E-Threats Forecast for 2010

Year 2009 witnessed a wide range of security threats aiming at both end-users and at corporate networks.





/* Style Definitions */
{mso-style-name:”Table Normal”;
mso-padding-alt:0in 5.4pt 0in 5.4pt;

The Downadup worm (also known as
Conficker or Kido) took a dramatic surge and managed to stay one of the top
three global -threats during 2009. Although not entirely dangerous (as variants
A, B and C had no malicious payload), its spreading mechanisms and its resistance
to detection may be regarded as the cornerstone of the upcoming breeds of
highly-destructive malware.

Botnet activity

Botnets are the core of most of
the businesses involving malware. They are relatively easy to maintain and they
provide a criminal organization with unimagined computing power for multiple
purposes, such as sending spam, performing distributed denial-of-service
attacks or pay-per-click revenue abuse.

  • Spam sent by botnets will keep their ascending
    pace we witnessed in 2009
  • Distributed denial-of-service attacks will also
    increase, as more and more Internet users switch from cable modems to high-speed
    Internet connections such as optical fiber or broadband wireless. The attackers
    will mostly focus on financial institutions, web-based casinos or large
    companies to force them pay amounts of money in exchange of “protection”.

Malicious applications

The vast majority of malicious
applications are oriented towards illicit financial gains. BitDefender
estimates that the next year will bring an increased amount of malware,
especially of adware applications and rogue antivirus software. More complex
malware, such as rootkit-based file infectors and worms relying on multiple
vectors of infection (e-mail, instant messaging and peer-to-peer protocols),
are also expected.

Social networking

Building on their experience with
Facebook and Twitter, malware authors are expected to extend their reach with the
new Google Wave, as the search engine’s instant messaging service gains
popularity. Facebook and Twitter will also stay in attackers’ crosshair, given
the fact that Facebook has surpassed 350 million users. Spam and phishing
attempts targeting social networking users are also expected to rise.

Apart from the fact that social
networking websites are expected to become one of the most important vectors of
infection, they are also likely to trigger other security incidents such as
involuntary public disclosure of sensitive information.

Operating systems

Microsoft’s newly-launched
operating system Windows 7 has proved to be much safer than its predecessors.
However, as users transition from XP and Vista to Windows 7, malware authors
will focus on finding software vulnerabilities and security breaches in the
operating system.

Apple Mac OS X users should also consider adopting an anti-malware
suite in order to avoid trouble. Apart from the usual spam and phishing
attempts that are platform-independent and target any computer user connected
to the Internet, Apple’s transition to the Intel hardware platform will unleash
new opportunities for attackers that are currently writing malware for Windows.

Mobile operating systems

The latest iteration of iPhone
(the 3GS family) dramatically increased the iPhone user-base, and many of them
have decided to jail-break the operating system in order to install third-party
applications. Jail-breaking involves activation of the SSH service with a
default password and root access. BitDefender expects that 2010 will bring new
e-threats focusing on the rapidly-growing mobile platform, especially worms and
password-stealing Trojans.

On the contrary, Android and
Maemo users will be spared. Given the fact that their market share is still
insignificant as compared to Windows Mobile, Symbian and iPhone OS, malware
authors will not focus their efforts on finding vulnerabilities, but rather
strengthen their efforts on social engineering attacks.

Enterprise threats

Microsoft’s Windows Server 2008
R2 Hyper-V and the VMWare vSphere virtualization technologies have opened new
opportunities for small and medium businesses. Accommodating multiple servers
to a single machine with virtualization will dramatically contribute to cutting
down on costs. During 2010, remote attackers are expected to look for
vulnerabilities in software that would allow them to seize control over the
hypervisor and, implicitly, on all the virtual machines deployed on the system.

Cloud computing services are also
living their heyday. No matter whether they are used for e-mailing (such as
Google’ Gmail service) or for data storage and backup, the cloud technologies
hold and process significant amounts of sensitive data. It is just a matter of
time until attackers shift their focus on these infrastructures to seize
control over or limit access to these cloud resources.

Netbooks and PDAs will slowly
become security risks in corporate environments as their adoption ramps off.
These intelligent devices are extremely small; in fact, they are so small that
can be easily lost or snatched by a thief. If their physical value is sometimes
negligible, the data stored on the local HDD is priceless. Since netbooks do
not come with Trusted Platform Modules or other types of hardware / software
encryption and cannot be managed remotely (in order to wipe the HDD clean in
case of loss/theft), sensitive information may land into the wrong hands.


About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.