
For the year 2010, IT Security experts are expecting the following IT Security threats, patterns, growth and emergence:
1. WEB 2.0 attacks will increase in sophistication and pervalence.
For the year, a greater volume of spam
and attacks on the social Web and real-time search engines such as Topsy.com,
Google and Bing.com is expected. In 2009, researchers have seen increased malicious use of
social networks and collaboration tools such as Facebook, Twitter, MySpace and
Google Wave to spread attackers’ wares. Spammers’ and
hackers’ use of Web 2.0 sites have been successful because of the high
level of trust users place in the platforms and the other users.
2. Botnet gangs will fight turf wars
In the past year, there's been an increase in botnet groups
following each other and using similar spam/Web campaigns tactics such as fake
DHL and USPS notifications and other copy-cat behavior. This is expected to
continue in 2010. In addition, more aggressive behavior between
different botnet groups including bots with the ability to detect and actively
uninstall competitor bots are anticipated.
3. Email gains traction again as a top vector for malicious
attacks
In 2010, email used as a vector for spreading malicious
attacks will evolve in sophistication. Attackers are more often using timely
topics to lure recipients to open mail, attachments and click on malicious
links. Not only are more emails containing malicious attachments, researchers
also have seen increased sophistication of blended attacks that are difficult
to close down. During 2010, this trend will continue and it is seen that more
emails containing malicious data stealing attachments and malicious URLs.
4. Targeted attacks on Microsoft properties, including
Windows 7 and IE 8
Experts see more malicious attacks targeting the Windows 7
with specific tricks to bypass User Access Control warnings, and greater
exploitation of Internet Explorer 8. While Windows 7 tries to reduce the
pop-ups by allowing four levels of User Access Control, security challenges to
the interface and the operating system still exist. In fact, during a Patch
Tuesday cycle done in October 2009, five updates were for Windows 7 – even
before it was released to the general public.
5. Don’t trust your search results
In the last year, attackers have used Blackhat SEO attacks
to poison search results on everything from MTV VMA awards and Google Wave
invites, to iPhone SMS features and even shopping and sales sites. SEO poisoning attacks are
successful because as soon as a malicious campaign is recognized and removed
from search results, the attackers simply redirect their botnets to a new,
timely search term. These ongoing campaigns are likely to gain steam in 2010
and may cause a trust issue in search results among consumers, unless the
search providers change the way they document and present links.
6. Smartphones are hackers’ next playground
At the end of 2009 there were four iPhone exploits in a span
of a few weeks—representing the first major attacks on the iPhone
platform and the first iPhone data-stealing malware with bot functionality.
With a rapidly growing user base, business adoption and increasing use for
conducting financial transactions with these devices, attackers will begin more
dedicated targeting of smartphones in 2010.
7. Why corrupt a banner ad serve, when you can buy
malvertising space?
In a high-profile incident in 2009, visitors to the New York
Times Web site saw a pop-up box warning them of a virus that directed them to
an offer for antivirus software, which was actually rogue AV. This attack was
served up through an advertisement purchased by someone posing as a national
advertiser. The successful attack was a worthwhile investment for the criminals
and so in 2010 more malicious ads will be legitimately purchased by the bad
guys. Since this practice became so widely known, it is expected that most attackers will also be going the same route.
8. 2010 will prove Macs are not immune to exploits
Macs are immune to security threats and therefore employ
less security measures and patches, so attackers have additional incentive to
go after the OS X platform. During 2009, Apple released six large security
updates for Macs showing the potential for attacks. In 2010, there will be even
more security updates as hackers ramp up attacks targeting the platform. There
is also the potential for the first drive-by malware created to target Apple’s
Safari browser.
The dynamic nature of Web 2.0 attacks, the use of email to
drive users to malicious Web sites, and tactics like SEO poisoning and rogue AV
all demonstrate the need for organizations to have a unified content security
platform that protects against blended Web, email and data security threats.
In the Philippines, just after the new year, three government websites
were hacked and defaced. With the new method of computerized elections,
expect these threats to really go after government, non-government and
even the candidate's websites as well as really turning on the attacks
focusing on the elections.
- ISLC
Back to Top
|