Websense, Inc., today released its list of security predictions and
trends anticipated for 2010. Researchers in the Websense Security Labs
have identified emerging security exploits and trends anticipated to
increase in the next 12 months. The emerging trends and predictions
show an overall blending of security threats across multiple attack
vectors for the purpose of roping computers into bot networks and
stealing valuable confidential information. Researchers believe that
hackers will look to compromise new platforms such as smartphones and
take advantage of the popularity of Windows 7. They are also expected
to compromise the integrity of search engine results and use legitimate
advertisements to spread their malicious content.
“Threats on the Web continue to parallel Internet users’ Web use
patterns,” said Dan Hubbard, chief technology officer, Websense. “As
audiences are moving quickly into the social Web, so are attacks.
Additionally, as emerging operating systems and platforms like Macs and
mobile devices become more popular, they are more targeted. At the same
time, malicious attackers are increasing the number of traditional
attacks on PCs, with quickly changing tactics and new twists on old
exploits.”
In 2010, Websense Security Labs anticipates the emergence and growth of the following trends:
1. Web 2.0 attacks will increase in sophistication and prevalence
In the coming year, Websense Security Labs predicts a greater volume of
spam and attacks on the social Web and real-time search engines such as
Topsy.com, Google and Bing.com, who recently added real-time search
capabilities. In 2009, researchers have seen increased malicious use of
social networks and collaboration tools such as Facebook, Twitter,
MySpace and Google Wave to spread attackers’ wares. Spammers’ and
hackers’ use of Web 2.0 sites have been successful because of the high
level of trust users place in the platforms and the other users. We
anticipate this trend to continue in 2010.
2. Botnet gangs will fight turf wars
In the past year, Websense Security Labs noted an increase in botnet
groups following each other and using similar spam/Web campaigns
tactics such as fake DHL and USPS notifications and other copy-cat
behaviour. We expect this to continue in 2010. In addition, we
anticipate more aggressive behaviour between different botnet groups
including bots with the ability to detect and actively uninstall
competitor bots. Websense Security Labs has already seen some turf
wars, with the Bredolab botnet disabling the Zeus/Zbot
security/0,1000000189,39812834,00.htm> on infected computers.
3. Email gains traction again as a top vector for malicious attacks
In 2010, email used as a vector for spreading malicious attacks will
evolve in sophistication. During 2009, Websense Security Labs saw a
huge uptake in emails being used to spread files and deliver Trojans as
email attachments, after being nearly non-existent for several years.
Attackers are more often using timely topics to lure recipients to open
mail, attachments and click on malicious links. Not only are more
emails containing malicious attachments, researchers also have seen
increased sophistication of blended attacks that are difficult to close
down. During 2010, this trend will continue and we will see more emails
containing a malicious data stealing attachments and malicious URLs.
4. Targeted attacks on Microsoft properties, including Windows 7 and Internet Explorer 8
With the expected fast adoption of Windows 7, we will see
more malicious attacks targeting the new operating system with specific
tricks to bypass User Access Control warnings, and greater exploitation
of Internet Explorer 8. The User Access Control in Vista was originally
implemented to prevent malware from making permanent changes to the
system such as startup files. However, it allowed pop-ups every time a
change was made to the system, such as a change to an IP address, time
zone, etc. The pop-ups occurred so frequently that users ignored the
warnings or turned off the feature leaving them vulnerable. While
Windows 7 tries to reduce the pop-ups by allowing four levels of User
Access Control, security challenges to the interface and the operating
system still exist. In fact, during a Patch Tuesday cycle in October
2009, five updates were for Windows 7 – even before it was released to
the general public.
5. Don’t Trust Your Search Results
A malicious SEO poisoning attack, also known as a Blackhat SEO attack,
occurs when hackers compromise search engine results to make their
links appear higher than legitimate results. As a user searches for
related terms, the infected links appear near the top of the search
results, generating a greater number of clicks to malicious Web sites.
In the last year, attackers have used this technique to poison search
results on everything from MTV VMA awards and Google Wave invites, to
iPhone SMS features and US Labour Day sales. SEO poisoning attacks are
successful because as soon as a malicious campaign is recognized and
removed from search results, the attackers simply redirect their
botnets to a new, timely search term. These ongoing campaigns are
likely to gain steam in 2010 and may cause a trust issue in search
results among consumers, unless the search providers change the way
they document and present links.
6. Smartphones are hackers’ next playground
At the end of 2009 Websense Security Labs documented four iPhone
exploits in a span of a few weeks – representing the first major
attacks on the iPhone platform and the first iPhone data-stealing
malware with bot functionality. Smartphones such as the iPhone and
Android, which are used increasingly for business purposes, are
essentially miniature personal computers and in 2010 will face the same
types of attacks that target traditional computing. Additionally, poor
security of applications on smartphones can put users’ and
organisations’ data at risk. With a rapidly growing user base, business
adoption and increasing use for conducting financial transactions with
these devices, hackers will begin more dedicated targeting of
smartphones in 2010.
7. Why corrupt a banner ad serve, when you can buy malvertising space?
In a high-profile incident in 2009, visitors to the New York Times Web
site saw a pop-up box warning them of a virus that directed them to an
offer for antivirus software, which was actually rogue AV. This attack
was served up through an advertisement purchased by someone posing as a
national advertiser. The successful attack was a worthwhile investment
for the criminals and so in 2010 Websense Security Labs predicts that
more malicious ads will be legitimately purchased by the bad guys.
8. 2010 will prove once and for all that Macs are not immune to exploits
Hackers have noticed Apple’s rapid growth in market share in both the
consumer and corporate segments. There exists additional risk for Mac
users because many assume Macs are immune to security threats and
therefore employ less security measures and patches, so attackers have
additional incentive to go after the OS X platform. During 2009, Apple
released six large security updates for Macs showing the potential for
attacks. In 2010, there will be even more security updates as hackers
ramp up attacks targeting the platform. There is also the potential for
the first drive-by malware created to target Apple’s Safari browser.
The dynamic nature of Web 2.0 attacks, the use of email to drive users
to malicious Web sites, and tactics like SEO poisoning and rogue AV all
demonstrate the need for organizations to have a unified content
security platform that protects against blended Web, email and data
security threats.
“The blended nature of today’s threats mandates that a core
understanding of the Web must pervade all security measures – and that
email, Web and data awareness must be integrated to protect
organisations’ information and networks,” said Devin Redmond, vice
president of business development and product management at Websense.
“Our ability to anticipate, discover and mitigate these evolving
threats is a central part of our technology strategy. We build that
content and threat knowledge into our unified Web, email and data loss
prevention solutions and deliver that protection and control to our
customers and partners through industry-leading appliances,
security-as-a-service solutions and hybrid combinations of the two. As
the leader in content security, Websense is uniquely positioned to
protect organisations from today’s threats.”
The Websense Security Labs uses the Websense ThreatSeeker™ Network to
discover, classify and monitor global Internet threats and trends.
Every hour, the ThreatSeeker Network scans more than 40 million Web
sites and ten million emails for unwanted content and malicious code.
Using more than 50 million real-time data collecting systems, the
Websense ThreatSeeker Network parses through more than one billion
pieces of content daily, searching for emerging security threats. The
Websense Security Labs provides breaking alerts and blogs detailing
emerging exploits on its blog at securitylabs.websense.com
