BRATISLAVA – What will 2011 bring in relation to IT security? What threats can be expected and will the trends look like? That is why we used ESET’s global resources and asked some of the best researchers in the business including ESET´s very own David Harley and those at ESET’s new Cyber Threat Analysis Center (CTAC) about anticipated trends in 2011:
- The CTAC team based in San Diego agreed that social media would be a focus for social engineering attacks such as those already commonly experienced by users of Facebook and Google, and believe that it’s likely that there will be an increasing volume of attacks on other social networking sites such as LinkedIn, Orkut and Twitter, and other search engines such as Bing and Yahoo, especially if the market leaders take extraordinary measures that increase the cost of social engineering attacks on Facebook and Google. Facebook presents a particular danger: it may continue to try to cure the symptom rather than the disease by presenting the social media privacy invasive issue as something that is what their customers actually want, so that it’s the responsibility of their customers to ensure that their data are not shared in ways they wouldn’t agree to if they were specifically asked. Some sites (Bebo for example) have actually moved away from the “deny nothing” end of the spectrum towards “deny some things” even though sharing as much as possible of their customers’ data is fundamental to their business model. Facebook remains equivocal.
- While botnets are far from new, they will continue to grow in significance during 2011: Shadowserver data suggests continuing growth in botnet volumes, while ThreatSense.Net data suggests comparable growth in bot malware volumes, which all indicates that zombie PCs will constitute a higher proportion of all infected systems. It is also expected that following the prominence in 2010 of botnets controlled through Twitter, botherders will experiment with other Command and Control channels. The good news is that recent successes in taking down botnets are expected to continue and perhaps even increase. ESET’s Cyber Threat Analysis Center team also agreed that botnets will continue to be a major problem, but hoped that more people will realize that smaller low-profile botnets pose at least as big a threat as the big name botnets monitored so closely by security researchers that they may be abandoned by their creators.
- Following the Koobface lookalike Boonana, which has the potential to infect on several operating systems, it’s probable that there will be more malware that uses environments like Java to work on multiple platforms: for example, botnets that include zombies running on both Windows and non-Windows operating systems.
- BlackHat SEO (Search Engine Optimization), sometimes referred to as index poisoning or index hijacking, is by no means new: however the use of social media allows blackhats considerable scope for optimization of this technique for driving user traffic towards malicious sites in real time searching, as was discussed at some length at the 2010 Virus Bulletin conference
The CTAC team confirmed that social engineering would continue to be one of the biggest problems, and not only in the context of malware. Most malware will continue to infect through the usual channels (email, malicious URLs, forums, newsgroups) by tricking the victim into clicking on something ugly. However, it’s to be expected that unpleasant surprises like the .LNK vulnerability will also turn up from time to time, possibly long after the bad guys discover them. Further SCADA data-stealing attacks are likely, but probably using spear-phishing and social engineering malware as well as or instead of 0-days, and Trojans rather than self-replicating malware like Win32/Stuxnet . However, Stuxnet’s main purpose seems to have been sabotage: while suggestions that the Stuxnet code could easily be adapted to attack all sorts of unrelated installation are largely hype, it’s to be expected that the use of malware for purposes of sabotage will remain the subject of speculation and active investigation.
Security vendors in the anti-malware space will become increasingly reliant on cloud-based telemetry for reputational analysis and scheduling of malware processing by reverse engineers. At the CARO workshop in Helsinki in May 2010, the number of unique malicious “known” samples was accepted generally as being well over 40 million. We would anticipate that the count will significantly exceed 50 million in the course of 2011. In fact, that figure is certainly pretty conservative: however, gaining an accurate count is something of a challenge, due to such factors as differences in the way that companies count and the time it takes to check for duplicates.
About ESET
Founded in 1992, ESET is a global provider of security solutions for the home and business segment. The industry leader in proactive malware detection, ESET NOD32 Antivirus holds the world record for the number
of Virus Bulletin "VB100 Awards," never to have missed a single “In-the-Wild” worm or virus since the inception of testing in 1998.
ESET has global headquarters in Bratislava, Slovakia and offices in San Diego, USA; Buenos Aires, Argentina; Prague, Czech Republic; Singapore and an extensive partner network in more than 180 countries. In 2008, ESET has opened a new research center in Krakow, Poland. ESET was named by Deloitte’s Technology Fast 500 as one of the fastest-growing technology companies in the region of Europe, Middle East and Africa.