Today's attackers are increasingly sophisticated and organized, and have begun to adopt methods that are similar to traditional software development and business practices.
Here is the list of the top ten trends Symantec has compiled as well as security areas to watch in 2008.
- Phishing toolkits are available to help novice attackers quickly get set up. Phishers do everything they can to make their "bait" more convincing - use of current events, typo-free, professional looking.
- Professional attack kits, like
MPack, appear to be professionally written and developed, and available for sale online.
- Attackers continue to use bots to silently slip onto unsecured computers and perpetrate a wide variety of malicious activity.
Top 10 Internet Security Trends of 2007
1. Data Breaches: High-profile data breaches underscored the importance of data loss prevention technologies and strategies.
2. Vista Introduction: Microsoft Vista made its debut and quickly attackers found holes. Microsoft released 16 security patches in 2007 impacting the new operating system.
3. Spam: In 2007, spam reached new, record levels. Image spam declined while PDF spam emerged as a new annoyance. Greeting-card spam was also responsible for delivering Storm Worm malware (also known as Peacomm).
4. Professional Attack Kits: MPack made a big splash during the year and phishing toolkits were also popular. 42 percent of phishing Web sites observed in the first half of the year were associated with 3 phishing toolkits.
5. Phishing: Phishing continued to be big in 2007 with an 18 percent increase in unique phishing sites during the first half of the year. Phishing tookits contributed to the problem.
6. Exploitation of Trusted Brands: By exploiting a trusted Web environment, attackers now prefer to wait for victims to come to them.
7. Bots: Bots and botnets continued to silently slip onto unsecured computers and perpetrate a wide variety of malicious activity. Bots knocked Estonia off the online map and the Storm Worm employed bot technology as well.
8. Web Plug-in Vulnerabilities: Web plug-in vulnerabilities and exploits continued to plague IT staffs during 2007. ActiveX controls, which comprised the majority of plug-in vulnerabilities, pose various security threats that may compromise the availability, confidentiality, and integrity of a vulnerable computer.
9. Vulnerabilities for Sale: WabiSabi Labi debuted and offered an auction-style system for selling vulnerability information to the highest bidder, sparking controversy and discussion about responsible versus full disclosure.
10. Virtual Machine Security Implications: Virtualization made big headlines in 2007 with major players going public. But the industry hasnít fully explored the security implications of virtual technology.
Trends to Watch in 2008
Election Campaigns: As political candidates increasingly turn to the Internet, it is important to understand the associated IT security risks. These risks include, among others, the diversion of online campaign donations; dissemination of misinformation; fraud; phishing; and the invasion of privacy.
Bot Evolution: We expect bots to diversify and evolve in their behavior. We may see things like phishing sites hosted by bot zombies, for example.
Mobile Platforms: Interest in mobile security has never been higher. As phones become more complex, more interesting and more connected, we expect attackers to take advantage.
Spam Evolution: Symantec expects to see spam continue to evolve in order to evade traditional blocking systems and trick users into reading messages.
Virtual Worlds: Symantec expects that as the use of persistent virtual worlds (PVWs) and massively multiplayer online games (MMOGs) expands, new threats will emerge as criminals, phishers, spammers, and others turn their attention to these new communities.
Symantec is focused on helping customers protect their infrastructures, their information, and their interactions. Headquartered in Cupertino, Calif., Symantec has operations in 40 countries.