2009 Outlook: More Malware, Botnets, VOIP Attacks and Cyber-war
The Georgia Tech Information Security Center hosted its annual summit on emerging security threats Oct. 15 and published its annual attack forecast report.
According to the research, the electronic domain will see greater amounts of malware, botnets, attacks on VOIP systems and cyber-warfare in the coming year.
The report is the result of research projects authored by the vast array of experts who participate in the yearly forum, including everyone from vendor-based experts to government IT security officials.
The full report is available for download here. (PDF)
Some of the topical highlights include:
"We are projecting a tenfold increase in malware objects detected in 2008," said Ryan Naraine, security evangelist for Kaspersky Lab and well-known security blogger. "This is 'hockey-stick' growth driven by identity theft and data-focused cyber-crime."
The report also concluded that as attackers move beyond mass-distribution phishing scams, they are tapping into new ways to localize and personalize their attacks for better penetration.
"Social networking sites like MySpace, Facebook and others will likely be used as delivery mechanisms to get unsuspecting users to a malicious Web site link in order to deliver malware," the report contended.
"Compared with viruses and spam, botnets are growing at a faster rate," said Wenke Lee, an associate professor at GTISC and a leading botnet researcher.
Lee cited three primary factors that are driving zombie network expansion:
-Infection through legitimate sites -Smarter malware delivery mechanisms and obfuscation techniques -Drive-bys delivered via infected URLs
The report noted that "most botnet command and control sites can be traced back to China." However, Lee warned that this stat could be misleading because "a lot of Chinese are using pirated software which doesn't receive security updates. That means many Chinese computers are rife with vulnerabilities, making them a haven for botnet command and control sites."
The experts contended that attackers will increasingly flock to the world of VOIP technologies to "engage in voice fraud, data theft and other scams -- similar to the problems e-mail has experienced."
DoS (denial of service), remote code execution and botnet threats will also apply to VOIP networks in the coming year, and will become more problematic for mobile devices as well, the report said.
"Criminals know that VOIP can be used in scams to steal personal and financial data, so voice spam and voice phishing are not going away," said Tom Cross, an X-Force researcher with IBM Internet Security Systems. "Most people have been trained to enter Social Security numbers, credit card numbers, bank account numbers, etc. over the phone while interacting with voice response systems; criminals will exploit this social conditioning to perpetrate voice phishing and identity theft."
Security experts contributing to the report contended that cyber-warfare "will accompany traditional military interaction more often in the years ahead."
The experts said e-war tactics will also "play a more shadowy role in attempts by antagonist nations to subvert the U.S. economy and infrastructure."
To get a firmer grasp on what is likely to come, the GTISC researchers said observers should look no further than the targeted cyber-attacks that occurred between Russia and Georgia earlier in 2008.
George Heron, founder of BlueFin Security and a former chief scientist for McAfee, submits that cyber-warfare will play a significant role between China and the United States.
"Cyber-threats originating from China are very real and growing," Heron said. "Other evidence supports this, such as the majority of bot masters being traced back to China, along with malware and other disruptive threats."
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.