Top 20 security predictions for 2011 – Part I

It’s that time of year again where the prognosticators give their predictions for 2011. We scanned the security experts and compiled their predictions, however the list was so long we had to break it into two parts. Here are security predictions 1-10.

  1. Zero-day, polymorphic, metamorphic, multi-platform flash worm –Look for more and more well planned and executed breaches leveraging zero-day or customized malware that cannot be detected by any main-stream antivirus product.  As a result start preparing now on how to detect zero-day malware throughout your enterprise.
  2. Increase in attacks on devices on the network from printers and routers on one end to more non-traditional targets on regular desktop/server computers. The newest Alureon rootkit attempts to persist even after a reinstall of Windows 7 64-bit and a researcher has just announced a proof of concept rootkit embedded in a Broadcom network card’s firmware. These attacks will become more common in 2011 since they do not require the same level of investment as attacking the supply chain with modified hardware.
  3. The virtual incident response team concept will begin to fade in favor of full time Incident Responders, Forensic Analysts, and Reverse Engineering Malware Specialists. Security Operations Centers will begin to form dedicated full-time incident response teams to respond to ongoing security threats.
  4. IPv6 will become important when IPv4 address space is exhausted. Sometime within 2011 or 2012, ARIN and regional registrars will exhaust the existing IPv4 address space. The lack of properly implemented IPv6 networks and the increasing availability of auto configured IPv6 connections from desktops and servers will lead to a “shadow network” of IPv6 tunnels which will evade many controls like intrusion detection or prevention, firewalls, content filtering, data leakage monitoring, spam filters and many other technologies we have been relying on in network security
  5. ARM hacking. Advanced RISC Machines are prevalent in cell phones and microcontrollers. As mobile phones become more advanced, and more data is stored on these devices they become a bigger target for hackers. More services runs on mobile phones, and some of them are vulnerable in the same way they are vulnerable on PCs.  In 2011 with more common tricks and more shellcodes, it will be easier for hackers to exploit vulnerabilities on mobile phones.
  6. Improved social engineering attacks. Attackers will increasingly make use of social-engineering tactics to bypass technological security controls, fine-tuning their techniques to exploit natural human predispositions (curiosity, greed, lust, friends). We’ve already seen such approaches succeed at influencing victims into clicking on questionable links, opening exploit-laden attachments, and installing malicious software.
  7. Social media. More organizations will adopt social media as a core aspect of their marketing strategy. Organizations will have a hard time controlling online social networking activities of their users. Attackers will continue to take advantage of the still-evolving understanding of online social networking safety practices to defraud people and organizations.
  8. A worm will eat all the iPhones and convert the Androids to bricks. Your smartphone knows where you are, has access to your email, appointments, phone contacts, it is part of the way you surf the web, soon you will be able to make purchases with it and it has very little security or privacy built into it.
  9. Memory scraping will become more common. Browsers are notorious for leaving things sitting around in memory during web sessions. The RAM Scraping malware also targets encryption keys in memory to decrypt anything for session data to encrypted files. As far as the emerging security threat part, we are seeing RAM scraping more commonly now as attackers focus on client-side attacks, shifting away from server-side attacks. Browsers are often misconfigured, allowing malware to get onto a user’s system, stealing credit card data and passwords.
  10. Extreme disclosure. The next few years will bring a rapid increase in forces seeking to expose businesses and governments alike (e.g. Wiki – leaks). This will cause a ratcheting down of information management policy, increased instrumentation, and massive litigation.