Category: Trends

Unique predictions include a potential cryptographic algorithm break, botnet turf wars, attacks on voting mechanisms for elections and reality shows, a major utility breach in the U.S. and hijacked computers held for ransom.

James Quinn, senior research analyst at Info-Tech Research Group Ltd., expects the push towards financial incentives will continue from the hacker’s perspective. But the biggest trend that will continue from 2009 into 2010, according to Quinn, is the increasing speed at which threats will evolve. “Security companies have gotten very, very good at responding to threats, and so as a result, bad guys have had to change the nature of the threat more rapidly… I think what we are going to continue to see is an increase in that rate of evolution,” he said.

Quinn also expects 2010 will be an interesting year in terms of reputation-based security software. While the model allows anti-malware vendors to work quickly by looking at where information is coming from, whether it works effectively still remains in question, he pointed out. “They are moving towards this model out of an efficiency basis, simply because there is so much good code and there is so much bad code available that it becomes impossible to work on a signature basis with any kind of performance,” he said.

The following is a compilation of potential upcoming threats to look out for in 2010, as predicted by the CA Global Advisory Team, Cisco, Symantec Hosted Services, Websense Security Labs and contributions from a group of security experts at Independent Security Evaluators.

ISE anticipates a major mobile worm attack. “Mobile phones are now small computers always attached to the Internet,” states ISE. “They contain personal information and make for an interesting component of a mobile botnet…. We got a worm this year against jailbroken iPhones… Next year will see the first worm against a major (off-the-shelf) mobile platform such as iPhone or Android.

“A major social networking site (Facebook, MySpace, etc) will shut down for an extended period of time, due to a hacking incident or a virus,” states ISE. “As more information is stored on these sites, they become more of a target.” Additionally, it would be a high profile attack for an attacker wishing to increase their ‘street cred.’ ‘Think Samy Worm except with malicious intent.”

ISE also predicts “a non-trivial break in a currently ubiquitous, trusted cryptographic algorithm” may occur. “There has been a lot of research in SSL lately, the protocol that fuels e-commerce.’ From Marlinspike and Kaminsky’s findings concerning null bytes in certificate names, to the SSL renegotiation bug, 2009 has been a rough year for crypto. This will continue in 2010 with a serious vulnerability in a currently trusted crypto algorithm being disclosed.”

ISE’s fourth prediction involves a major vulnerability discovered and/or a breach of a U.S. utility (power grid, nuclear, etc.). “With talk of cyberwarefare in the main stream media, researchers and attackers will be spending more time looking at SCADA systems associated with utility companies. Either a major flaw will be revealed by a security researcher or something ‘bad’ will happen when an attacker takes advantage of it,” states ISE.

Websense Security Labs noticed botnet gangs mimicking each other in 2009, anticipates the trend to continue in 2010 and expects it will lead to turf wars. “We anticipate more aggressive behaviour between different botnet groups, including bots with the ability to detect and actively uninstall competitor bots,” states Websense. “E-mail will gain “traction again as a top vector for malicious attacks,” states Websense. The company saw a “huge uptake in e-mails being used to spread files and deliver Trojans as e-mail attachments” in 2009.

“2010 will prove once and for all that Macs are not immune to exploits,” states Websense. The company also notes potential for “the first drive-by malware created to target Apple’s Safari browser.” Hackers have “noticed Apple’s rapid growth in market share” and have additional incentive to target Mac users because “many assume Macs are immune to security threats and therefore employ less security measures and patches,” states Websense. CA also highlighted an upcoming focus on Mac OS X, stating “malware actors will focus on the 64-bit and Apple platform.”

“As broadband connection penetration continues to grow across the globe, particularly in developing economies, spam in non-English speaking countries will increase,” states Symantec.

Highly specialized malware aimed at exploiting certain ATMs was detected in 2009 and the trend will continue in 2010, notes Symantec. This includes “the possibility of malware target ing electronic voting systems, both those used in political elections and public telephone voting, such as that connected with reality television shows and competitions.”

“Expect to see the propagators of rogue security software scams take their efforts to the next level, even by hijacking users’ computers, rendering them useless and holding them for ransom,” states Symantec.

Other upcoming software scams include “rogue anti-virus vendors selling re-branded copies of free, third-party anti-virus software as their own offerings,” states Symantec. Specific tricks will be used to bypass User Access Control warnings in Windows 7, according to Websense.

“Another big computer worm like Conficker is likely,” states CA. “The increasing popularity of Web-based applications and discovery of critical zero-day vulnerabilities, especially for new operating systems such as Windows 7 and Google Chrome, present good opportunities for a new worm outbreak.”

Cisco expects “cybercrime techniques that have gone out of fashion to re-emerge in many developing countries.

Symantec predicts “one in 300 IM messages will contain a URL” and “one in 12 hyperlinks will be linked to a domain known to be used for hosting malware” by the end of 2010.

http://www.cio.com/article/511338/Security_Heavyweights_Predict_2010_Threats?source=rss_security

The survey results raised the issue of companies approaching security on a threat-by-threat basis, according to Dimension Data, and not taking a more holistic view and implementing five major types of security control to secure their organisation.

Dimension Data’s global general manager, security solutions, Neil Campbell commented: “We are concerned that the surveyed organisations are tackling threats reactively, on an ad hoc basis, and without putting some basic security controls in place. “Given that each new security technology should make the whole greater than the sum of the parts, these decisions will allow organisations to rapidly focus in on appropriate technologies to extend their ecosystem.

Implementing a firewall, intrusion prevention, system security, web content security, and email content security have become a necessity.

http://www.itp.net/578628-identity-theft-prevention-is-security-spending-focus

New state-wide laws will be passed mandating that companies comply with specific data breach reporting regulations creating new challenges for many mid-tier businesses.

As the economy continues to rebound and spending increases, retailers will again be the top target for data theft. Look for at least one major retailer to fall victim to a security breach that exceeds the losses faced by TJX, and for midmarket retail attacks to double as this lucrative trend gains popularity among attackers. In the aftermath of Heartland Payment Systems — which exposed more than 130 million credit card records — compliance regulations will be refined and reinforced with greater specificity and steeper consequences.

Auditors will demand deeper demonstration of security process, risk assessment, penetration testing, employee training and policy verification and enforcement through real-time analysis and incident response.

http://www.echannelline.com/canada/story.cfm?item=DLY121009-3

Hackers can comb through profiles for information and emails of employees or accounting departments to “spear phish,” or aim schemes at specific workers. The possibility for workplace computers to be contaminated via a social-networking site is becoming more commonplace due to the increase of a computer Trojan named Zeus constructed to digitally steal money. People utilize Zeus to empty accounts of “400,000 to 1.5 million dollars a shot.”

Spam is also a highly useful method for convincing people into downloading malware or purchasing bogus products.

http://www.redorbit.com/news/technology/1796399/hackers_targeting_banks_social_sites/index.html

Alan Paller, director of research at SANS Institute, a computer-security organization, said Monday that a major law firm in New York was hacked into in early 2008 in an attack that originated in China.

U.S. officials have been cautious about publicly linking cyber attacks to China. But recent government reports have described computer attacks believed to have originated in China, although it is unclear if the intrusions were conducted by, or with the endorsement of, any element of the Chinese government. As is often the case with cyber crime, Paller said it is difficult to tell whether hackers were working on behalf of the country’s government, located in that country, or simply routing computer traffic through that country.

While some computer network attacks may be linked to countries such as China, in some cases they now can be orchestrated by independent cyber crime groups.

http://cbs4denver.com/wireappolitics/FBI.alert.says.2.1316357.html

The report offers a detailed look at the total cost of ownership surrounding security technology and weighs the cost of “renting” tools against the cost of “owning” them.

“For most SMBs, the benefits of SaaS and third-party security fall into three areas: cutting down on the stress associated with managing complex security apps; getting up and running quickly; and letting you focus on your business without having to worry about installing updates,” the report says.

http://www.darkreading.com/securityservices/security/perimeter/showArticle.jhtml?articleID=221600951