After a year of unprecedented proliferation of spyware, malware and cyber attacks of all types, security software vendor Symantec warns there’s plenty more where that came from in its just-released 2010 Security Trends to Watch report.
Kevin Haley, Symantec Security Response group product manager, this week posted an ironic blog entry titled “Don’t Read This Blog” to draw attention to the company’s latest report and to illustrate how Internet users have been conditioned to click any compelling link without regard to the possible—and often probable — security consequences of their actions.
“We love to click,” he wrote. “Clicking on links and attachments that are accompanied by just the slightest bit of social engineering appears to be a basic human need.”
“I expect it to show in a revision of Maslow’s Hierarchy of Human Needs any day now — behind love, but certainly ahead of safety,” he added.
Whether it’s a come-on for what appears to be a friendly game of online Monopoly or the incessant and sinister pleadings of a bogus antivirus application, malware scams have become more sophisticated and damaging with each passing day.
A report released earlier this year by the Anti-Phishing Working Group (APWG) found that fake anti-malware and security software programs soared up more than 585 percent in the first half of 2009 alone. In 2007, Gartner said that more than 3.6 million people lost more than $3.2 billion to malicious phishing scams.
“Yes, it’s a cheap trick and not even close to original,” Haley wrote of his creative blog title. “[But] since social engineering plays such a prominent role in future trends, it seemed appropriate.”
Whether you’re using your mobile phone to check e-mail and surf the Web or an enterprise IT administrator charged with safeguarding your company’s data, Symantec says the following 13 security issues will be most relevant in 2010:
With the rise of polymorphic threats and the explosion of unique malware variants in 2009, the industry is quickly realizing that traditional approaches to antivirus (including both file signatures and heuristic/behavioral capabilities) are not enough to protect against today’s threats. We have reached an inflection point, where new malicious programs are actually being created at a higher rate than good programs.
Approaches to security that looks for ways to include all software files, such as reputation-based security, will become key in 2010.
More and more, attackers are going directly after the end user and attempting to trick them into downloading malware or divulging sensitive information under the auspice that they are doing something perfectly innocent. Social engineering’s popularity is at least in part spurred on by the fact that what operating system and Web browser rests on a user’s computer is largely irrelevant, as it is the actual user being targeted, not necessarily vulnerabilities on the machine.
In 2010, expect to see the propagators of rogue security software scams take their efforts to the next level, even by hijacking users’ computers, rendering them useless and holding them for ransom. A less drastic next step, however, would be software that is not explicitly malicious, but dubious at best.
For example, Symantec has already observed some rogue antivirus vendors selling rebranded copies of free third-party antivirus software as their own offerings. In these cases, users are technically getting the antivirus software that they pay for, but the reality is that this same software can actually be downloaded for free elsewhere.
With the popularity of social networking sites poised for another year of unprecedented growth, expect to see fraud being targeted toward social site users to grow.
As this occurs, and as these sites more readily provide third-party developer access to their APIs, attackers will likely turn to vulnerabilities in third-party applications for users’ social networking account information, just as we have seen attackers take advantage of browser plug-ins more as Web browsers themselves become more secure.
Next page: Windows 7 will come in the crosshairs of attackers
Microsoft has already released the first security patches for its new operating system. As long as humans are programming computer code, flaws will be introduced, no matter how thorough pre-release testing is. And the more complex the code is, the more likely that undiscovered vulnerabilities exist.
Microsoft’s new operating system is no exception, and as Windows 7 hits the pavement and gains traction in 2010, attackers will undoubtedly find ways to exploit its users.
Fast flux is a technique used by some botnets, such as the Storm botnet, to hide phishing and malicious Web sites behind an ever-changing network of compromised hosts acting as proxies. Using a combination of peer-to-peer networking, distributed command-and-control, Web-based load balancing and proxy redirection, it makes it difficult to trace the botnets’ original geo-location.
As industry countermeasures continue to reduce the effectiveness of traditional botnets, expect to see more using this technique to carry out attacks.
Because users often have no idea where a shortened URL — particularly from Twitter — is actually sending them, phishers are able to disguise links that the average security conscious user might think twice about clicking on.
In an attempt to evade antispam filters through obfuscation, expect spammers to use shortened URLs to carry out their evil deeds.
In 2009, Macs and smartphones will be targeted more by malware authors. As Mac and smartphones continue to increase in popularity in 2010, more attackers will devote time to creating malware to exploit these devices.
As the economy continues to suffer and more people seek to take advantage of the loose restrictions of the Federal Trade Commission’s Can-Spam Act, there will be more organizations selling unauthorized e-mail address lists and more less-than-legitimate marketers spamming those lists.
Since 2007, spam has increased on average by 15 percent a year. Spam volumes will continue to fluctuate in 2010 as spammers continue to adapt to the sophistication of security software and the intervention of responsible ISPs and government agencies across the globe.
Highly specialized malware was uncovered in 2009 that was aimed at exploiting certain ATMs, indicating a degree of insider knowledge about their operation and how they could be exploited. Expect this trend to continue in 2010, including the possibility of malware targeting electronic voting systems, both those used in political elections and public telephone voting, such as that connected with reality television shows and competitions.
This will prompt more businesses in emerging economies to offer real people employment to manually generate accounts on legitimate Web sites — especially those supporting user-generated content — for spamming purposes.
Symantec estimates that the individuals will be paid less than 10 percent of the cost to the spammers, with the account farmers charging $30-$40 per 1,000 accounts.
As hackers exploit new ways to bypass CAPTCHA (define) technologies, instant messaging attacks will grow in popularity. IM threats will largely be comprised of unsolicited spam messages containing malicious links, especially attacks aimed at compromising legitimate IM accounts.
By the end of 2010, Symantec predicts that one in 300 IM messages will contain a URL. Also, in 2010, Symantec predicts that one in 12 hyperlinks overall will be linked to a domain known to be used for hosting malware.
Article courtesy of InternetNews.com.
Ethics and Artificial Intelligence: Driving Greater Equality
FEATURE | By James Maguire,
December 16, 2020
AI vs. Machine Learning vs. Deep Learning
FEATURE | By Cynthia Harvey,
December 11, 2020
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2021
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.
