December 16, 2008 at 4:48 pm #3113Don DonzalKeymaster
2009 is right around the corner, and many are starting to make their predictions of the majors security issues that we will all face in the coming year (See Sophos Report below). What are your thoughts on 2008 and what you think will occur in 2009?
Security threat report: 2009
Prepare for this year’s new threats[/align:3u7d9jj5]
On 2 November 1988 a 22-year old Cornell University student called Robert Morris released an internet worm capable of exploiting vulnerabilities in the UNIX operating system. It is estimated that it infected 10 percent of the
internet. Twenty years on, the scale of the malware problem has grown astronomically. Today’s internet attacks are organized and designed to steal information and resources from consumers and corporations. Although there have been instances of attacks driven by politics and religion, the main motivation is financial.
The web is now the primary route by which cybercriminals infect computers, mainly due to the fact that increasing numbers of organizations have secured their email gateways. As a consequence, cybercriminals are planting
malicious code on innocent websites. This code then simply lies in wait and silently infects visiting computers. The scale of this global criminal operation has reached such proportions that Sophos discovers one new infected
webpage every 4.5 seconds – 24 hours a day, 365 days a year. In addition, SophosLabs, our global network of threat analysis centers, is sent some 20,000 new samples of suspect code every single day.
2008 proved that malware is more than just a Microsoft problem. Although the sheer number of Windows threats far outweighs attacks against any other platform, cybercriminals are turning their attention to other operating
systems such as Apple Macintosh, and vulnerable crossplatform software. This seems likely to continue in 2009, with the increasing popularity of portable devices such as the iPhone, iPod Touch, Google Android phone and ultramobile netbooks.
It remains paramount that organizations defend themselves at all levels of their business, not just at the email and web gateways. Networks, desktops, laptops and mobile devices must be comprehensively secured to defend against the myriad threats posed by the criminal underground.
Get the full report here:
December 27, 2008 at 5:02 am #20991elcapitanParticipant
Interesting report… scary contortionist cover page.
- Definitely state-sponsored cybercrime will continue.
- IE’s market share is continuing to drop (although IE8 maybe different). With Chrome getting more market share, it may tip malware and browser exploits.
- I would say “insider” threats may be on the radar a little more this year with companies tanking left and right, banks not accounting for funds, credit scarce, high unemployment and foreclosures, etc. This may tempt employees to commit crimes against their employers.
December 30, 2008 at 10:25 pm #20992blackazarroParticipant
Hmmm… SSL is broken for MD5 that is. Refer to the following links for additional information:
So, based on today’s report we’ll probably see a number of phishing sites with valid SSL certificates in 2009 if the CAs won’t do something about it and drop using MD5.
January 1, 2009 at 1:40 am #20993jasonParticipant
I’m sure that they will once something comes along and bites them good and hard.
January 2, 2009 at 1:44 pm #20994
January 8, 2009 at 5:52 am #20995jasonParticipant
It certainly does seem to be the trend for major security threats. You would think folks would figure this stuff out eventually.
February 8, 2009 at 9:36 am #20996StiflerParticipant
We’ve discussed this very issue almost everyday of class at school for the past 2 or 3 weeks now. My teacher made a similar comment about there needing to be a big incident to get rid of MD5. But even so, she still relies on MD5 in her day job. She’s a juvenile prosecutor in my county who also heads up the cybercrime prosecutions and gathers evidence for them, and then comes and teaches us about cybercrime at night classes. She’s a busy woman, and gorgeous to boot! 🙂
Personally, I think there will be a significant amount of breaches into some of the more trusted software out there this year. Like firefox for example, it’s not impenetrable but it is one of the safer browsers to use, but for how long?
On another note, I think we’ll see some newer innovations in the way that some of the pre-existing software operates. Like antivirus apps for example, most of which run traditional scans based on signatures and definitions of known threats but aren’t that great at detecting the unknown in most cases. The emerging of behavior based scanning is one thing that I think has potential to show it’s face more this year than last. Because with it, you can detect both known and unknown, old and new threats or however you wanna put it. I use both types, and it works great. Plus you don’t have to worry about conflicts that way because they operate in two completely different ways.
Of course none of us know what the future will bring but there’s nothing wrong with a little optimism.
February 25, 2009 at 7:03 am #20997Ne0Participant
2009 and its just ending 2nd month and already a security researcher has given a run for baks and , financial institutes , and goverment sectors
by releasing a tool called SSL STRIP , it uses a MITM attack and its really cool makes ssl sites to look at fake sites and gives its spoof in the middle u need to try that, i dont think the any predictions will come trues cause hacking way more forward than any predictions so just dont predict just wait for surprises
- You must be logged in to reply to this topic.