By Gerhard Eschelbeck
It’s been a busy year in Internet security — cybercriminals were crafty and creative while we security vendors worked hard to stay a step ahead. Let’s take a look back at the biggest security trends of 2009, and at predictions for what’s ahead in 2010.
2009 — The Year in Review
Conficker. Targeted at enterprise networks but also crossing over to individuals who could bring it home on a USB stick, Conficker generated a lot of media discussion which drove confusion among consumers and concern among IT admins. Conficker renewed the public’s focus on Internet security, at a time when the threat landscape was growing more complex.
Consolidation. In 2009, we saw Symantec acquire MessageLabs, McAfee acquire MX Logic, Cisco acquire ScanSafe, M86 acquire Finjan, and Barracuda acquire Purewire. Many large vendors have track records of poorly integrating smaller companies after acquiring them for a key piece of technology. At the endof this year, we’re left asking, will true innovation now only be possible among the few independent vendors remaining?
Social Media. Concerned about productivity and infection, enterprises struggled with corporate usage policies of social networks — media that is now ubiquitous, and also integral to communicating with and understanding customers. Meanwhile, consumers adopted social networks en masse, providing cybercriminals with a huge target for harvesting personal data via Koobface and various spam campaigns.
The Cloud. While the definition of “cloud computing” and “in the cloud” held different meanings in 2009, enterprises continued to adopt security as a service for its easier, faster, more efficient and cost-effective distribution of security updates. Vendors extended their SaaS-based technology into their consumer solutions after proven success in the enterprise market — an exciting convergence of technologies.
Malware Trends. We saw a changing Internet user who is highly mobile, presenting a new set of attack vectors for malware authors. We also saw increasingly sophisticated malware — cybercriminals using email to distribute malicious Web links and manipulating SEO by programming malicious links near the top of search results for popular news stories — and an explosion of social engineering tactics employing fake security alerts and rogue AV products with new variants launched seemingly in real-time.
2010 — The Year Ahead
Threat Landscape. The malware attacks of today are different than in recent years. Hybrid malware, combining the use of Web and email to carry out sophisticated attacks, will become even more prevalent in 2010. Narrowly targeted malware, which requires the presence of specific applications or data to engage in malicious activity, will also be on the rise. Finally, the increasing “real-feel” of phishing sites and emails — as evidenced by a recent Verified by Visa scam — are keeping security vendors, IT directors and consumers on their toes.
Social Media. Attacks on social networks will continue to increase in volume and scope, targeting communities such as Facebook and Twitter as well as those we’ll see emerge in the coming year. Social networks present a very good ROI for cybercriminals using them as a platform for perpetrating URL-based attacks. This trend will intensify — through shortened links, user-generated content, videos, and so forth. Friend, Follower, Tweeter, beware.
The Cloud Grows. We predict cloud computing as the computing platform, such as the Amazon data center model, will be the next generation of the Internet. Computing will become like a utility, similar to how we use electricity today. We will pay for what we use; the PC will become the visualization tool we look into for applications in the cloud. More cloud computing platforms will become available as we capitalize on this economical, scalable model.
While this may seem like a daunting list of threats and predictions, the good news is, the security industry has never been stronger: The level of innovation, the raised awareness, the healthy competition among vendors — together make for an optimistic outlook. We at Webroot wil continue to work hard to create effective technologies to make the Internet and the cloud a safe place for consumers and businesses alike.