by Jennifer Kavur

Security Heavyweights Predict 2010 Threats

Dec 18, 2009
Data BreachMalwareSecurity

Upcoming security threats for 2010, as predicted by CA, Cisco, Symantec, Websense and a group of experts at Independent Security Evaluators. Plus, Info-Tech on security trends.

Upcoming security threats for 2010, as predicted by CA, Cisco, Symantec, Websense and a group of experts at Independent Security Evaluators. Plus, Info-Tech on security trends.

The 2009 Data Breach Hall of Shame

Social networks are going to become a prime target for cybercriminals in 2010, according to security predictions from annual security reports released this month by CA Inc., Cisco Systems Inc. and Symantec Corp.

A prediction list gathered from Independent Security Evaluators (ISE) and another list issued by Websense Inc. also anticipate increased threats on or towards major social networking sites.

Social networks was the only prediction highlighted by all five sources, but increased use of search engine optimization (SEO) attacks, shorts URLs and malvertising, as well as an upcoming focus on smartphones and the Mac OS X platform, were also noted on multiple accounts.

Unique predictions include a potential cryptographic algorithm break, botnet turf wars, attacks on voting mechanisms for elections and reality shows, a major utility breach in the U.S. and hijacked computers held for ransom.

James Quinn, senior research analyst at Info-Tech Research Group Ltd., expects the push towards financial incentives will continue from the hacker’s perspective. But the biggest trend that will continue from 2009 into 2010, according to Quinn, is the increasing speed at which threats will evolve.

“Security companies have gotten very, very good at responding to threats, and so as a result, bad guys have had to change the nature of the threat more rapidly …. I think what we are going to continue to see is an increase in that rate of evolution,” he said.

Quinn also expects 2010 will be an interesting year in terms of reputation-based security software. While the model allows anti-malware vendors to work quickly by looking at where information is coming from, whether it works effectively still remains in question, he pointed out.

“They are moving towards this model out of an efficiency basis, simply because there is so much good code and there is so much bad code available that it becomes impossible to work on a signature basis with any kind of performance,” he said.

The following is a compilation of potential upcoming threats to look out for in 2010, as predicted by the CA Global Advisory Team, Cisco, Symantec Hosted Services, Websense Security Labs and contributions from a group of security experts at Independent Security Evaluators.

Mobile worm attack

ISE anticipates a major mobile worm attack. “Mobile phones are now small computers always attached to the Internet,” states ISE. “They contain personal information and make for an interesting component of a mobile botnet. We got a worm this year against jailbroken iPhones. Next year will see the first worm against a major (off-the-shelf) mobile platform such as iPhone or Android.”

Social networking shut-down

“A major social networking site (Facebook, MySpace, etc) will shut down for an extended period of time, due to a hacking incident or a virus,” states ISE. “As more information is stored on these sites, they become more of a target. Additionally, it would be a high profile attack for an attacker wishing to increase their ‘street cred.’ Think Samy Worm except with malicious intent.”

A cryptographic algorithm break

ISE also predicts “a non-trivial break in a currently ubiquitous, trusted cryptographic algorithm” may occur. “There has been a lot of research in SSL lately, the protocol that fuels e-commerce. From Marlinspike and Kaminsky’s findings concerning null bytes in certificate names, to the SSL renegotiation bug, 2009 has been a rough year for crypto. This will continue in 2010 with a serious vulnerability in a currently trusted crypto algorithm being disclosed.”

Major U.S. utility breach

ISE’s fourth prediction involves a major vulnerability discovered and/or a breach of a U.S. utility (power grid, nuclear, etc.). “With talk of cyberwarefare in the main stream media, researchers and attackers will be spending more time looking at SCADA systems associated with utility companies. Either a major flaw will be revealed by a security researcher or something ‘bad’ will happen when an attacker takes advantage of it,” states ISE.

Botnet gangs fight turf wars

Websense Security Labs noticed botnet gangs mimicking each other in 2009, anticipates the trend to continue in 2010 and expects it will lead to turf wars. “We anticipate more aggressive behaviour between different botnet groups, including bots with the ability to detect and actively uninstall competitor bots,” states Websense.

E-mail gains traction

E-mail will gain “traction again as a top vector for malicious attacks,” states Websense. The company saw a “huge uptake in e-mails being used to spread files and deliver Trojans as e-mail attachments” in 2009.

Attacks against Apple

“2010 will prove once and for all that Macs are not immune to exploits,” states Websense. The company also notes potential for “the first drive-by malware created to target Apple’s Safari browser.” Hackers have “noticed Apple’s rapid growth in market share” and have additional incentive to target Mac users because “many assume Macs are immune to security threats and therefore employ less security measures and patches,” states Websense.

CA also highlighted an upcoming focus on Mac OS X, stating “malware actors will focus on the 64-bit and Apple platform.”

Non-English spam

“As broadband connection penetration continues to grow across the globe, particularly in developing economies, spam in non-English speaking countries will increase,” states Symantec.

ATMs, voting systems and reality shows

Highly specialized malware aimed at exploiting certain ATMs was detected in 2009 and the trend will continue in 2010, notes Symantec. This includes “the possibility of malware target ing electronic voting systems, both those used in political elections and public telephone voting, such as that connected with reality television shows and competitions.”

Hijacks and ransom notes

“Expect to see the propagators of rogue security software scams take their efforts to the next level, even by hijacking users’ computers, rendering them useless and holding them for ransom,” states Symantec.

Selling free anti-virus software

Other upcoming software scams include “rogue anti-virus vendors selling re-branded copies of free, third-party anti-virus software as their own offerings,” states Symantec. “Users are technically getting the anti-virus software that they pay for, but the reality is that this same software can actually be downloaded for free elsewhere.”

Criminals go legit with ad buys

CA and Websense both anticipate a rise in “malvertising” — legitimate purchases of ad space by criminals as a means to distribute malware.

Poisoned search results

Search engine optimization (SEO) attacks will increase in 2010, according to CA and Websense.

SEO attacks may cause trust issues in search results among consumers in 2010, “unless the search providers change the way they document and present links,” states Websense.

“Google is a frequent target of online threats. Attackers employ sophisticated search engine optimizations to manipulate search engine rankings and poison users’ search results, which direct them to compromised Web sites that can cause malware infections,” states CA.

Manual CAPTCHA labour

As CAPTCHA codes become more difficult to break using automated processes, spammers in emerging economies will “use real people to manually generate new accounts for spamming,” states Symantec. The company estimates account farmers will charge US $30 to $40 per 1,000 accounts.

User Access Control in Windows 7

Specific tricks will be used to bypass User Access Control warnings in Windows 7, according to Websense. By allowing four levels of User Access Control, Windows 7 tries to reduce the frequency of pop-ups that led to users to either ignore warnings or turn off User Access Control in Vista, states Websense.

But “security challenges to the interface and the operating system still exist. In fact, during a Patch Tuesday cycle in October 2009, five updates were for Windows 7 — even before it was released to the general public,” states the company.

Another Conficker?

“Another big computer worm like Conficker is likely,” states CA. “The increasing popularity of Web-based applications and discovery of critical zero-day vulnerabilities, especially for new operating systems such as Windows 7 and Google Chrome, present good opportunities for a new worm outbreak.”

Banking Trojans

CA anticipates more banking Trojans that “manifest as banking-related threats orchestrated to steal users’ identities for financial gain.”

Retro scams

Cisco expects “cybercrime techniques that have gone out of fashion to re-emerge in many developing countries. Cybercriminals will have millions of inexperienced users to dupe with unsophisticated or well-worn scamming techniques that more savvy users grew wise to (or fell victim to) ages ago.”

Smishing and vishing

Cisco expects smishing (phishing via SMS) and vishing (phishing and voice) scams to become more popular among criminals in 2010. Methods such as VoIP network hacking and vishing are particularly appealing, according to Cisco, because they are difficult for authorities to trace.

Fast flux

“Fast flux is a technique used by some botnets, such the Storm botnet, to hide phishing and malicious Web sites behind an ever-changing network of compromised hosts acting as proxies … As industry counter measures continue to reduce the effectiveness of traditional botnets, expect to see more using this technique being used to carry out attacks,” states Symantec.

Smarter botnets

“Botnet hosting ISPs like McColo and Real Host seemed to make botnets re-evaluate and enhance their recovery time to only take hours instead of weeks or months. It is predicted that in 2010, botnets will become more autonomous and intelligent,” states Symantec.

Third party apps on social networks

As social networking site owners “more readily provide third-party developer access to their APIs, attackers will likely turn to vulnerabilities in third-party applications for users’ social networking accounts, just as we have seen attackers leverage browser plug-ins more as Web browsers themselves become more secure,” predicts Symantec.

Reputation-based security

“We have reached an inflection point where new malicious programs are actually being created at a higher rate than good programs. As such, we have also reached a point where it no longer makes sense to focus solely on analyzing malware,” states Symantec. The company expects “approaches to security that look to ways to include all software files, such as reputation-based security, will become key in 2010.”


“As the economy continues to suffer and more people seek to take advantage of the loose restrictions of the CAN SPAM Act, we’ll see more organizations selling unauthorized e-mail address lists and more less-than-legitimate marketers spamming those lists,” predicts Symantec.

DOS attacks get political

“Denial-of-service attacks will increase in popularity as a means to make a political statement,” states CA. “Popular Web sites like Twitter and Facebook are likely to fall victim once again.”

1 in 12 IM hyperlinks

Symantec predicts “one in 300 IM messages will contain a URL” and “one in 12 hyperlinks will be linked to a domain known to be used for hosting malware” by the end of 2010. “Thus, one in 12 hyperlinks appearing in IM messages will contain a domain that has been considered suspicious or malicious. In mid 2009, that level was 1 in 78 hyperlinks.”

Social engineering

“Social engineering is already one of the primary attack vectors being used today” and the number of attacks using social engineer ing techniques will just continue to grow in 2010, according to Symantec.

Short URLs

“With 90.6 per cent of spam containing a URL in 2009, the increased popularity of shortened URLs was used by cybercriminals to help disguise the true destination of a hyperlink. This kind of activity is expected to continue into 2010,” states Symantec.

Cisco highlighted the security problems associated with short URLs and advises organizations to “generate their own short URLs and host them on their own domains.” Individual users are encouraged to install add-ons for their Web browsers that will display the full URL


“As handheld mobile devices act more like traditional computing platforms, it is likely that individuals will need to update the security of their mobile devices regularly, just as they do their traditional computers,” states Cisco.

Social networking sites

Social networks will become the “cybercrime hotspot” for 2010, according to Cisco. While virtual communities like Second Life fizzled out, Cisco expects this “new generation of social media offerings” to have “much more staying power in the business community.”

Websense likewise predicts a greater volume of spam and attacks on the social Web and real-time search engines. “Spammers’ and hackers’ use of Web 2.0 sites have been successful because of the high level of trust users place in the platforms and the other users. We anticipate this trend to continue in 2010,” states Websense.

Follow me on Twitter @jenniferkavur.