Top seven in 2007 #1: predictions for IT security managers

Vernier Networks issued a list of “Top Seven in ’07” IT security predictions and resolutions to help IT security managers improve overall security and increase enterprise-wide control and compliance. List of their resolutions is located here.

Top Seven in ’07 Security Predictions

1. Usage of Zero-Day attacks to get “botnet” software into computers will dramatically increase. Black-market prices for these remote exploits requiring no target-user intervention sold for $5,000 in 2004 but have skyrocketed to as much as $80,000 in 2007.

2. Business-oriented social networks, such as LinkedIn and ZoomInfo, will gain the attention of malware writers, particularly those who target specific businesses. Hackers will use these networks to penetrate organizations starting with human-resources departments. Expect more phishing-like attacks to target these social networks.

3. Hackers will continue to focus attacks on stealing identities and corporate data, instead of disrupting IT services.

4. Vista intrusions will take center stage despite the massive improvements in the product’s security. Don’t be surprised to see hackers drive home the point by creating a “Month of Vista Bugs,” as they did with the “Month of Browser Bugs” and “Month of Kernel Bugs” projects.

5. The Apple community, which is currently in denial over security issues, will suffer a rude awakening from the “Month of Apple Bugs“. Apple will react poorly but show much improvement at handling such issues for the long term.

6. Aggressive criminal attacks will double in 2007 for two main reasons. First, there are a finite number of available PCs to compromise and “zombify” into becoming spam relays and other malicious conduits. Second, cyber criminals face little law-enforcement risks but increased competition for the millions of dollars available, so hackers will take greater risks and employ more aggressive tactics. The centerpiece of cyber crime are “botnets” – a group of compromised computers that enable coordinated, remote manipulation by an attacker who has compromised a large group of computers and installed remote-controlled, backdoor software. The battle for control of large botnets will result not only in an escalation of cyber crime, but an increase in online criminals attacking each other – both with casualties on innocent users’ computers.

7. Phishing and identity theft will move from the consumer market to the corporate market, and internal identities (i.e., names and passwords) will be hijacked. Hackers will use these identities to penetrate corporate networks and steal high-valued trade secrets and customer information and sell it on the black market.