Vendor Accent

Top 10 Security Threats in 2007

The Top 10 threats security professionals should keep their eye on this year

If there is one thing that we have learned in the Internet age, it is that security professionals and hackers are in a constant battle to protect and exploit vulnerabilities. As security solutions are developed in one area, hackers move on to look for weakness in others.

Targeted phishing

While the majority of phishing attacks target individuals, targeted phishing attacks go one step further by targeting specific organisations creating specially tailored messages that have been very effective in fooling users. While consumers are becoming aware of generalised phishing, organisations’ employees are much less prepared to deal with targeted phishing. We expect to see more phishing targeting specific companies.

Kernel vulnerabilities

The end of 2006 has brought increased effort into finding bugs in operating system kernels. Though traditionally more difficult to exploit, vulnerabilities in an operating system kernel are far more severe than application vulnerabilities in that they can affect a multitude of applications and can be exploited in ways that silently subvert security defences.

Client-side vulnerabilities

Previously used to describe vulnerabilities in client applications such as e-mail applications and Web browsers, client-side vulnerabilities now include vulnerabilities in applications such as media players and word processors. In 2006 we saw a significant increase in the exploitation of vulnerabilities affecting millions of users, vulnerabilities in the parsing of metadata. We expect to see a continued rise in vulnerabilities affecting everything from JavaScript parsing in media players to spreadsheet applications.

Web-based worms

The number of worms propagating using Web-based cross-site scripting attacks in 2006 only scratched the surface of this potentially enormous threat. We expect to see a significant rise in worms that spread by injecting code into Web forms such as blog comments and shared community sites. As the number of blogs and users participating in sites such as Myspace rises, so do the number of potentially affected users.

Spyware

Spyware has seen massive growth in the past couple of years, and this coming year we expect to see no slowdown. This proliferation, fuelled in part by spyware kits such as Haxdoor and Nuclear Grabber, has bred an underground economy network with more participants, experience and skills to profit from stolen data. We also expect to see an increased number of commercial spyware and grayware companies targeted by the US FTC and similar organisations around the world.

Targeted File Attachment Attacks

Attackers used 2006 to up the ante against enterprises by using targeted attacks against specific enterprise networks they wanted to penetrate. They send only a small number of well crafted messages to specific individuals and hope to gain an entry point. This makes AV detection difficult because the malware is a custom tool and not available to most AV houses for detection.

Web-based Botnets

2006 saw the migration of botnets away from IRC, many botnets are moving to a Web-based model. Instead of a persistent IRC connection, these bots will make a periodic poll to a Web server for new commands and updates. This reduces the network footprint of the botnet, making its detection harder in some cases.

Windows File Format Attacks

In 2006 we saw an increase in the number of attacks targeting Windows, specifically Microsoft Office, file formats. Indications show that hundreds of such attacks are lurking in Office, and are being slowly revealed by attackers, who are doing their own research.

Blacklist Defeats

The increased number of effective blacklists for phishing sites, such as the ones in Firefox and IE7, has begun to push the phishing criminal community to using very dynamic URLs in an effort to stay ahead of these anti-phishing blacklists. This explosion in variety is a common attack against a static, signature-based approach.

Counter-surveillance

We expect the trend of the bad guys mapping the good guys to continue in 2007, which will further erode visibility into their activities. This includes mapping sensor networks and honeypots, research communities, as well as poisoning them with false and misleading data. Furthermore, we are seeing increasing funding and vulnerability research by hackers. Whereas before they focused on publicly disclosed flaws and exploits, now they’re using their own research teams to discover new vulnerabilities. If the trends this year are any indication, they have a large backlog of vulnerabilities they are slowly revealing, usually timed to maximise the time between the public discovery of the issue and the vendor’s patch release schedule. This will continue and promises to affect Internet Explorer and Office and most likely other, more specific applications.

It is the job of security professionals to stay one step ahead, and we believe that these ten trends represent some of the most likely areas of activity in the ongoing battle between security professionals, hackers and cyber criminals in the coming year.

Dr. Jose Nazario and Jeff Nathan are members of Arbor’s Security Engineering & Response Team (ASERT).