Top 10 security predictions for 2009
What will next year hold in the ever-changing world of IT security?
New tech means new ways for criminals to attack systems. Next year will see hackers get smart about cloud computing, social networking and more. Here's our top ten threats to keep an eye on...
Malware will increasingly target Web 2.0 as well as cloud services. New cloud-based services - such as Amazon Web Services and Microsoft Azure - are vulnerable new targets for cybercriminals or spammers.
The cloud could be used simply to send spam, but it also could launch sophisticated attacks such as hosting malicious code for downloads.
Web 2.0 has also created an environment where malware can change depending on an event or a situation. Separate harmless bits of malware can be constructed to combine and maliciously attack.
A good example of this is with mash-ups, where data from many websites can be reconstructed to create something malicious.
Malware-as-a-service becomes more common, which will allow automated malware to be bought and sold to order. This will be a big problem, as it lowers the technical level needed for criminals to become online fraudsters.
An explosion in new malware variants and web threats
Anti-virus vendor Symantec claims that new strains of malware consisting of millions of distinct threats can propagate as a single, core piece of malware. This will create a number of unique malware instances.
Indeed, research has shown we have now reached an inflection point where we are now more malicious programs than legitimate ones. Businesses and vendors need to move away from signatures and concentrate on detection methods, such as the reputation-based approach.
As web services keep increasing, and as browsers start to move towards a uniform standard for scripting language, expect new web-based threats.
Social networking spam
As the year went on, criminals were gradually moving from email-based spam to different techniques. One of these was social networking spam, where websites such as Facebook and MySpace were targeted.
Personal information is gold to the bad guys, and they will learn better tricks to persuade users to give away their details and find ways to access private accounts.
The rise in popularity of social networking sites that allow user-generated content will be a problem. Web spam will increase as will malicious posting into user-forums and blogs.
Security firm Websense claims that new web attack toolkits have emerged that allows attackers to discover posts and/or have vulnerabilities. Bots may also add more HTTP post functionality among their many capabilities.
More legitimate website hacking
Many users are still unfamiliar with web-based malware and 2009 could a boom year as cybercriminals look to capitalise on this ignorance. It is a very recent evolution to exploit flaws in browsers and web servers, and new toolkits are now constantly being made to take advantage.
The fact that these toolkits often don't need users to have a great technical knowledge lowers the barrier for entry for cybercriminals and pushes the threat level even higher than before.
Unemployment creates more cybercriminals
The credit crunch will affect the security landscape in a number of ways. One of the scariest prospects is that the economic downturn will make it tempting for unemployed IT workers to use their technical knowledge to commit internet crime.
It's a very lucrative business - and as mentioned before - the growth of malware-as-a-service will make it very easy for people to make money on the web, even if they lack the right technical knowledge.
It could also be a problem in developing countries, as the lack of IT jobs could force qualified and skilled technical workers into the arms of criminal gangs, who will exploit their skills in aid of making money over the web.
In This Article
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now