As we begin the new year, it’s an appropriate time to review the cyber security landscape and prepare for what new challenges may lie ahead, as well as what current threats may continue.

What are the cyber trends for 2010?

Malware, worms, and Trojan horses – These will continue to spread by email, instant messaging, malicious websites, and infected non-malicious websites. Some websites will automatically download the malware without the user’s knowledge or intervention. This is known as a drive-by download. Other methods will require users to click on a link or button.

Botnets and zombies – These threats will continue to proliferate as the attack techniques evolve and become available to a broader audience with less technical knowledge required to launch successful attacks. Botnets designed to steal data are improving their encryption capabilities, thus becoming more difficult to detect.

Scareware – Scareware is fake/rogue security software. There are millions of different versions of malware, with hundreds more being created and used every day. This type of scam can be particularly profitable for cyber criminals, as many users believe the pop-up warnings telling them their system is infected and are lured into downloading and paying for the special software to protect their system.

Attacks on client-side software – With users keeping their operating systems patched, client-side software vulnerabilities are now an increasingly popular means of attacking systems. Client-side software includes Internet browsers, media players, PDF readers, etc. This software will continue to have vulnerabilities and subsequently be targeted by various malwares.

Ransom attacks – These occur when a user or company is infected by malware that encrypts their hard drives or they are hit with a Distributed Denial of Service Attack (DDOS) attack. The cyber criminals then notify the user or company that if they pay a small fee, the DDOS attack will stop or the hard drive will be unencrypted. This type of attack has existed for a number of years and is gaining in popularity.

Social network attacks – Social network attacks are expected to be one of the major sources of attacks in 2010 because of the volume of users and the amount of personal information posted. Users’ inherent trust in their online friends is what makes these networks a prime target. For example, users may be prompted to follow a link on someone''''''''s page, which could redirect users to a malicious website.

Cloud Computing – Cloud computing refers to a type of computing that relies on sharing computing resources rather than maintaining and supporting local servers. Cloud computing is a growing trend due to its considerable cost savings opportunities for organizations. The growing use of cloud computing will make it a prime target for attack.

Web Applications – Many websites and online applications are continually developed with inadequate security controls. These security gaps can lead to the compromise of the site and potentially to the site’s visitors.

Budget cuts – Budget cuts are expected to be a problem for security personnel and a boon to cyber criminals. With less money to update software, hire personnel, and implement security controls, enterprises may be forced to try to do more with less. By not maintaining up-to-date software, appropriate security controls, or enough personnel to secure and monitor the networks, organizations will become more vulnerable.

What can I do?

The following helpful tips will assist in minimizing risk:

• Properly configure and patch operating systems, browsers, and other software programs.
• Use and regularly update firewalls and anti-virus and anti-spyware programs.
• Be cautious about all communications; think before you click. Use common sense when communicating with users you DO and DO NOT know.
• Do not open email or related attachments from un-trusted sources.

Additional resources

For additional information on the current cyber security trends, please visit:

§ IBM’s Top Security Trends for 2010 – www.internetnews.com/security/article.php/3849636

§ Symantec’s Top Security Trends for 2010 –  www.internetnews.com/security/article.php/3849371

§ SANS Top Cyber Security Risks – www.sans.org/top-cyber-security-risks

§ Bankinfosecurity.com article – www.bankinfosecurity.com/articles.php?art_id=1926

§ PC World – www.pcworld.com/article/182889/new_banking_trojan_horses_gain_polish.html

§ Panda Labs 2009 Annual Malware Report –  www.pandasecurity.com/img/enc/ Annual_Report_Pandalabs_2009.pdf