A number of organizations take the end of the year as an opportunity to publish predictions about what will happen in the security space during the subsequent year. The RISK Team engages in that exercise every Thursday as part of our weekly Risk call, during which we analyze emerging threats and vulnerabilities. So instead of generating a new list, we’ll share one that was refined over the course of 50 weekly meetings. In addition, we’ll share our predictions from the prior five years.

The question posed to the team every week is “What are we on the lookout for?”. Our answers are not so much predictions of what will happen, but what we’re concerned could happen based on current trends. The following items resulted from our final discussion of 2008:

• Christmas-related hoaxes, e-cards, and malware (not too hard, they happen every year)
• Exploits favoring business systems, especially ActiveX installed within enterprise
  vs. “Mom & Pop shops”
• Economic crisis moves e-tailers to collect more PII (and protect it)
• E-tailer bankruptcies result in failure to deliver to consumers and reduced
  consumer trust in e-tailers
• New vulnerabilities in Windows OS components previously patched,
  e.g. netapi32.dll MS06-040 and MS08-067
• Vulnerability disclosure and exploits in MS Office documents
• Increased exploitation of web sites or web applications that offer up
  third-party supplied content that can be scripted or include code that
  executes on the visitor’s system
• Barnacle ware: Bundled and helper software and utilities; software that is installed by the OEM or is picked up through routine usage but is not supported (e.g., optical drive software, media management, image viewers, and browser plug-ins)

2007

• Increased incidents of reputation attacks (Human Factors)
• Increased JavaScript Exploits
• Increased IPv6 vulnerability chatter
• Vulnerability disclosure and exploits in MS Office documents
• Increased exploitation of web sites or web applications the offer up
  third-party supplied content that can be scripted or include code that
  executes on the visitor’s system
• Barnacleware: Bundled and Helper software and utilities. Software that
  is installed by the OEM or is picked up through routine usage but is not
  supported. Examples: optical drive software, media management, image
  viewers, and browser plug-ins
• Fourth-age worm attack

2006

• Al Qaeda DoS attacks on financial sector
• MS06-070 malcode and bots
• Attacks using targeted Trojans
• SQL attacks (especially through unpatched Oracle vulnerabilities)
• Vista malware hype, reports of Vista-specific malware/exploits

2005

• Attacks using customized Trojans
• Innovative phishing using domain name IDN or DNS manipulation
• SQL attacks (especially through unpatched Oracle vulnerabilities)
• Malcode exploiting Microsoft Word buffer overflow
• Christmas-related scams and phishing
• Exchange administrator being exploited via bounced emails

2004

• Malware that gets legs
• SSH
• Something under the radar in the Linux world (elf, game, bot?)

2003

• Microsoft Messenger Service (net bios) worm
• Attacks exploiting vulnerabilities patched by MS03-049
• Malcode hiding using alternate data streams

Tags: ActiveX, barnacleware, cost, etailers, hoaxes, Information Security, InfoSec, Malware, MS06-040, MS08-067, PII, Predictions, risk, Threat, Vulnerability

This entry was posted on Wednesday, January 7th, 2009 at 4:00 pm and is filed under Analysis. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.