Trend Micro 2010 Future Threat Report Despite benefits, cloud computing, virtualization expand the playing field for cybercriminals
CUPERTINO, Calif., Dec. 9 /PRNewswire/ -- Using news headlines and the latest
technological trends, cybercriminals are brilliantly agile at exploiting
whatever is trendy for cash and profit. Now, the growing popularity of cloud
computing and virtualization among companies is likely to catch the attention of
criminals scheming for the next hot cyber-swindle.
According to the Trend Micro 2010 Future Threat Report, cloud computing and
virtualization -- while offering significant benefits and cost-savings -- move
servers outside the traditional security perimeter and expand the playing field
for cybercriminals. The industry already witnessed Danger/Sidekick's cloud-based
server failure that caused major data outages in November 2009, highlighting
cloud-computing risks that cybercriminals will likely abuse. Trend Micro
believes cybercriminals will either be manipulating the connection to the cloud,
or attacking the data center and cloud itself.
The Internet infrastructure is changing, opening more opportunities for
The "next-generation" protocol designed by the Internet Engineering Task Force,
Internet Protocol v. 6, is still in the experimentation stages of replacing the
current IPv4, now 20 years old. As users start to explore IPv6, so will
cybercriminals, and we can expect to see proof-of-concept elements in IPv6 start
to materialize in the upcoming new year. Possible avenues for abuse include new
covert channels or C&C. But don't expect active targeting of IPv6 address
space--at least not in the very immediate future.
Domain names are becoming more internationalized and the introduction of
regional top-level domains (Russian, Chinese, and Arabic characters) will create
new opportunities to launch age-old attacks through look-alike domains for
phishing - using Cyrillic characters in place of similar looking Latin
characters. Trend Micro predicts this will lead to reputation problems and abuse
that will challenge security companies.
Social media and social networks will be used by cybercriminals to enter the
users' "circle of trust"
Social engineering will continue to play a big role in the propagation of
threats. But given the increasing saturation of social media with content
intended to be shared via online social interactions, cybercriminals will
definitely try to penetrate and compromise popular communities more than ever in
Social networks are also ripe venues for stealing personally identifiable
information (PII). The quality and quantity of data posted openly by most
trusting users on their profile pages, combined with interaction clues, are more
than enough for cybercriminals to stage identity thefts and targeted social
engineering attacks. The situation will worsen in 2010, with high-profile
personalities suffering from online impersonators or stolen bank accounts.
The extinction of global outbreaks, and the growth of localized, targeted
The threat landscape has shifted and we are no longer seeing global outbreaks
like Slammer or CodeRed. Even the much covered Conficker incident of 2008 and
early 2009 was not a global outbreak by its true definition; rather it was a
carefully orchestrated and architected attack. Moving forward, localized and
targeted attacks are expected to grow in their number and sophistication.
More key forecasts for 2010 and beyond:
-- It's all about money, so cybercrime will not go away.
-- Windows 7 will have an impact since it is less secure than Vista in the
-- Risk mitigation is not as viable an option anymore-even with alternative
Browsers /alternative operating systems.
-- Malware is changing its shape - every few hours.
-- Drive-by infections are the norm - one Web visit is enough to get
-- New attack vectors will arise for virtualized/cloud environments.
-- Bots can't be stopped anymore, and will be around forever.
-- Company/Social networks will continue to be shaken by data breaches.
For the full threat report, please
About Trend Micro:
Trend Micro Incorporated, a global leader in Internet content security, focuses
on securing the exchange of digital information for businesses and consumers. A
pioneer and industry vanguard, Trend Micro is advancing integrated threat
management technology to protect operational continuity, personal information,
and property from malware, spam, data leaks and the newest Web threats. Visit
TrendWatch at www.trendmicro.com/go/trendwatch to learn more about the latest
threats. Trend Micro's flexible solutions, available in multiple form factors,
are supported 24/7 by threat intelligence experts around the globe. Many of
these solutions are powered by the Trend Micro Smart Protection Network, a next
generation cloud-client content security infrastructure designed to protect
customers from Web threats. A transnational company, with headquarters in Tokyo,
Trend Micro's trusted security solutions are sold through its business partners
worldwide. Please visit www.trendmicro.com.