Thursday, December 27, 2007

Security Trends to Watch Out in 2008

Symantec Security Trends in upcoming year...

Inching close to year end as we are, security companies are focusing on the year to be, telling us what virus threats we need to watch out for, and what will be the security scenario in the coming year. Security major, Symantec, has come up with a list of such security trends to look out for in 2008.

First on the list is "election campaigns". With political candidates increasingly turning to the World Wide Web, it is important to understand the associated security risks. Which include things like diversion of online campaign donations, dissemination of misinformation, fraud, phishing, and invasion of privacy.

Symantec claims to have analyzed 17 well-known candidate domain names in the course of the US 2008 elections, to reveal that a large number of typo and cousin (correctly spelt with additional wording) domain names have been registered by parties other than the candidates' own campaigners. A lot of these Web sites are registered for driving traffic to advertising Web sites.

The second trend to keep an eye on is "bot evolution". Symantec is expecting bots to diversify and evolve. For instance, phishing sites hosted by bot zombies. Bots tend to be 'early adopters' of new functionality, and as a result, they can be used as test environments for using newer malicious functionalities on a variety of targets before actually using these. Bots may be used in client-side phishing attacks against the legitimate owner or user of an infected computer, which allows phishers to bypass traditional phishing protection mechanisms, or they may be used to artificially increase apparent traffic to certain Web sites by hijacking browsers.

Bots may also give attackers specific access to infected PCs, which they can use to their advantage. Say if bot owners advertised their controls on PCs within an organization, parties interested in the organization may pay these guys for access to that control.

The third suspect, according to Symantec, is "advanced Web threats". With increase in the number of available Web services, and with browsers continuing to converge on uniform interpretation standards for scripting languages like JavaScript, Symantec expects the number of new Web-based threats to continue to rise. Symantec also warns against "user-generated content", which the company says can be used to host browser exploits or distribute malware/spyware, or host links to malicious Web sites. Completing Symantec's list of security trends for 2008 are "mobile platform", "spam evolution", and "virtual worlds".

Symantec says 'Mobile' security has never been a high priority. And with phones becoming more complex and interesting and connected, hackers will increasingly rely on mobile transactions offered by banks and other money transfer agents.

Similarly, Symantec expects 'spam' to evolve in trying to evade newer blocking systems and finding newer ways to trick users into reading messages. Newer attachment files in the form of mp3 and flash, or guised as social networking sites might come into play.

Last but not the least, Symantec expects that with the growing use of persistent virtual worlds (PVWs) and massively multiplayer online games (MMOGs), newer threats will emerge as criminals, phishers, spammers, and other anti-social elements turn their attention to these avenues.

No comments: