According to the researchers at Kapersky Lab, the scope of threats computer users will face in the new year seem to be shifting from web applications to file sharing and peer-to-peer (P2P) networks. Of course, some of the newer trends in computing don’t get off easy in this report. Exploiting smartphones like the iPhone and Android will likely be a continuing trend and attempts to find vulnerabilities in Google Wave are predicted to be the challenge that faces malicious hackers.
Looking over their predictions there are some that I expected to see and others that I was shocked by. While the predictions are taken directly from Kapersky Lab’s press release, the commentary that follows represents my own opinions towards them.
A rise in attacks originating from file sharing networks
Exploiting the network itself is actually a brilliant thought and really shows how clever most attackers are. For years, people have known that files shared on these networks are laden with malware, but now malicious hackers are taking this a step further actually launching attacks by exploiting not the files but the actual network itself. Firing up Kazaa can now bring the FBI to your door and an attacker to your Windows.
An increase in mass malware epidemics via P2P networks
Right from the start I was surprised by this statement. For years, security experts have warned people about the dangers of file sharing on sites like Kazaa and Torrent. My shock comes because most people outside of the IT field that I talk to avoid Kazaa and similar sites like the plague because of all the malware that is transmitted through them. While 2009 saw some nasty malware spread across file sharing networks, this is one area I think the researchers from Kapersky are stretching the obvious with this point. Will there be increased malware? Of course, but every year the number of incidents has increased. But I don’t think that there will be any more malware spread over these networks that we already see.
Continuous competition for traffic from cybercriminals
The way this was described by Kapersky was that cybercriminals will turn towards grey areas of income as a result of their armies of botnets. Profits from spam and Denial of Service attacks are expected to increase. I wouldn’t be surprised if these botnets are used to help unscrupulous publishers drive up traffic stats as well. This whole scam is best compared to the garbage routes that earn “legitimate” income for some people.
A decline in fake anti-virus software
This is all over the place currently and I don’t see it slowing down. Especially when some estimates place the monthly income from these scams at close to $11,000 per day. The rationale behind the prediction is that not only is the market saturated, but that security professionals and law enforcement are starting to watch for these types of scams. However, due to the potential for high profits and the average computer users’ inability to reliably detect scams, I suspect that this type of software scam will continue into the near future, regardless of increasing levels of monitoring by security.
An interest in attacking Google Wave
I couldn’t agree more with this statement, especially with the strategy Kapersky foresees attackers using: “first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware.” Somehow, spammers have already wormed their way into the beta testing and some of their handiwork can be found in some of the public waves out there.
An increase in attacks on iPhone and Android mobile platforms
I see this as a goldmine for attackers in the near future. Already jailbroken iPhones are susceptible to data theft as a result of an SSH vulnerability and Nicholas Seriot, a Swiss software engineer, showed the world how easy it was to build an app that could exploit the device. The Android won’t fare much better as even Rich Cannings, an Android Security Leader, has spoken about how millions of users can be easily hit by a malware attack.
Looking over this list, I think that if I had to choose one of the six to put money on it would be the last one. As the smartphone market expands, the potential for vulnerable devices proportionately increases as does the potential increase in profits for the hacker.
Comments
Leave a comment Trackback