Top 20 security predictions for 2011 – Part II

Here is Part II of the top 20 security predictions for 2011.

  1. Security continues to become part of virtual infrastructure. As more and more organizations add virtualization technologies into their environment, particularly server and desktop virtualization, security will be more embedded in the native technologies, and less of an “add-on” after the implementation is complete. In addition, security architecture design will be a “must have” element of virtual infrastructure planning and deployment, not a “nice to have.”
  2. Cybercriminals take over URL shortening services. URL shortening services are becoming critical to the operation of social networks, particularly those that apply a character limit to user updates. In 2010 we saw a number of exploits using URL shortening services that lead to compromised sites. In 2011 we expect to see more sophisticated attacks using URL shortening services either by a criminal enterprise gaining control of a significant URL shortening service or one of these groups setting up a service which appears legitimate, but is not.
  3. Hackers exploit router vulnerabilities. As 2010 has proven there are many systems vulnerable to attack. We often focus on PCs, servers and devices but recently it has become apparent that routers are also open to exploit. Router vulnerabilities, allow attackers to re-route network traffic with malicious intent. As an example a user could be diverted from an online banking site to an identical-looking malicious website and their login credentials could be stolen or a business user could be diverted from a legitimate CRM, ERP or HR service allowing a hacker to access client, business or staff information.
  4. Rogue marketplace vendors exploit online digital currencies. In 2011 social networking sites and online marketplaces will roll-out their own in-house digital virtual currencies. As an example one site already has a system in place that uses “Credits.” Attacks will soon be designed to seek to exploit these new areas for financial fraud, including specialized malware, rogue applications and phishing attacks.
  5. Botnets evolve with steganography. Since the McColo ISP takedown in November 2008, which removed the command and control servers used by cyber crooks to control the activities of their botnets, and wiped out many cybercrime operations, the cybercriminals have been looking to build business continuity practices into their operations. In 2011, we expect that botnet controllers will resort to employing steganography techniques to control their computers. This means hiding their commands in plain view – perhaps within images or music files distributed through file sharing or social networking websites.
  6. Automation advances targeted attacks. Highly targeted attacks are steadily increasing in number. These carefully crafted attacks target specific users in specific organizations and require significant effort and research on behalf of the cybercriminal. In 2011 criminal enterprises will increasingly automate this research to create a heavier volume of more powerful and convincing attacks that appear particularly relevant, interesting and/or newsworthy to the intended victims.
  7. Stuxnet strikes up malware specialization. One of the most threatening advances in malware during 2010 broadened the range of targets beyond PCs and servers when the Stuxnet Trojan attacked programmable logic controllers. In analyzing Stuxnet, it was observed that the malware was digitally signed (certified) with two legitimate certificates. Soon thereafter, a variant of the Zeus Trojan was discovered to be digitally signed using a certificate from antivirus vendor Kaspersky. This trend is alarming because Windows Vista, Windows 7 and many other products check the validity of digital signatures and warn or deny users when a certain type of software is not digitally signed. When cybercriminals use stolen certificates to digitally sign their malware, they bypass this protection with ease. This specialized malware written to exploit physical infrastructures will continue in 2011 driven by the huge sums of money available to criminal enterprises at low risk of prosecution.
  8. IT forced to implement more granular web security policies. In 2010 more than 80% of malicious threats intercepted were found on legitimate websites that had been compromised either directly or indirectly via third party provided content. At the same time categories which were once easy to block universally, like social media, are becoming increasingly business relevant. In 2011 we expect IT managers will be forced by business necessity to implement more granular and refined web security policies. Particular business units, departments or users will be granted access to certain websites or categories of sites
  9. Spam campaigns will increasingly mimic legitimate mail from popular websites. While we have seen messages like these before, we’ve noticed that they now look more legitimate than in the past. Examples of this include spammers who targeted Amazon/Flixster/GoDaddy names and a FedEx campaign. In the case of LinkedIn spam messages, we observed that the headers and body templates were taken from actual LinkedIn messages. Therefore, it’s nearly impossible for the average user to distinguish between the legitimate LinkedIn messages and the nefarious ones.
  10. Security and services continue to migrate to the Cloud. An increasingly mobile workforce is pushing organizations to the cloud for suitable security solutions that will be required to work seamlessly across multiple platforms, as users switch between devices used to store and transmit information online. In 2011 businesses will increasingly begin to reap the benefits of adopting a hybrid infrastructure that is premise-based, private cloud based and public cloud based and will seek to deliver a seamless user experience regardless of device or access location.