If this year will be remembered for high-profile data breaches, then what troubles are in store for 2008? Predictions include more powerful hacker botnets that elude shutdown and growth in numbers of compromised Web sites that attack trusting, unsuspecting visitors. Those are some of the picks from Symantec’s director of emerging technologies, Oliver Friedrichs. A rundown of his top five:
Bot evolution
“Today’s bots are fairly centralized with a command-and-control center,” he says. “In the future, they’re going to be more peer-to-peer, and it will make bots more difficult to take down.” Friedrichs says the Storm worm is the best example so far of a decentralized botnet. “It surfaced in January, and it’s still going strong.”
Web threats:
In particular, trusted Web sites that are compromised, with attackers loading them up with malicious code to attack unsuspecting visitors. The year started with the hack of the Web sites of Dolphin Stadium and the Miami Dolphins right before the Super Bowl game, causing them to dispense attack code to visitors. Social-networking sites appear to be ripe for this approach. The recent hack of Alicia Keys’ Web site on MySpace is likely a harbinger of more to come.
Mobile threats:
Particularly for new mobile platforms, such as the Google GPhone and Apple iPhone, where kits are available to software developers and applications in the future, could have holes to exploit. “Banks and online auctions are moving to mobile phones,” says Friedrichs. Cybercriminals can only be expected to follow.
Virtual worlds:
If attacks in the “real world” aren’t enough, get ready for attacks in “virtual worlds” where online players vie to win virtual battles and virtual stuff. Some of the big ones are Second Life, Lineage and World of Warcraft. “Attackers and criminals are looking at these platforms,” Friedrichs points out. “There are already trojans that target Lineage players. They take over an account and steal anything they have, like their sword, their gold, and take these items and sell them somewhere.” Virtual worlds have real crime.
Upcoming presidential election:
The presidential candidates — all 19 of them right now — accept online donations and campaign online. During the presidential race in 2004, “we saw phishing against the Edwards campaign,” Friedrichs points out. “And there was a denial-of-service attack against the Lieberman site.” More possibilities this time around in the presidential race include a criminal or extremist supporter registering a “typo-domain” that mimics the Web site of a political opponent, and when contributions come in, they’re either pocketed or contributed to someone else’s campaign.
Those are Symantec’s security-threat picks for 2008. Do you agree, disagree or have your own top security threats for 2008? Let me know at emessmer@nww.com.