 "2010 Top Security Trends")
As cyber criminals becomes more sophisticated and employees more mobile, the security concerns of CIOs only rise with each passing year. We highlight here some security trends for 2010.
1. Web-based Threat Continues to Grow Unabated
Since 2007, Web-based threats have been the primary way of stealing confidential data or financial information and infecting computers for use in a botnet. In 2008, two-thirds of all known malware was created. In just the first six months of 2009, new malware exceeded all malware detected in 2008. Phishing was also up 585 percent over the first six months of 2009, and more than 300 corporate brands were victimised. In 2010, that will continue unabated. Business has moved to the Web as companies increasingly adopt external, Web-based applications and employees bring consumer applications into the enterprise. Malware is following the money, and on the Internet, it has found a fertile environment. There, successful attacks are ones that exist only for a few hours and disappear often before traditional security defenses can catch them.
2. Search Engine Poisoning Increases to Drive Fake Scanner and Fake Warez Malware
Search engine poisoning, where cybercriminals exploit search engine algorithms to position hacked sites higher in the results, is an easy way to drive users to malware, particularly of the variety that offers fake anti-virus scanners or fake warez (any type of software but most commonly pirated software, games, music or other applications). Most recently, Blue Coat Labs detected attacks that utilised hacked blog pages to poison search results related to Halloween and this year’s popular Christmas toy, zhu zhu pets. In 2010, the ease with which results can be tainted through blogs will encourage more attacks like this. Search engines are the access point to the Internet for almost all users, and the faith put in not just the relevance but also the safety of the results produced by leading search engines provides easy pickings for determined cybercriminals.
3. Increase in Use of Multi-Link Relays to Deliver Malware
Attacks that feature multiple relays (from search results to one or more hacked blog pages to the malware deliverable) will become more prolific and complex to subvert detection. These types of attacks expect users to come from a specifically defined path and will not execute if the user does not follow that path. This ‘path-awareness’ makes it very difficult for traditional anti-virus defenses to detect. Multi-link attacks will become more complex in 2010 as cybercriminals layer in additional relays to try and subvert detection.
4. Human Behaviour 101: The Biggest Threat to Enterprise Security
While weak passwords and careless users have traditionally been a security risk, Web-based threats exploit human behaviour on a whole new level by tapping into the trust model that is at the foundation of how people use the Internet. In networks like Twitter and Facebook, users build online relationships with people they know and invite into their circle. Cybercriminals disrupt the trust that is inherent in these relationships through stolen log-ins that prey on unsuspecting users. The combination of attacks that exploit the trust model and search engine poisoning that relies on users to click on the top search engine results without question will prove to be one of the biggest threats for enterprise security managers in 2010.
5. Cloud-based Technologies Augment Web Security Defenses
To effectively combat dynamic, Web-based malware and attack methods, businesses will increasingly need a defense that can respond in real-time without updates. That is impossible to do with only an on-premise or client defense. Instead, cloud-based technologies will increasingly augment traditional defenses so real-time inputs result in real-time outputs and protection for a large group of people versus a single person or business. With attacks that exist for as little as two hours, security needs to move rapidly. And, in 2010, the first place it is going is to the cloud.
_Mitra is Country Manager-India with Blue Coat Systems.
_