It’s the time of year when we begin to lookback and take stock of the events of the last twelve months. Newspapersand magazines will soon be publishing their list of top movies,records, and books. Symantec is publishing a top 10 list, too. Whilenot as fun, in many cases this collection of security trends confirmsthe predicted evolution of cybercrime becoming more professional andcommercial. Two words come to mind when I look at the list: "topical"and "trust." Attackers are exploiting current events and trusted brandsto trick computer users in an effort to make money. And securitycompanies like Symantec continue to block their efforts.
Here, in no particular order, are the top 10 Internet security trends of 2007:
1. Data Breaches – High-profile data breaches underscored the importance of data loss prevention technologies and strategies.
2. Vista Introduction – Microsoft Vista made itsdebut and quickly attackers found holes. Microsoft has already released16 security patches to address impacts on the new operating system.
3. Spam – In 2007, spam reached new and record levels.Image spam declined while PDF spam emerged as a new annoyance.Greeting-card spam was also responsible for delivering Storm wormmalware (also known as Peacomm).
4. Professional Attack Kits – Today’s attackers areincreasingly sophisticated and organized and have begun to adoptmethods that are similar to traditional software. MPack is just one illustration of this phenomenon.
5. Phishing - Phishing continued to be big in 2007with an 18% increase in unique phishing sites during the first half ofthe year. Phishing toolkits contributed to the problem. A recent Olympic phishing scheme illustrates the topical tricks phishers use as bait.
6. Exploitation of Trusted Brands – By exploiting a trusted Web environment, attackers now prefer to lie in wait for victims to come to them.
7. Bots – Bots and botnets continued to silently slip onto unsecured computers and perpetrate a wide variety of malicious activity. Bots knocked Estonia off the online map and the Storm worm employed bot technology as well.
8. Web Plug-in Vulnerabilities – Web plug-in vulnerabilities and exploits continued to plague IT staff during 2007. ActiveX controls comprise the majority of plug-in vulnerabilitiesand pose various security threats that may compromise the availability,confidentiality, and integrity of a vulnerable computer.
9. Vulnerabilities for Sale – Wabi Sabi Labidebuted and offered an auction-style system for selling vulnerabilityinformation to the highest bidder, sparking controversy and discussionbetween competing schools of thought on how to handle vulnerabilityinformation.
10. Virtual Machine Security Implications –Virtualization made big headlines in 2007 with major players goingpublic. Security researchers are actively exploring the securityimplications of virtual technology.
Next week, we’ll take a look forward at the trends to watch in 2008.