Security professionals ‚ brace yourselves

Previously known as Marshal Security, M86 Security has released its Predictions 2010 report on expectations for Web and messaging-based threats for the coming year.

The report is based on research into the current trends in threats over the past year and its views on the major vulnerabilities facing businesses going forward, says Annestasia Buys, product manager: M86 Security at Workgroup.

‚The report highlights the increasing sophistication of traditional threats such as botnets, scareware, compromised legitimate Web sites and blended threats,‚ she adds. ‚However, it also projects what M86 sees as new threat vectors coming from open APIs in Web 2.0 applications, the increased use of shortened URLs and the advent of non-Latin based domain names.‚

On the heels of a year filled with widespread exploits, including PushDo and Zbot Trojans, security professionals should apply lessons learned and brace themselves to combat an increase in the volume of attacks and new innovations in 2010, Buys warns.

Specific 2010 security predictions from M86 Labs are as follows:

Botnets continue to be a major problem, driving the majority of spam output and mass Web site attacks. Botnets have moved away from traditional IRC-based command and control, in favour of HTTP or other custom protocols, utilising Twitter, Google and Facebook.

Scareware is a traditional tactic that grew popular in the second half of 2009 because of its effectiveness. Consumers are prompted to download malicious software through convincingly crafted anti-malware landing pages. In 2010, these attacks should escalate, as the look and feel of scareware pages get updated and criminals find new ways to reach users.

A growing trend is the use of Search Engine Optimisation (SEO) techniques to drive users to Web pages hosting malicious code. Also known as SEO poisoning, the technique aims to elevate malicious landing pages in search engine results rankings to ensure a steady supply of victims. The technique is commonly paired with scareware to capitalise on users’ trust in search engines.

The standard attack vector for cybercriminals is to compromise legitimate Web sites to spread malware. In 2010, the majority of malicious behaviour will reside on legitimate Web sites that have been compromised by various scripts and worms.

Cloud computing and SaaS have exploded in popularity during 2009, leading to a vast increase in service offerings. As a result, more and more corporate data is being stored outside of the network, making it difficult for IT administrators to have direct control over the data. In 2010, cybercriminals will target the larger cloud-based providers and attacks will increase.

Cybercriminals commonly exploit highly deployed third party applications, such as Adobe Flash and Acrobat Reader. The ability to embed one file type in another will result in more complex attacks gaining popularity in 2010, due to the ability to evade detection mechanisms.

In 2009, ICANN approved the registration of Internationalised Domain Names, enabling the use of non-Latin characters in domain names. As a result, phishing attacks should rise, as cybercriminals can register phony Web sites with URLs that are nearly indistinguishable from legitimate ones.

Social networks such as Twitter and Facebook are extending their services for third party development through the use of application programming interfaces (APIs). There is an implicit level of trust provided through the use of APIs, granting access to user profiles and data, so the threats that target them are likely to increase in 2010.

The popularity of Twitter and link sharing has given rise to URL shortening services that reduce the number of characters needed to parse a link. However, these services enable cybercriminals to spread spam and malware by obfuscating the destination of posted links.