Categories: CloudNetworksSecurity

Security Risks In 2010: Pirates, Malicious Networkers And Cloud Criminals

In the past 12 months, the security industry saw a resurgence of worms, an increase in rogue antivirus software scams and much, much more. But with the sun setting on 2009, security pros are turning their eyes toward the coming year.

In it, they see a future with a threat landscape not all that much different from the present – but with a few changes in scenery. Here are the top 3 predictions from IBM’s X-Force research team:

1) Pirated software will drive insecurity in much more dynamic ways than previously realised. Users of pirated software are afraid to download updates, thus are exposed to security risks because their software is entirely unpatched. Also, newer versions of pirated software now come with malware pre-installed. As a result, users of pirated software will become the new “Typhoid Marys” of the global computing community.

2) Social engineering meets social networks and ups the ante for creative compromises. Criminal organisations are increasingly sophisticated in how they attack different social networking sites. For example, Twitter is being used as a distribution engine for malware. LinkedIn, however, is being used for highly targeted attacks against high-value individuals. We will see these organisations use these sites in creative new ways in 2010 that will accelerate compromises and identity theft, especially as new commercial applications increase the disclosure of valuable personal information on these sites.

3) Criminals take to the cloud. We have already seen the emergence of “exploits as a service.” In 2010 we will see criminals take to cloud computing to increase their efficiency and effectiveness.

The services referenced in point three can run the gamut from services to verify malware isn’t detected by security tools to launching large-scale infections of chosen malware, noted Robert Freeman, senior technologist for IBMGlobal Technology Services.

“The exploitation industry – at least as it relates to criminal organisations – is becoming increasingly service-oriented,” he said. “It is less about zero-day exploit sales and more about providing useful mechanisms at competitive prices for attackers of various sizes.”

Social networks have increasingly gained ground as an attack vector, though it is not nearly as prevalent as email. Still, worms using social network data can be even more successful, as they can contain personalised messages mentioning a victim’s family, friends and interests based on information from their social networking profiles, said Jon Larimer, malware researcher for IBM X-Force.

“However, worms that spread through the sites of social network messaging systems will be short-lived, as the site operators have the ability to filter messages and stop worms pretty quickly,” Larimer added. “This means that the most successful worms of this type will use social networking data but will spread through email, which is more decentralised.”

Over at Sophos, Security Analyst Michael Argast opined that attacks against hosted services will see an upswing as well.

“I expect that the continued interest in these services, combined with outages, targeted attacks and leaks will keep the balance of internal security vs. hosting data in the cloud to continue to be an area that will vex CISOs in the year to come… they will be under targeted attack, both directly via security vulnerabilities and attempted intrusions and indirectly through credential theft and phishing attacks,” he said.

Perhaps unsurprisingly, Argast predicted the focus on targeted data theft will rise, but with attackers going through more indirect routes to get data. That includes using social networking sites, he said.

“The recent rise in consumer privacy data being lost via iPhone apps and Facebook apps is one example, but also examples like criminals signing up for direct access to credit bureaus, and taking advantage of the down market to involve insiders,” he said. “Also, less obvious targets of data theft will be more common – smaller businesses will be under attack… A nasty example of this trend starting this year was the rise in attacks on the higher education market – since these organisations often struggle with IT security due to their open network access policies, but at the same time have hundreds of thousands of student records with confidential data.”

“I expect next year, a rise in attacks on health care organisations will occur for similar reasons, continued attacks on retailers big and small, tax authorities, school systems – anywhere where lots of records are kept by organisations that haven’t traditionally had best practice security in place,” he added.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago