There are a few important security trends that merit watching next year.
The use of DDoS as a tool of political activity and extortion will loom large again and there is no indication that this is a trend that will diminish. As an example, witness the growth of the “Darkness” botnet which has been specifically hired out as a platform for DDoS attacks. This botnet is taking over from BlackEnergy which was previously the leader in this type of attack. It is pretty cheap with prices of $50 per 24 hours being quoted.
A second security trend, social engineering, is going to continue through increasingly sophisticated phishing emails and better websites. The Apr. 29, 2011 marriage of Prince William will be exploited ruthlessly and increasingly SEO will be used to ensure infected websites are high in search results.
And there’s yet another important security trend – financial applications. These will continue to be targeted. Viruses like Zeus and, more critically, URLzone have been used to gain login details for bank accounts. URLzone provides a significant departure, where it acts as a ‘man in the middle,’ able to circumvent two factor authentication (also known as TFA; in brief, the use of two independent mechanisms for authentication; for example, requiring a smartcard and a password. The combination is less likely to allow abuse than either component) by relaying false information back to users). While only able to target a number of banks at present, it is likely that this Trojan or something similar will be developed to encompass more banks in the coming year.
Any other security trends you think we should mention? Call me at (832) 242-5757 or send an email to firstname.lastname@example.org.