Predicting the Top Security Threats for 2007

Professional cyberthieves and organized crime rings are looking to cash in on stolen identities, and are releasing an increasing amount of malware in the process.

There are more than 217,000 types of known security threats in the wild and probably thousands more that researchers haven’t even identified yet, according toMcAfee Avert Labs.

For the year ahead, McAfee predicts the following disturbing trends: a rise in the number of password-stealing Web sites that use fake sign-in pages for popular online services such aseBay; the mainstreaming of adware; the increasing prevalence of mobile phone attacks; and, as video-sharing on the Web continues to gain popularity, the inevitable targeting of video files as a means to distribute malicious code.

“Within a short period of time, computers have become an intrinsic and essential part of everyday life, and as a result, there is a huge potential for monetary gains by malware writers,” said Jeff Green, senior vice president of McAfee Avert Labs.

“As we see sophisticated techniques on the rise, it’s becoming increasingly hard for the general user base to identify or avoid malware infections,” he added.

McAfee isn’t the only security firm prophesying doom and gloom as a result of malware attacks. However, there are different takes on what might be the biggest security threats in 2007.

The wide range of predictions is itself cause for concern. There is only one sure conclusion: Your online safety is at risk.

Don’t Answer That Ping

At the end of 2006, the Skype Trojan Horse reminded users that instant messaging (IM) is a potential hotbed for propagating malicious payloads, and that trend is likely to continue in 2007, MessageLabs chief security analyst Mark Sunner told TechNewsWorld.

“IM will continue to be a target through spam over IM (SPIM) and the spoofing of IM identities to lure users into disclosing data or following poisoned URLs,” he predicted.

Considering the increasing number of IM users, this could prove to be one of the biggest security threats of the next 12 months. Enterprise IM will grow from 40 million users today to more than 140 million users by 2009, IDC estimates, which could make IM the fastest growing communications medium of all time.

Voice over Internet Protocol (VoIP) will also become a prime target in 2007, Sunner added, as phishers make spoof phone calls to victims in the hope of extracting their credit card details or stealing their identities using third-party software.

The Bot Evolution

Meanwhile, the bot evolution will continue and evolve again with countermeasures, according to Dan Hubbard, vice president of security research for Websense. Bots are computer programs that perform automated tasks; networks of bots are largely responsible for sending increasing volumes of spam.

“Distributed command and control, and protocols other than Internet relay chat (IRC) or HTTP will be used to control bot networks,” Hubbard claimed. “Increased use of encryption and custom packing of bots will also occur.”

The bottom line: Bot networks will continue to grow and will increasingly have command and control built into them with peer-to-peer architectures, said Patrick Hinojosa, CTO at CyberDefender.

Tracking down central control points in order to find and shut down bots will become increasingly difficult for law enforcement, security companies and Internet service providers.

“Spreading threats will continue to be dominated bye-mail worm activity,” Hinojosa told TechNewsWorld. “Attack points will increasingly be against multimedia and other common Windows applications, as the WMF (Windows Metafile), Word and Excel attacks have demonstrated. Other file formats, such as PDF, will also come under increasing attack as vulnerabilities are sought out by online criminals.”

Meet the Mules

McAfee confirms the bot prediction, adding that “mules” will also continue to be an important aspect in bot-related moneymaking schemes.

Mules — also known as “money mules” — are people employed by cybercriminals in work-at-home jobs offered via Web sites and classified ads.

When purchasing merchandise using stolen cash or credit cards, thieves must stay clear of increasingly strict shipping regulations, depending on the countries involved. To avoid this problem, they employ mules who live in the target countries, driving a lucrative underground industry in which mules are used to physically ship stolen merchandise items around the world.

Web 2.0 Targeted

When it comes to Web application security, says Michael Sutton, a security evangelist at SPI Dynamics, there are two driving factors currently shaping this scene: the move to Web 2.0 applications; and the frightening increase in cybercrime, especially related to phishing attacks and identify theft.

“Web 2.0 is really a buzzword that has become a catch-all phrase for the many emerging technologies designed to make Web applications more dynamic and user-friendly, such as Ajax (asynchronous JavaScript and XML), RSS (really simple syndication), and SOAP (simple object access protocol). Whereas these technologies are pushing the boundaries of Web applications to improve the user experience, they are also pushing the boundaries of security,” Sutton told TechNewsWorld.

The majority of vulnerabilities in any application arise from unfiltered user input, he explained, adding that developers fail to anticipate input that can lead to anomalous conditions and ultimately result in exploitation.

“The increasing complexity of Web applications is making this a daunting task, regardless of a developer’s commitment to security. To make matters worse, many of the Web 2.0 technologies involve client-server communication that takes place behind the scenes without end user interaction,” Sutton noted.

“Developers often mistakenly believe that such communication does not require the same scrutiny from a security perspective, since it does not require interaction from the end user,” he continued. “This logic is mistaken, as it fails to realize that attackers can easily use readily available tools to intercept this communication and use it to attack the server.”

Widening the Phishing Net

In 2006, attacks moved beyond online banking, with significantly increased attacks on customers of e-commerce sites such as eBay and PayPal, as well as social networking sites like MySpace.

When judged as a proportion of all e-mail-borne threats, the number of phishing e-mails rose by 30.7 percent in September, according to MessageLabs. In October, 52.9 percent of all malicious e-mails intercepted by MessageLabs were phishing attacks. The firm predicts the increase in phishing attacks and identity theft will continue to shape the security landscape in 2007.

“Web applications have proven to be lucrative targets for such attacks. Take, for example, this week’s ‘MySpace QuickTime worm,'” Sutton remarked. “By leveraging a poorly designed feature in QuickTime and relaxed restrictions on user-supplied content, attackers were able to create a fast-spreading worm capable of stealing access credentials and generating click-through revenue. Such attacks do not discriminate when looking for victims.”