Information Security Cyber Threats for 2010
Kaspersky Lab announced recently the estimations of their security analysts about the activity of cyber criminals for 2010.
In 2008, the company’s analysts predicted an increase in system infections by viruses. Unfortunately, these estimates proved accurate. In 2009 we saw the emergence of sophisticated malware with functionality based on rootkits, the significant use of worm Kido (also known as Conficker), but also we observed numerous Internet attacks, the proliferation of botnets, fraud using mobile SMS and attacks on social networking websites.
Estimates for 2010
According to the experts at Kaspersky Lab, there will be a change in the types of attacks. More specifically, there should be a change from the attacks waged through websites and applications to attacks via file-sharing and peer-to-peer networks.
Already in 2009 there was series of massive attacks based on malware that spread via torrents. This method was used for the deployment of web threats such as viruses like TDSS and Virut, and the invasion of computers running Mac OS X. In 2010, we should expect a significant increase in this type of attacks on P2P networks.
The cyber criminals will continue to compete unleashing viruses. Currently, cyber criminals try more and more to be legalized and there are many ways to profit using the spread of malicious viruses through botnet networks. Today, botnets are used mainly for “black market services”. However, future services are expected to become more “gray” color.
The so called “cooperation programs” will give botnet administrators/owners the ability to profit from activities such as sending spam, DoS attacks or via sending malicious software applications that are not clearly a form of criminal activity.
The decline observed in the use of Trojan viruses that banged users of online gaming in 2009, is likely to occur in the use of fake antivirus programs in 2010. This category of threat first appeared in 2007 and in 2009 it reached its zenith. The worm Kido, for example, went to install rogue antivirus programs on infected computers.
However, the “market” of fake antivirus programs is now saturated and profits for cyber criminals have fallen. Furthermore, these activities are closely monitored by the legitimate security companies. In this context, an increasing degree of difficulty for the development and distribution of rogue antivirus programs is introduced.
With regards to attacks on web services, Google Wave is expected to monopolize the interest in 2010. There is no doubt that attacks in this new Google service will follow the usual model. First comes the sending of spam messages, then phishing attacks, then the exploitation of vulnerabilities of systems and the end comes with the spread of malware. The availability of Chrome OS operating system by Google, which is based on Internet technology, is a notable development, but experts of Kaspersky Lab expect that cyber criminals will not show great interest around this software platform.
However, it is expected that 2010 will be a difficult year for iPhone users and for phones with Android operating system. The first malicious programs for these platforms appeared in 2009, which is a clear indication that there is increased interest from cyber criminals. As for the users of iPhone, only those who have cracked appliances will be at risk, but the same does not apply to users of devices with Android software, as all of them can fall victims to attacks. For example, the growing popularity of mobile phones with Android software in China, combined with the lack of effective controls for the security of applications offered from third parties, is expected to contribute to the rise in the number of attacks by malicious programs.
The identification of new vulnerabilities in the systems will be the main cause of mass infection by viruses. These vulnerabilities will be mainly related to software developed by third parties (such as Adobe, Apple, etc.), but also Windows 7, whose marketing has recently started. If a large number of such software vulnerabilities is not found in 2010, it may well be one of the “quieter” years long.
Filed under: General Security
Like this post? Subscribe to my RSS feed and get loads more!