Exploring the Boundaries of IT Security
Whenever we enter a new decade, many of us like to take stock and think about the things that have changed over the last ten years and what may happen during the next twelve months. But as Niels Bohr once said, prediction is difficult, especially about the future.
This is necessary to stay ahead in the development of efficient countermeasures to match the creativity of cyber-criminals and fraudsters. The problem is that each time the number of variables change, and by that I am referring to the new emerging communication platforms, the number of attack vectors and the exposure to computer malware increase dramatically.
So what should we expect from the next year anyway?
Our research has shown that BotNets have been acquiring new computers continuously during 2009 and the criminal activities of renting these services is flourishing. But as in any economy, either legal or underground, once the market becomes saturated the competition becomes even more intense.
So we can expect BotNet owners will have to provide demonstrations of power in order to prove that their services are exactly as advertised. This can be done with DDOS attacks to different targets chosen by their prospective client. Also the competition might take the form of malware that would first strip the computer of any competitors' malware before infecting the computer and joining it in the BotNet.
Another area of concern is social media. Will we see more menaces lurking on these platforms? Take for example, a successful fraudster, already achieving a significant income from spamming activities. Equipped with basic knowledge about computer security and software development, he is presented with a tempting environment where people are encouraged to make as many friends online as possible, to interact, share content and pop into conversations whenever it suits them.
We are therefore facing a rather interesting situation since, on one hand you see that millions and millions of people are joining social media websites and want to start sharing links, pictures and other media content, while on the other hand if you take a look at the code provided to interact with the network, you will see how easy it is to develop applications or manipulate different profiles. How can a fraudster resist such temptation?
Will mobile phones be targeted in the following year?
Nowadays everyone has a mobile phone, and some even more than one. When changing their handset many people are inclined to upgrade to a smart phone, which means that more and more people will have some miniature PCs in their pockets.
With most phones now having a wireless connection, this makes them a very tempting target for the malware writer, even though they aren't capable of processing large amounts of data or broadcasting spam messages. However fraudsters are very adaptable and we are seeing a trend towards the new tactic of ‘steal smaller amounts from time to time, rather than all at once'; so perhaps this will become more common in future.