Blue Coat Systems has released a comprehensive list review of security for 2009, and included in the mix are its predictions for the biggest security threats for the coming year.
Among the more notable trends Blue Coat cites:
- As e-mail continues to get more secure, the bad guys will shift increasingly to social media and even smartphones as their attack vectors of choice.
- Multi-relay attacks will continue to grow in prevalence.
- Mobile workers will still be the most vulnerable to attack.
Click through this slideshow for even more information on Blue Coat’s predictions for 2010.
Click through for more info on the top threats facing enterprise security this year.
Businesses of all types have moved to the Web as companies increasingly adopt external, Web-based applications and employees bring consumer applications into the enterprise. Unfortunately, criminal enterprises are following the money, and on the Internet, they have found a global market of potential victims.Since 2007, Web-based threats have been the primary way of stealing confidential data and infecting computers. In 2008, two-thirds of all known malware was created. And in just the first six months of 2009, new malware exceeded all malware detected in 2008. Phishing also increased 585 percent over the first six months of 2009, and more than 300 corporate brands were victimized. In 2010, phishing is predicted to grow exponentially.
Social networking providers are working hard to tighten security. But consumer demand is also driving them to introduce new services – with yet-to-be-discovered vulnerabilities. As social networks increase their professional services, the gap between services and security will continue to grow throughout 2010.
E-mail viruses and malware have been declining for several years as e-mail security solutions have improved. This trend will continue as online communications shift to social networks and newer generations of smartphones. Unfortunately, it means malware will find its way to users through security vulnerabilities in these new services and devices. Web filtering and user education will be key to preventing widespread outbreaks.
Search engine manipulation is a method cybercriminals use to exploit search engine algorithms to position hacked sites higher in the results. It provides an easy way to drive users to malicious sites, particularly bait pages that offer fake antivirus, fake video codecs or other ‘warez’ (most commonly pirated software, games, music or other products). Malware spread through search engines is expected to increase in 2010 due to the high degree of trust users place on search engines, as well as the relative ease with which results can be manipulated.
Attacks that feature multiple relays (from search results to one or more hacked blog pages to the malware deliverable) will become more prolific and complex in 2010. These types of attacks expect users to come from a specifically defined path and will not execute if the user does not follow that path. This ‘path-awareness’ makes it very difficult for traditional Web crawlers to find and identify threats. Multi-link attacks will become part of more complex, blended threats in 2010 as cybercriminals employ more layered approaches to avoid detection.
While weak passwords and careless users are always a security risk, new Web-based threats exploit human behavior on a whole new level by tapping into trusted Web sites and applications. In networks like Twitter and Facebook, users build online relationships with people they know and invite into their circle. Cybercriminals hack into these trusted relationships through stolen log-ins and prey on unsuspecting users. Given the success of fake antivirus and fake codec attacks – each of which was highly suspicious to anyone paying attention – attacks that exploit user trust will be far more difficult to detect. These types of attacks will undoubtedly present one of the biggest challenges for enterprise security managers in 2010.
Many organizations continue to rely on desktop antivirus as the main defense for systems operating outside the corporate network, primarily due to the significant cost in time and money to deploy desktop-based solutions. While many IT organizations have begun a hybrid deployment model that focuses on mobile users and those with high security requirements, tight budgets and tighter IT staffing will cause many organizations to postpone these security efforts.
To effectively combat dynamic, Web-based malware, businesses will increasingly need a defense that can respond in real time without manual updates. Cloud-based communities, which connect millions of users who provide real-time Web site ratings, will augment traditional on-premise and desktop defenses. With attacks that exist for as little as two hours, enterprise security systems desperately need real-time protection. In 2010, they will look to cloud services for enhanced security.