Image: A Google search page is seen through the spectacles of a computer user in Leicester.
Photographs: Darren Staples/Reuters
Hackers and spammers are the biggest threat and nuisance for the world’s Internet community today and even strong security measures have been unsuccessful to control these unwanted cyber activities.Where in 2009, Web 2.0 sites such as Facebook and Twitter were hackers’ sweet spot, 2010 will see them looking to compromise new platforms such as smartphones and take advantage of the popularity of Windows 7, according to security software maker Websense Security Labs.
Also, hackers are expected to compromise the integrity of search engine results and use legitimate advertisements to spread their malicious content in the year ahead.
As audiences are moving quickly into the social web, so are the attacks. Additionally, as emerging operating systems/platforms and mobile devices become more popular, they are targetted more. At the same time, malicious attackers are increasing the number of traditional attacks on personal computers, with quickly changing tactics and adding new twists on old plots, says Websense.
The recent spamming and phishing attacks at popular social networking websites are a proof of just how well the hackers understand the taste of internet users. The number of malicious sites is rising day by day and it looks like it is only gong to rise further.
Websense has released its list of security predictions and trends anticipated for 2010. Take a look…
Photographs: Stephen Hird/Reuters
The coming year will see a greater volume of spam and attacks on the social web and real-time search engines such as Topsy.com, Google and Bing.com, who recently added real-time search capability features.Spammers’ and hackers’ use of Web 2.0 sites in 2009 proved successful because of the high level of trust users place in the platforms and the other users. The trend is likely to continue in 2010, with attackers looking to spread their wares on social websites such as Facebook, Twitter, MySpace and Google Wave.
Image: A generic picture of a woman working in an office.
Photographs: Catherine Benson/Reuters
A more aggressive activity by Botnet gangs — who invade secretly and hide software to get access to the information on your computer, including your email program, and use your computer to send spam — is expected in the year ahead.
In the past year, Websense noted an increase in botnet groups following each other and using similar spam and web campaigns tactics and other copy-cat behavior. This expected to continue in 2010.
In addition, a more aggressive behavior between different botnet groups including bots with the ability to detect and actively uninstall competitor bots is anticipated.
3. Email gains traction again as a top vector for malicious attacks
Image: Comdexer checks email at cyber center in Las Vegas.
Photographs: Steve Marcus/Reuters
In 2010, email used as a vector for spreading malicious attacks will evolve in sophistication.
During 2009, Websense saw a huge uptake in emails being used to spread files and deliver Trojans as email attachments after being nearly non-existent for several years.
Attackers are more often using timely topics to lure recipients to open mail, attachments and click on malicious links. Also, researchers have noticed an increased sophistication of blended attacks that are difficult to close down.
During 2010, this trend will continue and we will see more emails containing a malicious data.
4. Targetted attacks on Microsoft properties
Image: The new Windows 7 operating system installation DVD is pictured on a notebook at the Windows 7 Launch Party in New York.
Photographs: Shannon Stapleton/Reuters
With the expected fast adoption of Windows 7, we will see more malicious attacks targeting the new operating system with specific tricks to bypass User Access Control warnings, and greater exploitation of Internet Explorer 8.
The User Access Control in Vista was originally implemented to prevent malware from making permanent changes to the system, such as start-up files. However, it allowed pop-ups every time a change was made to the system, such as a change to an IP address and time zone.
The pop-ups occurred so frequently that users ignored the warnings or turned off the feature, leaving them vulnerable. While Windows 7 tries to reduce the pop-ups by allowing four levels of User Access Control, security challenges to the interface and the operating system still exist.
5. Don’t trust your search results
Image: Web search engine page Google is shown on a computer screen with a black background.
Photographs: Mark Blinch/Reuters
A malicious SEO (search engine optimisation) poisoning attack, also known as a Blackhat SEO attack, is when hackers trick search engines into displaying their content ahead of other legitimate sites. As a user searches for related terms, the infected links appear near the top of the search results, generating a greater number of clicks to malicious Web sites.
SEO poisoning attacks are successful because as soon as a malicious campaign is recognised and removed from search results, the attackers simply redirect their botnets to a new, timely search term.
These ongoing campaigns are likely to gain steam in 2010 and may cause a trust issue in search results among consumers, unless the search providers change the way they document and present links.
6. Smartphones are hackers’ next playground
Image: A customer tries the Apple iPhone 3GS at the company’s retail store in San Francisco.
Photographs: Robert Galbraith
Smartphones such as the iPhone and Android, which are used increasingly for business purposes, are essentially miniature personal computers and in 2010 will face the same types of attacks that target traditional computing.
Additionally, poor security of applications on smartphones can put users’ and organisations’ data at risk. With a rapidly growing user base, business adoption and increasing use for conducting financial transactions with these devices, hackers will begin more dedicated targeting of smartphones in 2010.
7. Attacks through web advertisements
Image: A South Korean man surfs the internet in Seoul.
Photographs: Rhee Dong-Min/Reuters
In a high-profile incident in 2009, visitors to the New York Times web site saw a pop-up box warning them of a virus that directed them to an offer for anti-virus software, which was actually rogue AV.
This attack was served up through an advertisement purchased by someone posing as a national advertiser. The successful attack was a worthwhile investment for the criminals and so in 2010, Websense Security Labs predicts that more malicious advertisements will be legitimately purchased by the bad guys.
8. Macs are not immune either
Image: Woman walks past Swisscom store before joining queue to buy Apple’s iPhone 3G after it went on sale in Zurich.
Photographs: Christian Hartmann/Reuters
Hackers have noticed Apple’s rapid growth in market share in both the consumer and corporate segments. There exists additional risk for Mac users because many assume Macs are immune to security threats and therefore employ less security measures and patches, so attackers have additional incentive to go after the Mac OS X platform.
During 2009, Apple released six large security updates for Macs, showing the potential for attacks. In 2010, there will be even more security updates as hackers ramp up attacks targeting the platform. There is also the potential for the first drive-by malware created to target Apple’s Safari browser.