Great piece in Network World on the history of Windows malware. Many trying to hype up “polymorphic” malware and malware using encryption today, but that was done long ago, too. Plus, there has been an important constant over those two decades – people acting like people. He ends the piece like this:
But the most prolific vector for malware innovation will likely reside in social engineering. After all, while it’s getting harder to crack Windows programs, it’s as easy as ever to attack the weakest link: the one between users’ ears. Look for more cons, more fake “Windows tech support” calls, and more bewildered users who will gladly give out sensitive information to anyone who claims they can help fix things.
Windows malware has changed a lot in the past 20 years. People haven’t.
In the SANS Newsbites, my equivalent was:
Editor’s Note (Pescatore): As long as casinos and gambling continue to be a huge industry, you can be sure that social engineering attacks will always succeed – people will be people. As long as people act like people and have to collaborate with other people to get the job done, there will be vulnerability to insider threats.
In the latest data I can find, the American Gaming Association reports that gambling (or what they call “gaming” ) revenue grew from $61B to $92B from 2000 to 2007. Looks like the recession may have slowed growth rates in 2009 and 2010, but many reports show growth returning in 2011. People seem still to be lining up at slot machines that sport large signs saying “Guaranteed to return 98% of your money” and despite 20 years of user “awareness and education” users will still click on links that say “Have you heard what Charlie Sheen just did?!??”
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.