Security Risks In 2010: Pirates, Malicious Networkers And Cloud Criminals

In the past 12 months, the security industry saw a resurgence of worms, an increase in rogue antivirus software scams and much, much more. But with the sun setting on 2009, security pros are turning their eyes toward the coming year.

In it, they see a future with a threat landscape not all that much different from the present – but with a few changes in scenery. Here are the top 3 predictions from IBM’s X-Force research team:

1) Pirated software will drive insecurity in much more dynamic ways than previously realised. Users of pirated software are afraid to download updates, thus are exposed to security risks because their software is entirely unpatched. Also, newer versions of pirated software now come with malware pre-installed. As a result, users of pirated software will become the new “Typhoid Marys” of the global computing community.

2) Social engineering meets social networks and ups the ante for creative compromises. Criminal organisations are increasingly sophisticated in how they attack different social networking sites. For example, Twitter is being used as a distribution engine for malware. LinkedIn, however, is being used for highly targeted attacks against high-value individuals. We will see these organisations use these sites in creative new ways in 2010 that will accelerate compromises and identity theft, especially as new commercial applications increase the disclosure of valuable personal information on these sites.

3) Criminals take to the cloud. We have already seen the emergence of “exploits as a service.” In 2010 we will see criminals take to cloud computing to increase their efficiency and effectiveness.

The services referenced in point three can run the gamut from services to verify malware isn’t detected by security tools to launching large-scale infections of chosen malware, noted Robert Freeman, senior technologist for IBMGlobal Technology Services.

“The exploitation industry – at least as it relates to criminal organisations – is becoming increasingly service-oriented,” he said. “It is less about zero-day exploit sales and more about providing useful mechanisms at competitive prices for attackers of various sizes.”

Social networks have increasingly gained ground as an attack vector, though it is not nearly as prevalent as email. Still, worms using social network data can be even more successful, as they can contain personalised messages mentioning a victim’s family, friends and interests based on information from their social networking profiles, said Jon Larimer, malware researcher for IBM X-Force.

“However, worms that spread through the sites of social network messaging systems will be short-lived, as the site operators have the ability to filter messages and stop worms pretty quickly,” Larimer added. “This means that the most successful worms of this type will use social networking data but will spread through email, which is more decentralised.”

Over at Sophos, Security Analyst Michael Argast opined that attacks against hosted services will see an upswing as well.

“I expect that the continued interest in these services, combined with outages, targeted attacks and leaks will keep the balance of internal security vs. hosting data in the cloud to continue to be an area that will vex CISOs in the year to come… they will be under targeted attack, both directly via security vulnerabilities and attempted intrusions and indirectly through credential theft and phishing attacks,” he said.

Perhaps unsurprisingly, Argast predicted the focus on targeted data theft will rise, but with attackers going through more indirect routes to get data. That includes using social networking sites, he said.

“The recent rise in consumer privacy data being lost via iPhone apps and Facebook apps is one example, but also examples like criminals signing up for direct access to credit bureaus, and taking advantage of the down market to involve insiders,” he said. “Also, less obvious targets of data theft will be more common – smaller businesses will be under attack… A nasty example of this trend starting this year was the rise in attacks on the higher education market – since these organisations often struggle with IT security due to their open network access policies, but at the same time have hundreds of thousands of student records with confidential data.”

“I expect next year, a rise in attacks on health care organisations will occur for similar reasons, continued attacks on retailers big and small, tax authorities, school systems – anywhere where lots of records are kept by organisations that haven’t traditionally had best practice security in place,” he added.