2009 reviewed; 2010 previewed
It’s January, the month of Janus: time to look back over the last year and forward over the next, while trying not to be two-faced…
Spam, scams and phishing increased and got more sophisticated.
- Spam, scams and phishing will increase and get more sophisticated.
Conficker, a worm targetting Windows
Conficker actually emerged at the end of 2008 but in 2009 became one of the most successful infections of all time. Some of the characteristics of this infection include a high level of technical sophistication; use of an old vulnerability; and co-operation between the Conficker developers and developers of other malware.
- Expect the unexpected. Just because a vulnerability is old doesn’t mean we won’t get a new exploit. Expect increasing sophistication from better organized criminals, with criminal gangs sometimes co-operating and at other times competing.
Malware for the Mac increased, and we even had malware for the iPhone.
- Bad guys follow the numbers. As the market size for Apple products increases, so do attacks against those products. This will gain momentum. Similarly, as Windows 7 gains traction, so Windows 7 attacks will increase. Firefox is increasing market share, so it too will be targetted. And, of course, the increasing popularity of social networks means they will be increasingly attacked.
It has become relatively easy for criminals to circumvent CAPTCHAs (usually, if something can be designed by software, it can be broken by software).
- There will be battle royal between CAPTCHA designers and CAPTCHA crackers. The prize is ready access to thousands of false Web 2 accounts. If the designers win (which will be temporary only), criminals will turn to third world sweatshops to manually create these false accounts, which will then be used to generate spam and to phish other users.
A big growth area in 2009: the surreptitious poisoning of reputable websites so that visitors unknowingly download infections.
- Bad guys exploit trust: your trust that a blue-chip company will not infect you. It works, so it will continue. It will particularly grow within social netwroks, where you have an inherent trust in your fellow networkers. If a contact sends you a message with a link, you are more likely to click through than if you receive the same message by email from a stranger. If the link is given as a shortened URL (popular in Twitter to maximise the messsage space), then you don’t even know where the link is taking you. Couple this with drive-by downloads…
Rogue software has been a success for the bad guys. It is software that pretends to be what it isn’t (often anti-malware software) that cons you into paying for something of little or no value.
- Criminals are greedy. Expect rogue software to migrate towards ransomware, where it doesn’t just ask you to buy the package, but actually disables your computer and demands payment to unlock it.
Analyses show that most security breaches are caused by insiders, either innocently or maliciously.
- The economy will (God willing!) continue to improve. But employment always lags behind: there will be more lay offs and redundancies. Expect trusted members of staff to take sensitive data with them when you sack them: they’ll do it for revenge or in the hope that it will help to get another job.
Third party add-ons
Web 2 add-ons and extensions have become a whole new industry. They improve functionality and are usually free.
- “They improve functionality and are usually free.” Sounds like the standard definition of a trojan! Absolutely expect add-ons to be targetted as a method of compromising web 2 platforms such as social networks, CMS systems and blogging software such as WordPress. The add-on will be the Trojan Horse hiding the malware to compromise the platform.
Attacks on the privacy of information
2009 saw the demise of Phorm and the rise of cView. In reality, Phorm is probably just retrenching and will be back later. Both use deep packet inspection (DPI – the interception and analysis of pages you view); the former for behavioural advertising and the latter for ‘network management’. The year also saw the arrival of data retention bills in Europe, forcing ISPs to gather and retain information on what we do and where we go on the internet. And of course the use of tracking cookies and web bugs, again for behavioural advertising, grew dramatically.
- What should happen, but probably won’t, is that European governments will start obeying the law. Most lawyers who aren’t government apologists believe that data retention contravenes the ECHR. They similarly believe that DPI, in the UK at least, contravenes the Regulation of Investigatory Powers Act. And without the shadow of a doubt, opt-out tracking cookies contravene European regulations. So we should be able to predict that all of these illegal activities will be stopped. But don’t hold your breath. This is, after all, the month of Janus.