Social sites, cloud computing pose new threats | Bangkok Post: tech

2010 SECURITY REPORT

The increasing popularity of social networking and new technology development in cloud and virtualisation environment as well as new operating systems create loopholes for security threats in 2010.

According to the Trend Micro 2010 Future Threat Report, cloud computing and virtualisation, while offering significant benefits and cost-savings, move servers outside the traditional security perimeter and expand the playing field for cybercriminals.

The industry already witnessed Danger/Sidekick's cloud-based server failure that caused major data outages in November 2009, highlighting cloud-computing risks that cybercriminals will likely abuse. Trend Micro believes cybercriminals will either be manipulating the connection to the cloud, or attacking the data centre and cloud itself.

Moreover, the new OS Google Chrome offers many IT administrators hope for a safer computing experience. However, with Google Chrome, the OS is very small and open source, and the data and applications are stored in the cloud. This means there should be fewer bugs, as there are fewer lines of code. As it is smaller it is also not so powerful, locally installed multipurpose malware perhaps could become a thing of the past.

It is possible that certain attack scenarios could still work, such as manipulating the connection to the cloud. If a cybercriminal were to fiddle around with the OS code just a little bit to change the DNS records, a user might first visit an underground site, which then automatically redirects to his/her Web application page.

This might reveal all the users' data, if the communication channel cannot be locked down. It is possible to rely on a combination of IPv6, encryption and certificates, but this is still a possible attack vector.

Or it may attack the cloud itself. If cloud-based applications and cloud-driven OSs become mainstream, a 99.99 percent availability is absolutely critical. A computer is unable to reach the information and application host is useless. Attackers could potentially use standard botnets to overload the cloud infrastructure of the host. Or an attacker might ask for the payment of a small donation to ensure that the cloud host, being overwhelmed with requests, could deliver the service again. These would certainly provide a lucrative business for cybercriminals.

In fact, these types of attack are already taking place, albeit on a small scale, but if one business driver loses importance or profitability then another business model will replace it.

Social network sites targeted

William Tan, Regional Country Manager, Thailand and Vietnam, Blue Coat Systems, said that in networks like Twitter and Facebook, users build online relationships with people they know and invite into their circle.

Cybercriminals disrupt the trust that is inherent in these relationships through stolen log-ins that prey on the unsuspecting users. The combination of attacks that exploit the trust model and search engine poisoning that relies on users to click on the top search engine results without question will prove to be one of the biggest threats for enterprise security managers in 2010.

Meanwhile Symantec sees that social networking third-party applications will be the target of fraud due to the popularity of social networking sites poised for another year of unprecedented growth, expect to see fraud being leveraged against site users to grow.

In the same vein, expect owners of these sites to create more proactive measures to address these threats. As this occurs, and as these sites more readily provide third-party developer access to their APIs, attackers will likely turn to vulnerabilities in third-party applications for users' social networking accounts, just as attackers leverage browser plug-ins more as Web browsers themselves become more secure.

Tan also points out that search engine poisoning, where cybercriminals exploit search engine algorithms to position hacked sites higher in the results, is an easy way to drive users to malware, particularly of the variety that offers fake anti-virus scanners or fake warez.

Most recently, Blue Coat Labs detected attacks that utilised hacked blog pages to poison search results related to Halloween and this year's popular Christmas toy, zhu zhu pets. In 2010, the ease with which results can be tainted through blogs will encourage more attacks like this.

Mac and mobile malware to increase

The Symantec report mentions that in 2009, the company saw Macs and smart phones targeted more by malware authors, for example the Sexy Space botnet aimed at the Symbian mobile device operating system and the OSX.Iservice Trojan targeting Mac users. As Macs and smart phones continue to increase in popularity in 2010, more attackers will devote time to creating malware to exploit these devices.

Moreover, highly specialised malware was uncovered in 2009 that was aimed at exploiting certain ATMs, indicating a degree of insider knowledge about their operation and how they could be exploited. Expect this trend to continue in 2010, including the possibility of malware targeting electronic voting systems, both those used in political elections and public telephone voting, such as that connected with reality television shows and competitions.

For spammers, they will break the rules. As the economy continues to suffer and more people seek to take advantage of the loose restrictions of the CAN SPAM Act, the company sees more organisations selling unauthorised email address lists and less-than-legitimate marketers spamming those lists.

The report also said Fast Flux Botnets will increase which is a technique used by some botnets, such as the Storm botnet, to hide phishing and malicious websites behind an ever-changing network of compromised hosts acting as proxies.

Using a combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection, it makes it difficult to trace the botnets' original geo-location. As industry counter-measures continue to reduce the effectiveness of traditional botnets, expect to see more using this technique being used to carry out attacks.

While URL shortening-services have become the phisher's best friend because users often have no idea where a shortened URL is actually sending them, phishers are able to disguise links that the average security conscious user might think twice about clicking on.

Symantec is already seeing a trend toward using this tactic to distribute misleading applications and expects much more to come. Also, in an attempt to evade anti-spam filters through obfuscation, expect spammers to leverage URLs shorteners to carry out their own evil deeds.

And finally, Windows 7 will come into the cross-hairs of attackers. Microsoft has already released the first security patches for the new operating system and as Windows 7 hits the street and gains traction in 2010, attackers will undoubtedly find ways to exploit its users.

Attacks move to file sharing networks

Kaspersky Lab sees a shift in the types of attacks from via websites and applications towards attacks originating from file sharing networks. Already in 2009 a series of mass malware epidemics have been supported by malicious files that are spread via torrent portals.

In 2010, it expects to see a significant increase in these types of incidents on P2P networks. Cybercriminals will continue to compete for traffic. The modern cybercriminal world is making more and more of an effort to legalise itself and there are lots of ways to earn money online using the huge amount of traffic that can be generated by botnets.