Monday, December 18, 2006

Websense's security threat predictions for 2007.

Websense, one of the reputed Internet security providers have released their version of security threats for the year 2007.

It was only recently that Mcafee released their own predictions for the year 2007 about security threats.

Mcafee's predictions and Websense's predictions are not much different. They both regard that the underground market for exploits will be on an increase in 2007, Social networks will be under increased attacks and vulnerable to exploits, Botnets will be on the rise etc:- But Mcafee's predictions for 2007 has covered more grounds like Rootkits on 32 bit platforms will increase, Parasitic malware will make a come back etc:- You can read about the Mcafee's predictions under the "Related reading" link below.

Okay, let us have a look at the Websense's predictions:

The Criminal Underground Economy:

As I had written in my article "Underground market for security exploits is growing" it is very true that there is a huge underground market were malicious and organized criminals are queuing up to buy the exploits.

Websense predicts that the market for zero-day attack code will be more competitive. This will result in an increase in the number of zero-day attacks and better attacks on both the client and server-side.

Web 2.0 Security Issues Escalate:

With the huge user base that the popular websites especially the social networking sites and social news networking sites carry more and more attackers are concentrating on exploiting them since the target base is widening. Sites like Myspace has been in the news with it's security flaws and for the phishing attacks almost every month.

Even video files are being used to target the users. Who can forget the QuickTime worm that recently compromised a lot of user data in Myspace. And plenty of phishing sites that is reported to be in Myspace. Also, one should remember that the QuickTime flaw that lead to the QuickTime worm attack is not yet patched by Apple and any other social networking sites that allows embedding of this is prone to this sort of an attack.

Allowing users the total freedom to upload user-created content will only increase the security risks.

Anti-Phishing tool bar exploits:

According to Websense "In 2006, several high profile companies released anti-phishing toolbars embedded within the browser. However, Websense predicts that some anti-phishing toolbars will become targets of exploit code designed to disable or avoid their prevention mechanisms."

Well this is already true with the recent security flaw that was found in Firefox 2 which is known as the Reverse cross site request. This allows a malicious person to exploit the flaw in the Password manager in Firefox 2 by putting a fake site and getting the password Manager to automatically fill in the password without even verifying the login server.

Enhanced Concealment of Data:

As I had written in one of my earlier articles, Rootkits + trojans could be a deadly combination. And according to the Websense prediction this will be more on the rise in 2007. Even Mcafee has said the same thing.Attackers will be using encryption with malicious code to bypass preventive measures.

BOT Evolution:

BOT nets is already having an underground market since a group of Zombie computers can be used for DDOS attacks and spam attacks and this is also going to be a major threat in 2007. Distributed command-and-control and the use of other protocols other than Internet Relay Chat (IRC) or HTTP will be used to control BOT networks. Increased use of encryption and custom packing of BOT’s will also occur.

So, once you read the predictions of both Mcafee and Websense you will get an idea as to what to watch out for in the year 2007 and thus will be aware of the precautions to be taken. Even with the increased protection and detection level today's softwares offer, the attackers too are getting more sophisticated trying to stay one step ahead. So as an user we should also stay educated and learn how to stay protected.

Related Reading:-
Mcafee's prediction about the top 10 security threats for the year 2007.