Security Trends and Outlook for 2010

There was a call recently, sponsored by Symantec, in which security experts and analysts discussed the security trends in 2009 and what they expected to see in 2010. Here’s what they said:

2009 Trends

  • Drive-by. In 2008 there were 18 million drive-by download attempts. In the first half of 2009 there already 17.5 million. This activity is increasing. (see last blog for discussion of drive-by downloads)
  • Plug-ins. Drive-by downloads that target browser plug-ins as well as websites are increasing.
  • Trusted websites. Legitimate websites are now being compromised. The vast number of blocked downloads, per Symantec, were from legitimate websites. Cyber criminals are finding ways to post, especially on social networking websites, malicious Java applets or Active X components that target users of these websites.
  • Rogue security software. From July 2008 to July 2009 Symantec states there were 43 million software installation attempts by rogue security software. The latest ploy by cyber criminals is to package free anti-virus software found on the web and either resell it for a fee, or attach some malware which will hijack the user’s computer once the application is installed.
  • Content scams. The latter half of 2009 saw increasing content-based attacks. How this works is the scam artist creates fake sites based on popular search items or current news events. This poisons search engine results – presenting sites laden with malicious links, ads or drive-by downloads.
  • Security breaches. Data breaches continue to grow risking identity theft. 400 breaches were reported in 2009 which compromised 200 million records. 80% of breaches are caused by insiders within an organization. And adding to this is the fact that 59% of employees when they leave a company take confidential information with them.

2010 Outlook

  • URL shortening services. Bloggers, Twitter users and many social networking site users often utilize what are called “URL shortening services” to provide short worded links that redirect to links which are actually longer in length. For example, if I have a link that is 30 characters long that I want to embed in a message, and I’m sending a Tweet that has a 140 character limit, I can use a service that allows me to post a 10 character link that will point to the actual link. URL shortening services provide a hosted solution that redirects a user from a longer URL to a shorter one. What has happened is cyber criminals are finding ways to redirect those links hosted by the URL shortening service provider to malicious links.
  • Capture technology. When you register for new accounts on many websites, you are asked to type in a code displayed in a funny, groovy looking text box. By doing this the website owner insures that an actual human is registering and not a computer application. Some cyber criminals are now using low-cost labor in sweatshops, in places like India, to manually create accounts. Once registered within a website that for example offers an Instant Messenger (IM) account, the attacker uses the IM account to send malicious links to other IM users.
  • Non-English spam. Most spam to date has been sent in English. However there has been a significant increase in countries like the Netherlands, Germany and France with native language spam.
  • Focused malware. Symantec sees increases in specialized malware that targets specific systems such as Automatic Teller Machines (ATMs), and phone-based voting systems (e.g. those used in realty TV shows for the public to vote ).
  • Cell phones. Smartphones are becoming targets for rogue security software download attempts. With so many applications now being made available for wireless devices like the BlackBerry, attackers are looking to exploit the same scams used on computer users.
  • Bandwidth. Increased bandwidths in developing countries, created by the installation of broadband networks, has brought back a resurgence of botnets by spammers.
  • Social networking sites. Scammers are trolling popular social media sites like Facebook for opportunities to implant malicious content and micro applications. By infecting users who receive and trust messages from others in their circle, attackers can exploit entire networks.

What to do? Symantec has embarked on a concept they call “reputation-based security.” All websites are assumed guilty until proven innocent. So look for increased certifications and diligence in the safe-guarding of content, web links and applets on websites.

In addition, as individuals, one of the best practice security tips you should follow is: (1) don’t store your passwords in the browser (don’t click on the “remember me” option). And (2) use strong passwords in your home wireless routers (change the one that comes with your system) as well as at all web sites you register with.