Thursday, December 23, 2010

Fast Forward: Dasient's Security Predictions for 2011

As we wrap up 2010 and reflect on some of the major security headlines of the year - Aurora, Zeus, WikiLeaks, Stuxnet - it's hard to look at 2011 without wondering how much worse it will get before it gets better. The reality is that cybercriminals are innovative, creative, and fast. We need to do better as a community to counter the threat they pose to our organizations and to the Internet as a whole. Following are Dasient's Top 5 Security Predictions for 2011:

1) There will be a large botnet cyber war that Zeus will end up winning. Zeus will hold its ground against other botnets that try and attack it. Botnets have been around for over a decade, but have evolved significantly since Tribe Flood Network (TFN), Trin00 and similar tools that were used to attack Amazon, Yahoo, and E*Trade in 2000. While only thousands of clients were used to cripple large web sites 10 years ago, the size of botnets have expanded to hundreds of thousands or millions of clients, have become multi-application (e.g., are used to send email spam, and do keystroke logging in addition to DDoS), and the growth of botnets has utilized more and more automated technology. Compromised machines that make up botnets have become a commodity, and while there are still lots of vulnerable, uncompromised machines that are available for the taking, attackers will eventually start to “butt-heads.” While there has been some early indications that attackers have patched machines that they have infected to prevent other attackers from stealing their infected machines, 2011 will likely be the year that large botnets will start more aggressively competing to sustain their growth, and users will get caught in the middle. Zeus has proven its ability to grow to sizes more significant than other botnets, and is also one of the more profitable botnets that targets financial institutions. We expect to see a botnet cyberwar in 2011, and predict that Zeus will come out on top.

2) Human mules will be replaced by malware that do the equivalent job of transferring balances between bank accounts using keystroke-logged credentials. Today, once user credentials such as bank account usernames and passwords are logged on compromised client machines, those credentials are shipped off to botmaster servers, aggregated, and provided to human mules. The human mules most often don’t know they are mules, but think they are doing “work-at-home” types of jobs in which part of their job responsibility is to make monetary transfers between bank accounts. In 2010, we saw some significant arrests of hundreds of such human mules. Just as system architects work to eliminate points of failure when building resilient systems, the cybercriminals will do the same for their operations. If human mules can be arrested and can get in the way of transferring money from the stolen accounts to the cybercriminal’s accounts, they’ll replace the humans with additional malware for that purpose. Writing software to automatically make transfers betweeen bank accounts does require good coding, management of session data, and other such technical details, but can be done rather simply with today's attack and automation tools. As such, like many areas of businesses today, humans will be taken “out-of-the-loop” to scale cybercriminal operations.

3) We’ll see the first significant HTML 5 abuses. The HTML5 standard has been in development for some time, and every major browser now includes some support for it. Some of the features include local browser storage in which web sites will be able to store more than just cookies on your machine, and support for inline videos without requiring third-party plug-ins such as Flash. With any new functionality comes increased attack surface, and the same will be true for HTML5. We expect to see things like malware authors stuffing malicious code into the local browser storage provided by HTML 5 and then executed via a browser vulnerability. In addition, as HTML 5 has native video tags, we expect to see zero-size video tags used to inject web-based malware, just as we see zero-size IFRAMES used today to do the same. As HTML5 implementations will be at their newest, cybercriminals will leverage bugs in the early implementations tospread malware.

4) Advanced IM threats will increase and be directed at the use of webcams and audio. Attackers have been using malware to do keystroke logging for years, but as the number of standard input devices on machines increase, so will the attackers' interest in them. Most PCs have built-in microphones, and while there has been some malware that automatically turns on and captures audio and video from these devices, we expect that webcam-logging and audio-logging will become just as popular as keystroke-logging. Malware authors will use the additional logging to build more “ransom-ware” in which they record sensitive conversations and pictures, and will then demand a ransom from individuals and companies by threatening to release the sensitive media onto the Internet or disclose to interested parties if the ransom is not paid.

5) As the use of social media web sites continues to grow, drive-by-downloads and rogue anti-virus will be used more aggressively on platforms such as Facebook and Twitter. This is evidenced by threats such as the Koobface botnet that continually targets Facebook, as well as the September XSS attack that targeted Twitter and
redirected users to porn and malware sites.

76 comments:

  1. I come across while searching on this subject. I will check back in the future and see if you have more articles. Thanks for posting this, I understand the information and the attempt you put into your site. Really inspiring in succession and while all the analysis I have feel that this blog is really informative all those quality that qualify a blog to be an excellent.

    "MBA Assignments Help"

    ReplyDelete
  2. Prediction is powerful thing. Thanks for sharing.

    look at this site

    ReplyDelete
  3. Talk about some excellent news, dudes breitling replica. Not only does it seem like Bill Ted 3 is actually happening, but stars Keanu Reeves and louis vuitton outlet Alex Winter are attached to reprise their roles hermes outlet and according to a new Vulture report, Dean Parisot is attached to direct.

    ReplyDelete
  4. In case you are fake cartier that is sick and tired of not necessarily to be able to determine just how authentic any obtain a Europe look-alike Rolex Daytona will be coming from an online site, properly maintain your hands surpassed, while omega replica planning to experience the particular sophisticated look-alike Rolex Daytona range between a really authentic look-alike web site. Properly that is just isn't almost any revenue speak to attract an individual directly into, nevertheless the style rolex replica submariner inside the grade of the particular Europe look-alike Rolex Daytona observe on this web site can be a common which is why this provider provides appreciated plenty of credit rating planet above. The particular fake rolex uk identical that web site markets offers some very hot marketing designs particularly, 18k rare metal circumstance gents, SS circumstance gents, 18kSS gents, Buckskin groups gents. A complete array regarding guys, looking at the particular sporting activities designs can be acquired the following. The particular rare metal omega replica inside these kinds of designs are usually next to be able to practically nothing inside top quality and also every one of the rare metal product timepieces are usually double twisted on this 18k rare metal. It's got laserlight etching Rolex emblem around the sapphire gem scuff immune goblet. Lo! Just what different can seem just like any printed replica rolex daytona? The right fat and also sense enhance that experience, certainly not creating the particular Europe look-alike omega replica seem lower than the first brand name. These kinds of Omega Look-alike Timepieces have large watches replica uk, outstanding capabilities and also stylish layout. As a result, numerous requests result from the present day industry in which excellent or perhaps negative top quality Omega timepieces are around for assortment.

    ReplyDelete
  5. I must say,It is a great reminder that there is always room for improvement. Thanks for the great examples and inspiration.
    nursing essay writing service

    ReplyDelete
  6. I am very happy to read this. Appreciate your sharing
    friv2 2
    friv games
    friv2

    ReplyDelete
  7. This is a significant issue to consider before taking out credits that oblige you to set up your auto or truck as assurance. Right when heightened reliably, the interest rate and expenses can fuse rapidly. Truly, a few development specialists really charge triple-digits in yearly hobby. auto title loans near me chicago

    ReplyDelete
  8. Thanks for sharing this valuable information to our vision.
    ----
    play game juegoskizi online free and play game juegos kizi online and play game jogos do friv

    ReplyDelete
  9. Posts shared useful information and meaningful life, I'm glad to be reading this article and hope to soon learn the next article. thank you
    minecraft games
    g9g games
    a10 games
    yepi games
    hopy games
    kizi hot
    friv fun
    huz 10
    4223 games

    ReplyDelete
  10. Get Galaxy S7 Wallet cases before the release of Galaxy S7. Visit my site now.

    ReplyDelete
  11. Very nice.
    I just wanted to say thank you for sharing a great information and useful. it really necessary and timely for me at this time. I've read a lot of blogs and visit but they made me feel boring. Your article made me feel strange and fascinating it attracted me. I wanted to share this information with my friends on the social network facebook.
    G9G , Magic Games , Dora Games , Kizi new , Huz Games , Kizi hot , Friv 4 School , 85 Play , 4223 Games , 85 Games

    ReplyDelete
  12. Well said. The reality is that cyber criminals are innovative, creative, and very fast. I have seen an article in case study report writing service how to enjoy the time on the internet safely.

    ReplyDelete
  13. dịch vụ thành lập doanh nghiệp công ty giá rẻ tại Hưng yên, vĩnh phúc, phú thọ, hải dương, quảng ninh, thái bình, Bắc Giang, Thái Nguyên, Nam Định, Thanh Hóa, Hà Nam, Ninh Bình, Hã Tĩnh, Nghệ An
    dịch vụ thành lập doanh nghiệp công ty giá rẻ tại Bình dương, biên hòa, huế, đà nẵng
    dịch vụ thành lập doanh nghiệp công ty giá rẻ tại Huyện Nhà bè, cần giờ, Hóc môn, củ chi, bình chánh
    dịch vụ thành lập doanh nghiệp công ty giá rẻ tại Huyện Hoài đức, sơn tây, thường tín, ứng hòa, phú xuyên, mỹ đức, thanh oai, đan phượng, quốc oai, phúc thọ, sóc sơn
    dịch vụ thành lập doanh nghiệp công ty giá rẻ tại Quận 1, 2,3,4,5,6,7,8,9,10,11,12 TPHCM
    dịch vụ thành lập doanh nghiệp công ty giá rẻ tại Huyện Đông anh, gia lâm, mê linh
    dịch vụ thành lập doanh nghiệp công ty giá rẻ tại Quận Thủ đức, bình thạnh, tân phú, Gò vấp, phú nhuận, bình tân, tân bình
    dịch vụ thành lập doanh nghiệp công ty giá rẻ tại Hải Phòng
    dịch vụ thành lập doanh nghiệp công ty giá rẻ tại Bắc Ninh
    dịch vụ thành lập doanh nghiệp công ty giá rẻ tại Quận Cầu Giấy
    dịch vụ thành lập doanh nghiệp công ty giá rẻ tại Quận Long Biên
    dịch vụ thành lập doanh nghiệp công ty giá rẻ tại Quận Hà Đông
    dịch vụ thành lập doanh nghiệp công ty giá rẻ tại Quận Thanh Xuân
    dịch vụ thành lập doanh nghiệp công ty trọn gói giá rẻ

    ReplyDelete
  14. Ways For You To Earn Money With Your Blog By Attracting Targeted Customers MBA dissertation help My Spooky Brain Training Exercise for How to Increase Blog Traffic

    ReplyDelete
  15. Dasient must have been a very unique person to foresee what is likely to happen in the future. I love your blog, its very fascinating and interesting. Keep the good work going and keep us informed.
    Cheap copy editors for hire

    ReplyDelete
  16. Great article. I really appreciate the hard work you put in it. Also know about Galaxy Note 7.

    ReplyDelete
  17. The Jews Togel Online Singapore welcome Togel Online Hongkong this revolution in the Christian world, Bandar Togel Singapore and the Bandar Togel Jews Togel Online Terpercayashould show anexample. It is not an accident that Judaism gave birth to Marxism, and it is not an accident that the Jews readily took up Marxism: all this was in perfect accord with the progress of
    TheAgen Bandarq
    Communists Agen domino99
    are againstDomino Online
    religion (Christianity),Bandarq
    and Bandarq
    theyBandarq
    seek to Bandar domino destroy religion; yet, when we look deeper into the nature of Communism, we see that it is essential nothing else than a religion (Judaism)." (A Program for the Jews and Humanity, Harry Waton, p. 138).
    I shallAgen Bandarq use such influence asAgen Domino99 I have inDomino Online emphasizing the basic truths common Agen Poker to all denominations,Bandar Domino99 in Nonton Film Bioskop lowering denominational barriers and in promoting effective cooperation among Christians of whatever creed.The goal of Agen Bandarq
    Russia is in the Agen domino
    first instance aDomino Online
    World-Revolution. agen Bandarq
    The nucleus Bandar domino99 of opposition to such plans is to be found in the capitalist powers, England and France in the first instance, with America close behind them.
    In his novel Agen Bola Resmi Coningsby Bandar bola (London, 1844),Agen Bola Terpercaya Disraeli Agen Bola Terbesar drewAgen Bola online a picture Judi bola form Berita Bola the life Berita Bola of the JewsAgen Ibcbet ruling the world frombehind the thrones as graphic as anything in the Protocols of Nilus. Many believe, and it has been proved to most, Coningsby was a plagiarism of a Byzantine novel of the XVIIth century.

    ReplyDelete
  18. افضل شركه تنظيف شقق بالدمام شركه شركة اركان المملكه دائما الافضل والاميز فى مجال تنظيف الشقق قد يعجز بعض الاناس عن القبام بعمليه النظافه بالشقق لاسباب مختلفه لذلك يلجئ الى المساعده من بعض الشركات فى مجال النظافه فها نحن فى انتظاركم من اجل جوده عاليه ونظافه احسن فالاتصال بشركتنا هو عملك الامثل لانه يصل بك المبتغى المطلوب من الخدمه الفائقه فنحن دائماوابدا نمتلك اكبر واحسن هيئه معاونه من الخبراء والمتخصصين فى مجال تنظيف الشقق فنحن افضل تلك الشركات المتخصصه فى المملكه العربيه السعوديه لاننا نعتمد على فريق عمل جيد ومدرب على اعلى مستوى من الخبره والكفاءة والرقى هذا بالاضافه الى خدمه تسليك المجارى بمدينه الدمام تسليك مجارى بالدمام كما لديه الاخلاص والامانه فى العمل فنحن نعتمد على افضل الطرق والاساليب الحديثه والمتميزه للنظافه والرقى ونستخدم ادوات ومعدات على مستوى عالى من الخبره والثقه والتى تفى بالغرض على اكمل وجه واحسن اداء فنحن دائما فى المقدمه لاننا نعمل من اجل راحه العميل فى كل المجالات والاتجاهات نقوم بتنظيف الستائر والمفروشات بالاجهزه الخاصه بهم كما نعمل على تنظيف الشبابيك والابواب وغسلها جيدا والمحافظه على كل اركان الشقه بقدره عاليه من الثقه ومحافظين على شكلها ثم اعاده تركيبها جيدا ثم نقوم بتنظيف كافه انواع الاثاث الموجود داخل الشقه شركة تنظيف بابها واعطاءه انطباع رائع من النظافه والجمال عالى مستخدمين منظفات قويه ومطهرات ومعقمات خاصه للحصول على افضل النتائج الممكنه فشركتنا شركه تنظيف شقق بالدمام دائما وابدا الافضل فى هذا المجال ونعمل على ازاله الاتربه والبقع والاوساخ الموجوده بالسجاد والموكيتات فنعتمد فى اعمالنا التنظيفيه على اقوى المنظفات العالميه هذا بالاضافه الى العمل الجاد من اجل كشف التسربات بكل المدن وخاصه مدينه الدمام
    شركة كشف تسربات المياه بالدمام هذا وتعد شركة اركان المملكه الاولى ايضا فى مجال مكافحه الحشرات والقضاء التام والنهائى على كافه الاوبئه بمدينه الابها
    هكذا شركة اركان المملكه تعطى كل ما هو جديد وفعال مع الشركة القابضه من شركات اركان المملكه شركة مكافحة حشرات بابها ا1ا لا داعى للقلق دائما وانت معا فى كل وفت وكل مكان

    ReplyDelete
  19. this is one of the cult game now, a lot of people enjoy playing them . Also you can refer to the game :
    age of war | earn to die 5 | Tank trouble | happy wheels | earn to die 6
    The game controls are shown just under . Movement mechanisms primarily include acceleration and tilting controls.
    tank trouble unblocked | wings io | strike force heroes

    ReplyDelete
  20. bandar judi One is just a form called number, love is a form of feeling, no one love, just true love. game qiu qiu

    ReplyDelete
  21. Want to know about Veterans Day which is celebrated in the US with a lot of galore. Have a look at my site Happy Veterans Day
    to get all the information you need and stay updated

    ReplyDelete
  22. The computers are provide connected computers communicating with other similar machines with botnet number in which components are action performed. IM threats directed use of webcams and audio.
    Cheap dissertation writing services uk

    ReplyDelete
  23. The blog or and best that is extremely useful to keep I can share the ideas
    of the future as this is really what I was looking for, I am very comfortable and pleased to come here. Thank you very much.
    gold miner|stick war 3| pokemongo
    | stick man|animal jam login

    ReplyDelete