The security evolution

History has a way of repeating itself and computer security is no different in that regard. Last year’s Storm Trojan, which derived its name from emails claiming to report on the weather in northern Europe, was even more sophisticated and its botnet is now estimated to comprise 1.8 million computers worldwide.

Nevertheless, the growth in botnets is really only one symptom of the wider trend towards a criminalisation of cyber attacks, says Leigh Costin, product marketing manager Asia Pacific, Blue Coat Systems. “The biggest trend of the past five years has been the criminalisation of Internet threats. The targets are now mainly sources of money such as credit card numbers, identities and bank details and the means are more complex combined or blended attacks, using email, obscured weblinks, website hijacks, and hijacks of sections of popular websites.”

David Dzienciol, director partner sales, Symantec, agrees that botnets are a major problem but high-profile data breaches have steadily increased over the past five years. Hand in hand with data breaches, phishing has become a major security threat with phishing toolkits and professional attack kits such as MPack becoming popular.

“The exploitation of trusted brands, placing malicious code on sites such as the Sydney Opera House has also been a prevalent trend. By exploiting a trusted Web environment, attackers now prefer to lie in wait for victims to come to them. It has also become big business to sell vulnerability information to the highest bidder and ActiveX vulnerabilities are a problem.”

Another overarching trend has been the growth of managed security service providers. In 2003, many organisations were trying to do it all themselves but the skills shortage has made it difficult to recruit and keep experienced security-trained personnel. The situation has now got to the point where even large financial institutions, that for obvious reasons tend to be focused on security, are outsourcing some of the commoditised functions such as firewall and intrusion detection monitoring.

The trend towards managed services will continue to grow, says Routley. “IDC forecast 36.3 percent growth in managed services between 2006 and 2011 worldwide. Software is predicted to grow 7.7 percent in the same period and appliances at 27.9 percent.”

So what of the future threat environment? What are some of the threats starting to rear their heads that are likely to become mainstream by 2013? One of the most obvious is the explosion of Web 2.0 technologies such as social networks, web widgets, gadgets, modules and mash-up technologies are bringing a whole new dynamic to how people use the Internet.

“The popularity of these technologies will lead attackers to the wealth of opportunities to infiltrate groups, spread malicious code and defraud users,” says Vasic. “With the brand popularity and growing use of iPhones and Macintosh computers, attackers will increasingly launch cross-platform Web attacks that detect the operating system in use and serve up code specifically targeting that operating system instead of attacks based on just the Web browser.”

Costin believes that increasingly sophisticated attacks on e-Government and other high traffic sites will become prevalent. “It won’t be targeting the whole site, but rather just hijacking a section of it – an iFrame attack for example. The rest of the site is okay, but one part isn’t. So far these attacks have been rather crude, just as early phishing sites were crude, but they will get better as they were quite successful.

“Spear phishing, highly targeted attacks that focus on a single outcome will also become more prevalent. A recent example was the Salesforce.com attack. The attack lasted about 17 hours but once the perpetrators got what they wanted they shut the attack down.

“There is also a trend toward mobile as an attack means. The earlier threats didn’t turn up, but as more people start to use mobile money [stored value on mobile phones] and particularly mobile banking, there will be a new better reason to target phones and WiFi networks. This also means that laptops could become more of a target as Bluetooth and HSDPA (3G mobile data) become more commonly used.”