by Playfuls Staff |
15th December 2006
Websense predicted that in 2007 organized criminals will
join forces with the hacker community to form a more organized cybercrime
economy, which buys, sells and trades hot commodities such as ready made [more]
cyber-attack toolkits and exploits utilizing zero-day vulnerabilities. Websense
security experts also predict that Web 2.0 security issues will escalate as
these technologies are being rolled out in mass with security as an
afterthought.
No longer are e-mail borne worms and viruses the top
concern. Today’s threats revolve around the changing, dynamic and ubiquitous
use of the Internet. The Web will continue to be the number one infection
vector for malicious code designed to steal information, which is evolving at a
rapid pace in both numbers and in attack sophistication.
Websense also predicts exploits in anti-phishing toolbar
technology, the enhanced concealment of data to evade leakage prevention, and
increased use of encryption and custom packing of BOT’s.
In 2006, cybercrime and the evolution of new
cyber-criminals increased. In 2007, Websense expects underground cybercrime to
become better organized and run a better economy. As part of that growing
economy, the market for zero-day attack code will be more competitive. This
will result in an increase in the number of zero-day attacks and better attacks
on both the client and server-side.
Web 2.0 Security Issues Escalate:
Comprising an estimated 80 percent of the top 20 most
visited Web sites, such as MySpace and Wikipedia, Web 2.0 sites are a growing
phenomenon. Web 2.0 sites including social networking sites are particularly
vulnerable to attack because of the constantly changing nature of the content
which is difficult to monitor and secure. With millions of potential
victims—criminals, spammers and adware companies are already seeking to
prosper. In fact, according to the Gartner November 2006 report “Web 2.0 Needs
Security 101” by John Pescatore, the author notes that “Web 2.0 mashups that
are not done securely will lead to huge openings for new forms of phishing and
other attacks.”
Web 2.0 Areas of Concern:
* User-Created
Content: As mentioned in 2006, by empowering end-users with creative, dynamic,
content control, increased security problems will result.
* Social
Networks: The large population of users and ability to link users through
profiles and networks will lead to more security issues within these communities.
Entertainment social networks are not the only targets; there are several
business networks of users linking for employment recruiting, business
development, and other business-related reasons that face the same threats.
* Service
Oriented Architecture (SOA) and Web Services: The Web as a platform is finally
here. The advent of ‘mashing’ Web services and linking several properties
together will lead to increased security issues, as cross-domain security
issues can affect all links in the chain.
Anti-Phishing Toolbar
Exploits
In 2006, several high profile companies released
anti-phishing toolbars embedded within the browser. However, Websense predicts
that some anti-phishing toolbars will become targets of exploit code designed
to disable or avoid their prevention mechanisms.
Enhanced Concealment
of Data
In 2007, stealing information using malicious code will
increase. Prevention methods will also lead to better concealment of the
valuable information that often leaves organizations and the network.
Cyber-criminals will increasingly use encryption with malicious code to bypass
preventive measures.
BOT Evolution
The BOT evolution will continue and evolve again with
countermeasures. Distributed command-and-control and the use of other protocols
other than Internet Relay Chat (IRC) or HTTP will be used to control BOT
networks. Increased use of encryption and custom packing of BOT’s will also
occur.
