Security threats likely to haunt 2010

Kaspersky Lab, a developer of secure content management solutions, outlines the threats that one can expect to see in 2010, as a result of cybercriminal activity.

January 7, 2010

Kaspersky Lab, a leading developer of secure content management solutions, outlines the threats that one can expect to see in 2010, as a result of cybercriminal activity.

In 2008, the company’s analysts forecast a rise in the number of global epidemics. Unfortunately, that forecast proved to be accurate: 2009 was dominated by sophisticated malicious programmes with rootkit functionality, the Kido worm (also known as Conficker), web attacks and botnets, SMS fraud and attacks on social networks. So what can we expect from 2010?

According to the company’s experts, in the coming year Kaspersky Lab believes that there will be a shift in the types of attacks on users: from attacks via websites and applications towards attacks originating from file sharing networks. Already in 2009 a series of mass malware epidemics have been “supported” by malicious files that are spread via torrent portals. This method has been used to spread notorious threats such as TDSS and Virut as well as the first backdoor for Mac OS X. In 2010, Kaspersky Lab expects to see a significant increase in these types of incidents on P2P networks.

Cybercriminals will continue to compete for traffic. The modern cybercriminal world is making more and more of an effort to legalise itself and there are lots of ways to earn money online using the huge amount of traffic that can be generated by botnets. Today, it is mostly black-market services that compete to make use of botnet traffic. In the future, however, Kaspersky Lab foresees the emergence of more “grey” schemes in the botnet services market. So-called “partner programs” enable botnet owners to make a profit from activities such as sending spam, performing DoS attacks or distributing malware without committing an explicit crime.

The decline in gaming Trojans witnessed in 2009 is likely to be repeated for fake antivirus programmes in 2010. The latter first made an appearance in 2007 and 2009 saw a peak in their activity and involvement in a number of major epidemics. The Kido worm, for example, installed a rogue antivirus programme on infected computers. The fake antivirus market has now been saturated and the profits for cybercriminals have fallen. Moreover, this kind of activity is closely monitored by both IT security companies and law enforcement agencies. This makes it increasingly difficult to create and distribute fake antivirus programmes.

“Malware will become much more sophisticated in 2010 and many antivirus programmes will be slow to treat infected computers due to advanced file infection methods and rootkit technologies,” says Alex Gostev, Director of Kaspersky Lab’s Global Research & Analysis Team. “IT security companies will respond by developing even more complex protection tools. However, the malicious programmes capable of bypassing these measures will remain more or less immune to antivirus programmes for some time.”

When it comes to attacks on web services, Google Wave looks like it will be making all the headlines in 2010. Attacks on this new Google service will no doubt follow the usual pattern: first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware. The planned launch of the network-based Chrome OS is a noteworthy event, but the experts at Kaspersky Lab do not anticipate much interest in this platform from cybercriminals.

However, 2010 promises to be a difficult time for iPhone and Android. The first malicious programmes for these mobile platforms appeared in 2009, which is a sure sign that they have aroused the interest of cybercriminals. The only iPhone users at risk are those with compromised devices, but the same is not true for Android users who are all vulnerable to attack. The increasing popularity of mobile phones running the Android OS in China combined with a lack of effective checks to ensure third-party software applications are secure will lead to a number of high profile malware outbreaks.

The detection of new vulnerabilities will remain the major cause of epidemics. These vulnerabilities will be detected in both software developed by third parties (such as Adobe, Apple, etc.) and in Windows 7, the new operating system that has just entered the market. If no serious vulnerabilities are detected, 2010 may well prove to be one of the quietest years for some time.