With 2009 being the year of fake security software and attacks on social networks and search engines, many security firms are predicting more of the same for 2010 along with an increase in attacks aimed at cloud/virtualised environments.
Symantec, Trend Micro, CA and Websense all agree that social networks will continue to pose security headaches, as cyber criminals look to exploit to popularity of sites such as Facebook, Twitter and LinkedIn and other Web 2.0 tools like wikis and blogs.
Symantec claims that social networking third-party applications will be targeted. “As these sites more readily provide third-party developer access to their APIs, attackers will likely turn to vulnerabilities in third-party applications for users’ social networking accounts, just as we have seen attackers leverage browser plug-ins more as Web browsers themselves become more secure,” the firm said.
With spammers looking for more ways to distributing their malware, CA, M86 and Websense are claiming that search engine optimisation (SEO) poisoning will increase. “The technique aims to elevate malicious landing pages in search engine results rankings to ensure a steady supply of victims. The technique is commonly paired with scareware to capitalise on users trust in search engines,” said M86.
Many industry analysts are predicting that cloud computing, SaaS and virtualisation will have a very successful 2010, as firms look to cut costs and improve operational efficiency. It is therefore likely that cyber criminals will follow businesses and look to launch attacks here.
“Cloud computing and SaaS have exploded in popularity during 2009, leading to a vast increase in service offerings. As a result, more and more corporate data is being stored outside of the network, making it difficult for IT administrators to have direct control over the data. In 2010, cybercriminals will target the larger cloud-based providers and attacks will increase,” M86 said.
October 2009 saw the release of Microsoft’s latest operating system, Windows 7, and although the company has played up the safety of it, both Trend Micro and Symantec believe that it will cause security issues for some companies.
“Microsoft has already released the first security patches for the new operating system. As long as humans are programming computer code, flaws will be introduced, no matter how thorough pre-release testing is, and the more complex the code, the more likely that undiscovered vulnerabilities exist. Microsoft’s new operating system is no exception, and as Windows 7 hits the pavement and gains traction in 2010, attackers will undoubtedly find ways to exploit its users,” said Symantec.