concluded that the psyb0t (or Network Bluepill) botnet was merely a test virus designed by cybercriminals to confirm the capability of a home network attack strategy. The most recently discovered version of this attack tool targets a wider range of devices, and contains the shellcode for over fifty popular models of cable and DSL modems. The exploit is very difficult to detect; the only way to discover it is to monitor traffic from the router itself, which is beyond the reach of ordinary desktop security software . By attacking the expanded home network, the cybercriminal gains the advantage of attacking entry-point platforms that make detection difficult and that provide the malicious code with multiple potential infection points. An additional example of the expanding consumer digital threat landscape is the proliferation of smartphone devices. While open operating platforms provide developers the freedom to innovate, they can also be misused by malicious developers to create applications designed to distribute malware. Although malicious smartphone applications are not pervasive, evidence has been detected that cybercriminals are experimenting with open platform mobile applications as a distribution channel for malware. The proliferation of open developer applications for mobile connected devices used by consumers is likely to continue to attract cybercriminal activity across these new distribution channels. Much has been said about predicting threats to mobile devices. A perhaps often-overlooked solution to mobile security may be found in remembering that these devices are “mobile.” In the past, many mobile security efforts have failed because they misunderstood the mobile user’s main concern: Mobile devices can be easily lost in the physical world. This is not just a cyber threat—it is a physical danger. Any successful new mobile security effort for users has to provide users the capability to deny control to a thief who has stolen the device. After the physical device is secured, the main issue then becomes educating the public about the potential dangers of having unsecured data on a mobile device. There is currently a sense among some users that mobile devices are not as vulnerable to attack as a traditional PC. [18.117.183.172] Project MUSE (2024-04-25 14:14 GMT) The Evolving Consumer Online Threat Landscape 141 As noted above, new open platforms prove the reality is more complicated and is still developing. Any open system is also an open target for cybercrime . The challenge is to provide a security tool that can be used without causing performance disruption on the device because users are more likely to allow security that does not disrupt performance. This means that any mobile security tool has to be fast and cannot disrupt other applications. Because mobile devices have limited capacity compared with the typical PC, mobile security must be more sensitive not to waste precious memory. Finally, to improve mobile security, software and hardware developers need to prioritize security in the development stages of new devices. Too often there is a rush to launch a new technology, with security being an afterthought. This attitude must change. Achieving mobile security will depend on industry adoption of security standards, cooperation with law enforcement, and a clear understanding of the different requirements between PC and mobile security. Utilizing Reputation-Based Security to Meet the Challenges of the Expanding Threat Landscape In addition to attacking multiple consumer devices beyond the traditional PC, cybercriminals are also distributing millions of...

Share