Threats and threat technologies in 2010

Trend Micro released a report titled “The Future of Threats and Threat Technologies”, in which they analyzed the current situation and made some predictions for 2010 and beyond.

No global outbreaks, but localized and targeted attacks
Over the past few years, the threat landscape has shifted, there are no longer any global outbreaks, as were previously experienced with Slammer or CodeRed. Even the much-covered Conficker incident of 2008 and early 2009 was not truly a global outbreak – rather it was a carefully orchestrated and architected attack.

It’s all about money, so cybercrime will not go away
The money is primarily found where there is a large monoculture or where applications containing lots of valuable data are found. In the future, mobile devices like smartphones and the public/private cloud will become greater targets for cybercrime.

The underground economy continues to attract more criminals partly because of the relatively small investment required to reap huge profits in various sectors of criminal operations. However, much like legitimate businesses, as more players come into the game, profit margins will inevitably shrink. Additionally, financial companies are coming up with more stringent security measures, making it just a bit harder for cybercriminals to conduct fraud. These will inspire mergers and takeovers among different cybercriminal players. Likewise, this will force some pioneering cybercriminals to formulate better and faster ways to turn stolen information into cash or to go directly after cash.

Windows 7 will have an impact since it is less secure than Vista in the default configuration
With the release of Windows 7 and the rise of the 64-bit platform, cybercriminals will take the challenge presented to them by developers and find vulnerabilities to exploit.

Drive-by infections are the norm—one Web visit is enough to get infected
Scripts will in most ways replace binaries in terms of Web attacks. Scripts serve the same purpose as executable files with the added advantage of being easier to plant in websites and harder for users to detect. Malvertisements will continue to be a grave threat to both users and legitimate advertisers.

New attack vectors will arise for virtualized/cloud environments
With cloud computing, servers, like laptops before them, are moving outside the security perimeter and can be co-located in a remote facility among unknown and potentially malicious servers. Data in the cloud is, broadly speaking, unprotected, unsecure, and often unrecoverable. Backup systems that work at cloud level are vital.

Bots cannot be stopped anymore, and will be around forever
Botnet masters tend to emulate the most successful botnets in terms of evading detection over time, so there will be a preference for a peer-to-peer (P2P)-type botnet architecture as these are more difficult to take down.

A sure trend is that more and faster monetization will become a priority for bot masters. Botnets will no longer be limited to being rented out for distributed denial of service (DDoS) attacks or spam runs. Bot masters will employ what is called the “pay-per-install” business model, wherein they get paid for every unique instance that the malware they were hired to distribute is installed on a system.

Company/Social networks will continue to be shaken by data breaches
Social networks and social media will be used more and more by cybercriminals to enter users’ “circle of trust.” Social networks are ripe venues for stealing personally identifiable information. On a social engineering standpoint, the quality and quantity of data left lying around by most trusting users on their profile pages and interaction clues are more than enough for cybercriminals to stage identity thefts and targeted social engineering attacks.

Web threats will continue to plague Internet users
Cybercriminals will continue to abuse Internet-browsing behaviors, platforms, and technologies, finding new and better ways to deliver their different payloads.

Blackhat search engine optimization (SEO) will become a more frequently used avenue for initiating Web attacks. Cybercriminals will be able to affect a wider range of audiences through data mining and identifying trends on the Web, such as top searches in Google and trendy topics in Twitter.

For the full threat report, go here.

Don't miss