IBM’s X-Force security research and response team has unveiled its top security trends for enterprise customers to prepare for in 2010 and, much like fashion and music, that which is old will be new again.
X-Force researchers predict there will be a resurgence it what it called “old school” attacks next year with large-scare worm attacks becoming more common and the Trojan continuing to serve as the staple of the cyber threat community.
IBM also predicted that there will be an increase in denial-of-service attacks as so-called “attack services” mature through organized cyber crime rings based in the U.S. and abroad.
Just last week, antivirus software vendor Symantec issued its own list of the Top 13 security trends to look for in the new year.
Not surprisingly, both companies are expecting more sophisticated hacking tactics and an even stronger emphasis on social engineering to spread malware and execute elaborate phishing scams.
Aside from the so-called “old school” attacks, IBM’s X-Force team said companies and individuals should look ahead to several security trends emerging in 2010.
First, pirated software can be expected to drive insecurity in more dramatic and dynamic ways. Because users of pirated software are afraid to download updates, they and their machines will be exposed to even more security risks because their applications are entirely unpatched.
As a result, IBM said, users of pirated software will become the new “Typhoid Marys” of the global computing community.
Second, IBM is looking for social networks to provide authors of social engineering schemes with new avenues for creative compromises.
Expect criminal organizations to increase the frequency and sophistication of their attacks on different social networking sites — particularly against so-called “high-value” individuals who have registered on Facebook or LinkedIn.
IBM said cyber crooks will use these sites in creative new ways in 2010 that will accelerate compromises and identity theft, especially as new commercial applications increase the disclosure of valuable personal information on these sites.
And, since cyber thieves follow the trends, IBM expects to see them take to the cloud in 2010.
“We have already seen the emergence of exploits as a service,” X-Force researchers said. “In 2010 we will see criminals take to cloud computing to increase their efficiency and effectiveness.”
However, the researchers hopefully expect the wireless world to remain relatively secure.
Even as smart phones continue to grow more capable, serious attacks against these devices will remain far and few between in 2010, they said. The reason is simple: PCs remain a much more valuable target, thus criminals will continue to focus on them.
In the areas of utility and grid security, IBM expects the threats to move beyond SCADA
SCADA vulnerabilities have dominated the security discussion to date with utility and grid security. But with the rollout of advanced meter infrastructure (AMI) and wireless mesh infrastructures, IBM predicts these new systems will become the focal point of security research and exploitation.
Finally, IBM cautioned that compliance drives but does not equal security.
Regulatory mandates will continue to drive organizations to comply with security standards to avoid fines. But many enterprise customers — especially those that only focus on the minimum requirements for passing the audit — will find that regulations are just a guideline and they’ll get stung, IBM security researchers warned.