Posted on February 21st, 2010Few security professionals expect 2010 can bring much respite, with online criminals developing new attacks and tricks, while businesses and personal users are increasingly more dependent on the cyberspace for trade and communication. These are some of the security trends for this year:
Attacks to Cloud Networks: As organizations shift to cloud computing for reducing their costs and improving flexibility, so the system is more likely vulnerable from cyber attacks. As more sensitive corporate data stored inside the cloud. In the meantime, higher dependence on 3rd party services to host applications and data will make it harder for IT directors to defend their information security perimeters.
More Advanced Botnets: More than ninety percent of e-mail traffic is now spam. It is likely that spam can’t grow much more, in terms of percentage, but it is expected that the absolute volume will continue to grow. Most botnets are becoming even more versatile and more difficult to detect. However, surprisingly some e-mail owners replied to spams and purchased the products.
CyberCrimes in Social Networks: Social network users are set to grow further this year, and so will cyber crimes directed through social networks. The attacks will be more than just account takeover, we will see more attempts of using social networks to introduce malware and spam links.
Industrialization of Online Frauds: Online frauds are increasingly organized along industrial lines. We will see fraudsters to have more defined supply chains. They are often organized in ways that are typical of drug cartels, while putting more emphasis on automated tools to mimic the mass production process.
More Data breaches: It will continue to be a problem for businesses, regulators and governments. A large percentage of data breaches in 2009 were accidental or unintentional. But it is expected that there will be more malicious breaches in 2010, both through cyber crime and hacking, and malicious data theft by former employees.
ScareWare: Malicious apps that demand money as ransom started to appear in 2009, and are expected to be more common still this year. Rogue codes hijack users’ machines and immediately ask for ransoms to return control of the device. Other scareware makers con users into installing “anti-virus” software that removes spurious infections after the ransom is paid.
Localized Attacks: Massive malware attacks may happen less often. From 2010 onwards, we may see a shift to smaller and more localized attacks.
These might be limited to a country, a town, a company, or perhaps a high-profile individual. We’ve already seen how hackers successfully compromise the accounts of famous social network users. Malware creators are turning to “spear phishing” crimes to target the prominents and the influentials.
Large scale attacks can be focused around major international events, with the 2010 South Africa FIFA World Cup expected to bring sharp spikes in malware attacks.
Attacks on Virtualized Environments: Virtualization was one of the most important technology subjects of 2009. In 2010, cyberpunks will turn their focus to virtualized IT systems, as it allows them to establish new attack vectors. One obvious risk is the use of virtualization for supporting shared infrastructures; and also security holes created by the gaps between the physical hardware, hypervisors, and virtual machines.
Attacks on Windows 7 Systems: There’s no denying that those people in Redmond has made great strides and some improvements in security in the last couple of years. However, as Windows 7 maturates and grows in market share, crackers will turn their attention to the OS, instead of older versions such as Windows Vista and Windows XP. Some security experts warn that, the basic security configuration of Windows 7 is weaker than in Vista.
More Mobile Malware: In general, malware threats to cellphones, and especially smart phones will continue to grow. Last year has seen malware attacks on iPhone owners in Australia, and attempts to infect BlackBerry devices through modified PDF files. As yet, there hasn’t been a major attack on a specific mobile platform, perhaps because there is a wide range of the mobile devices on the market, and maybe because mobile devices carry no or little critical data. However the risk of a major attack against a widely used mobile platform will increase as other mobile devices (e.g. tablets) become more common. Some experts warn that we may see more attacks on modern smartphones (for example, iPhone 3GS or Google Nexus One) and against newer platforms, such as Maemo 5.