Security Forecast for 2009

Viewing 7 reply threads
  • Author
    Posts
    • #3113
      Don Donzal
      Keymaster

      2009 is right around the corner, and many are starting to make their predictions of the majors security issues that we will all face in the coming year (See Sophos Report below). What are your thoughts on 2008 and what you think will occur in 2009?

      [align=right:3u7d9jj5]SOPHOS
      Security threat report: 2009
      Prepare for this year’s new threats[/align:3u7d9jj5]

      Overview

      On 2 November 1988 a 22-year old Cornell University student called Robert Morris released an internet worm capable of exploiting vulnerabilities in the UNIX operating system. It is estimated that it infected 10 percent of the
      internet. Twenty years on, the scale of the malware problem has grown astronomically. Today’s internet attacks are organized and designed to steal information and resources from consumers and corporations. Although there have been instances of attacks driven by politics and religion, the main motivation is financial.

      The web is now the primary route by which cybercriminals infect computers, mainly due to the fact that increasing numbers of organizations have secured their email gateways. As a consequence, cybercriminals are planting
      malicious code on innocent websites. This code then simply lies in wait and silently infects visiting computers. The scale of this global criminal operation has reached such proportions that Sophos discovers one new infected
      webpage every 4.5 seconds – 24 hours a day, 365 days a year. In addition, SophosLabs, our global network of threat analysis centers, is sent some 20,000 new samples of suspect code every single day.

      2008 proved that malware is more than just a Microsoft problem. Although the sheer number of Windows threats far outweighs attacks against any other platform, cybercriminals are turning their attention to other operating
      systems such as Apple Macintosh, and vulnerable crossplatform software. This seems likely to continue in 2009, with the increasing popularity of portable devices such as the iPhone, iPod Touch, Google Android phone and ultramobile netbooks.

      It remains paramount that organizations defend themselves at all levels of their business, not just at the email and web gateways. Networks, desktops, laptops and mobile devices must be comprehensively secured to defend against the myriad threats posed by the criminal underground.

      Get the full report here:
      http://www.sophos.com/sophos/docs/eng/marketing_material/sophos-security-threat-report-jan-2009-na.pdf

      Don

    • #20991
      elcapitan
      Participant

      Interesting report… scary contortionist cover page.

      • Definitely state-sponsored cybercrime will continue.
      • IE’s market share is continuing to drop (although IE8 maybe different). With Chrome getting more market share, it may tip malware and browser exploits.
      • I would say “insider” threats may be on the radar a little more this year with companies tanking left and right, banks not accounting for funds, credit scarce, high unemployment and foreclosures, etc. This may tempt employees to commit crimes against their employers.
    • #20992
      blackazarro
      Participant

      Hmmm… SSL is broken for MD5 that is. Refer to the following links for additional information:

      http://blogs.zdnet.com/security/?p=2339
      http://www.win.tue.nl/hashclash/rogue-ca/

      So, based on today’s report we’ll probably see a number of phishing sites with valid SSL certificates in 2009 if the CAs won’t do something about it and drop using MD5.

    • #20993
      jason
      Participant

      I’m sure that they will once something comes along and bites them good and hard.

    • #20994
      shednik
      Participant

      @jason wrote:

      I’m sure that they will once something comes along and bites them good and hard.

      That looks like what it will take to make them wake up, proving it’s crackable isn’t enough sadly.

    • #20995
      jason
      Participant

      It certainly does seem to be the trend for major security threats. You would think folks would figure this stuff out eventually.

    • #20996
      Stifler
      Participant

      We’ve discussed this very issue almost everyday of class at school for the past 2 or 3 weeks now. My teacher made a similar comment about there needing to be a big incident to get rid of MD5. But even so, she still relies on MD5 in her day job. She’s a juvenile prosecutor in my county who also heads up the cybercrime prosecutions and gathers evidence for them, and then comes and teaches us about cybercrime at night classes. She’s a busy woman, and gorgeous to boot! 🙂

      Personally, I think there will be a significant amount of breaches into some of the more trusted software out there this year. Like firefox for example, it’s not impenetrable but it is one of the safer browsers to use, but for how long?

      On another note, I think we’ll see some newer innovations in the way that some of the pre-existing software operates. Like antivirus apps for example, most of which run traditional scans based on signatures and definitions of known threats but aren’t that great at detecting the unknown in most cases. The emerging of behavior based scanning is one thing that I think has potential to show it’s face more this year than last. Because with it, you can detect both known and unknown, old and new threats or however you wanna put it. I use both types, and it works great. Plus you don’t have to worry about conflicts that way because they operate in two completely different ways.

      Of course none of us know what the future will bring but there’s nothing wrong with a little optimism.

    • #20997
      Ne0
      Participant

      2009 and its just ending 2nd month and already a security researcher has given a run for baks and , financial institutes , and goverment sectors
      by releasing a tool called SSL STRIP , it uses a MITM attack and its really cool makes ssl sites to look at fake sites and gives its spoof in the middle u need to try that, i dont think the any predictions will come trues cause hacking way more forward than any predictions so just dont predict just wait for surprises

Viewing 7 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?