Websense 2010 Threat predictions

Integrated web, data and email security solutions provider Websense, Inc. has released its list of security predictions and trends anticipated for 2010. These trends and predictions show an overall blending of security threats across multiple attack vectors for the purpose of roping computers into bot networks and stealing valuable confidential information.

Websense researchers believe hackers will look to compromise new platforms such as smart phones and take advantage of the popularity of Windows 7. They are also expected to compromise the integrity of search engine results and use legitimate advertisements to spread their malicious content. The dynamic nature of Web 2.0 attacks, the use of email to drive users to malicious Web sites, and tactics like SEO poisoning and rogue AV all demonstrate the need for organizations to have a unified content security platform that protects against blended Web, email and data security threats.

Dan Hubbard, Websense CTO says that on line threats continue to parallel usage patterns of Internet users and as audiences are moving quickly into the social Web, so are the attacks. He said with emerging operating systems and platforms such as Macs and mobile devices gaining popularity, they too are being targeted more. All this, he says, is in addition to an increasing number of traditional attacks on PCs with quickly changing tactics and new twists on old exploits.

For 2010, Websense Security Labs anticipates the emergence and growth of the following trends:

1. Web 2.0 attacks will increase in sophistication and prevalence: This could take the form of a greater volume of spam and attacks on the social Web and real-time search engines such as Topsy.com, Google and Bing.com. In 2009, researchers discovered an increased use of malicious code on social networks and collaboration tools such as Facebook, Twitter, MySpace and Google Wave to spread attackers' wares.

2. Botnet gangs will fight turf wars: In the past year Websense says it noted an increase in botnet groups following each other and using similar spam/web campaigns tactics such as fake DHL and USPS notifications and other copy-cat behavior. It expects this to continue in 2010, with more aggressive behavior between different botnet groups including bots with the ability to detect and actively uninstall competitor bots. Websense has tracked some turf wars in this areas, such as the Bredolab botnet disabling the Zeus/Zbot on infected computers.

3. Email gains traction again as a top vector for malicious attacks: In 2010, email used as a vector for spreading malicious attacks will evolve in sophistication. In 2009, Websense tracked a huge uptake in emails being used to spread files and deliver Trojans as email attachments after being nearly non-existent for several years. Attackers are using timely topics to lure recipients to open mail, attachments and click on malicious links. These are now marked by an increased sophistication of blended attacks that are difficult to close down.

4. Targeted attacks on Microsoft properties, including Windows 7 and Internet Explorer 8: With the expected fast adoption of Windows 7, Websense predicts more malicious attacks targeting the new operating system with specific tricks to bypass User Access Control (UAC) warnings and greater exploitation of Internet Explorer 8. The UAC in Vista was originally implemented to prevent malware from making permanent changes to the system such as startup files. However, it allowed pop-ups every time a change was made to the system, such as a change to an IP address, time zone, etc. The pop-ups occurred so frequently that users ignored the warnings or turned off the feature leaving them vulnerable. While Windows 7 tries to reduce the pop-ups by allowing four levels of UAC, security challenges to the interface and the operating system still exist. Websense says that in fact, during a Patch Tuesday cycle in October 2009, five updates were for Windows 7 – even before it was released to the general public.

5. Don't Trust Your Search Results: A malicious SEO poisoning attack, also known as a Blackhat SEO attack, occurs when hackers compromise search engine results to make their links appear higher than legitimate results. As a user searches for related terms, the infected links appear near the top of the search results, generating a greater number of clicks to malicious web sites. In 2009, attackers used this technique to poison search results on everything from MTV VMA awards and Google Wave invites, to iPhone SMS features and Labor Day sales. SEO poisoning attacks are successful because as soon as a malicious campaign is recognized and removed from search results, the attackers simply redirect their botnets to a new, timely search term. Websense says these ongoing campaigns are likely to gain steam in 2010 and may cause a trust issue in search results among consumers, unless the search providers change the way they document and present links.

6. Smart phonesss are hackers' next playground: Towards the close of 2009, Websense documented four iPhone exploits in a span of a few weeks – representing the first major attacks on the iPhone platform and the first iPhone data-stealing malware with bot functionality. Smart phones such as the iPhone and Android, which are used increasingly for business purposes, are essentially miniature personal computers. In 2010, these will face the same types of attacks that target traditional computing. Additionally, poor security for applications on smart phones can put users' and organizations' data at risk. With a rapidly growing user base, business adoption and increasing use for conducting financial transactions with these devices, hackers will begin more dedicated targeting of smart phones in 2010.

7. Why corrupt a banner ad serve, when you can buy malvertising space?: Websense highlights a high-profile incident in 2009, where visitors to the New York Times Web site saw a pop-up box warning them of a virus that directed them to an offer for anti virus software, which was actually rogue AV. What was unique was that the attack was served up through an advertisement purchased by someone posing as a national advertiser. The successful attack was a worthwhile investment for the criminals, which makes  Websense predicts that more malicious ads will be legitimately purchased by the bad guys in 2010.

8. 2010 will prove once and for all that Macs are not immune to exploits: Apple's rapid growth in market share in both the consumer and corporate segments has not gone unnoticed by hackers. Websense says that there could well be additional risk for Mac users as many assume Macs are immune to security threats and therefore employ less security measures and patches. That gives attackers additional incentive to go after the OS X platform. During 2009, Apple released six large security updates for Macs, revealing the potential for attacks. In 2010, there will be even more security updates as hackers ramp up attacks targeting the platform. Websense says there is also the potential for the first drive-by malware created to target Apple's Safari browser.