Web threats make their mark on 07/08

Practically every security vendor predicts web threats – embedding of malicious code on popular websites – will be the vector cybercriminals use to wreak havoc in 2008.

Symantec believes the activity will become highly advanced; AVG’s global security strategist Larry Bridwell said web-based threats have emerged to be the most malicious and Raimund Genes, CTO at Trend Micro said his threat prediction last year was that by 2008 web threats will be the number one threat vector.

“They know that almost every enterprise has an anti-spam solution and an anti-virus solution. While almost everybody protects email almost nobody protects users from surfing the web,” he said.

Here’s some other key threats forecast for 2008, according to security vendors:

VoIP
McAfee predicts VoIP threats will rise by 50 percent in 2008 claiming that in 2007, more than double the security vulnerabilities were reported compared to 2006. “The technology is still new and defence strategies are lagging,” said McAfee.

Mobile platforms
Symantec believes attackers will take advantage of mobile phones/PDAs as the technology becomes more connected and more complex. “Mobile security has never been higher,” said Symantec.

Parasitic crimeware McAfee forecasts a 20 percent increase in parasitic crimeware – viruses that modify existing files on a disk – in 2008. The number of variants of an older parasitic threat, Philis, grew by more than 400 percent in 2007 while more than 400 variants of a newcomer, Fujacks, were recorded, reported McAfee.

Virtual worlds
Interestingly, Symantec urged users to be vigilant around election campaigns as political candidates increasingly turn to the Internet. With the US election around the corner, Symantec warned the major risks will be: “Diversion of online campaign donations; dissemination of misinformation; fraud; phishing; and the invasion of privacy.”

SpIMming
According to MessageLabs, attacks on Instant Messaging (IM) applications such as Windows Live Messenger and Yahoo Messenger are poised to be a growing trend in 2008. “IM spam will add to the ever increasing spam levels,” said MessageLabs.

Botnets
Despite the dramatic increase of bots in 2007, Secure Computing believes the trend could start to decrease in the coming year. “Vista’s improved firewall, and the availability of “Windows Server 2008, which is planned to ship with Network Access Protection (NAP) on board, will decrease bots in the corporate space,” said Secure Computing.

However, not everyone agrees. Symantec expects bots to diversify and evolve in their behaviour.

The team at SC Magazine would like to wish you all a very happy and safe holidays and to remind you that the bad guys will not take a vacation, so remain vigilant and keep your Internet security software up-to-date.

Symantec’s year in review
Data leakage, Windows Vista, and spam topped security vendor Symantec’s top 10 security trends for 2007.

According to Symantec, a series of high-profile data breaches throughout 2007, (such as US retailer TJX’s reported loss of 50 million credit card details to hackers) raised the importance of data loss prevention technologies.

Next came Microsoft Vista, the year’s most talked about operating system which required 16 patches not long after its debut.

With new record levels in 2007, spam was also in the top three. Symantec said PDF spam emerged as a new annoyance as well as greeting card spam, responsible for delivering the Storm worm.

Robert Pragnall, regional product marketing manager APAC, said: “It’s getting to such a point that it’s starting to sway people away from email. They will move to instant messaging and so the attackers will go there, too.

“But, it’s certainly fair to say spam is still on the rise, likewise with spam adequate technologies are out there, it’s just a case of embracing them.”

Further down the top 10 list, Symantec said the growing availability of professional attack kits on the web was a big trend in 2007. MPack was a big player in 2007 as well as phishing toolkits.

Increasing by 18 percent from the previous year, phishing came in fifth and continued to be a big issue in 2007, followed by the exploitation of trusted brands – web-based threats.

Pragnall said you can go to a website that you have been to many times, from a reputable organisation and become affected, without clicking anything or rolling the mouse over anything.

Bots and botnets came second last on the list, followed by web plug-in vulnerabilities such as ActiveX controls. Vulnerabilities on sale online, such as Wabi Sabi Labi and security implications of virtualisation came in ninth and 10th positions respectively.