WebSense security experts have published their predictions regarding the security threats that we will face in the new year, and perhaps unsurprisingly they revolve around the changing and dynamic nature of the Internet.

“Organized criminals are realizing that the Internet has been a largely untapped resource in terms of generating real profit. With financial gain on the table, attack methods are improving, and the number of people involved is escalating,” said Dan Hubbard, vice president of security research, Websense. “Tools and exploits to steal personal, business and financial information are the hottest commodities for cyber-criminals. Next year in particular, it’s highly important for organizations to have preventative measures in place to protect themselves from the next wave of increasingly covert and targeted attacks.”

So what are these predictions in full?

The Criminal Underground Economy

During the course of 2006 the malware landscape shifted away from the purely malicious and firmly into a financially driven, criminally led arena. Indeed, during a visit to the Symantec threat labs in Santa Monica I never once heard the term malware used, everything was referred to as ‘crimeware’ instead. WebSense expects underground cybercrime to become better organized and run a better economy, part of which will see the market for zero-day attack code becoming more competitive. This will result in an increase in the number of zero-day attacks and better attacks on both the client and server-side, they reckon.

Web 2.0 Security Issues Escalate

Whenever Internet and cultural phenomena meet, there is an opportunity for criminal exploitation. That is certainly the case when you have an estimated 80 percent of the top 20 most visited Web sites being Web 2.0 driven in the broadest sense, social networking sites such as MySpace and community focussed ones like Wikipedia. WebSense warn that Web 2.0 sites including social networking sites are particularly vulnerable to attack because of the constantly changing nature of the content which is difficult to monitor and secure. With millions of potential victims—criminals, spammers and adware companies are already seeking to prosper. Indeed, a very recent Gartner report entitled “Web 2.0 Needs Security 101” states that “Web 2.0 mashups that are not done securely will lead to huge openings for new forms of phishing and other attacks.” But where else in Web 2.0 should we be looking for security weakness according to WebSense?

  • User-Created Content: As mentioned in 2006, by empowering end-users with creative, dynamic, content control, increased security problems will result.
  • Social Networks: The large population of users and ability to link users through profiles and networks will lead to more security issues within these communities. Entertainment social networks are not the only targets; there are several business networks of users linking for employment recruiting, business development, and other business-related reasons that face the same threats.
  • Service Oriented Architecture (SOA) and Web Services: The Web as a platform is finally here. The advent of ‘mashing’ Web services and linking several properties together will lead to increased security issues, as cross-domain security issues can affect all links in the chain.

Anti-Phishing Toolbar Exploits

You seemingly cannot move without bumping into yet another browser based anti-phishing toolbar, or a download link to where you can get one. Websense predicts that some embedded anti-phishing toolbars will become targets of exploit code designed to disable or avoid their prevention mechanisms. Well, duh.

Enhanced Concealment of Data

Ask any security expert and they will tell you the same thing: that during the course of 2007 the use of malicious code to steal data will increase, hugely. Ask the more savvy and less media sound-bite obsessed ones and they will also mention that inevitably preventative methods will also increase and lead to the better concealment of that valuable data. WebSense predicts that cyber-criminals will increasingly use encryption with malicious code to bypass preventive measures.

BOT Evolution

BOTs remain a thorn in the side of everyone from the end user to the network admin and security consultant, and the bad news is that there is no sign that BOT evolution is slowing down at all. WebSense warn that distributed command-and-control and the use of other protocols other than Internet Relay Chat (IRC) or HTTP will be used to control BOT networks. You can also expect the increased use of encryption and custom packing of BOTs I am afraid.

Websense predicts that some embedded anti-phishing toolbars will become targets of exploit code designed to disable or avoid their prevention mechanisms.

Even more duh: it's easy to trick people into installing spyware, that's well known.
Hiding that spyware as spyware prevention or removal software is also well established.
Lots of people like browser toolbars (don't ask me why, I won't touch them for anything).

Combine the three, and the logical next step is malware authors creating a phishing tool in the form of a browser toolbar that is presented as an anti-spyware/anti-phishing product.