Four Threats For '09 That You've Probably Never Heard Of (Or Thought About)
What could keep you up at night in the new year may not be what you expect -- a look at some of the lesser-known threats predicted for 2009
Kelly Jackson Higgins,
December 31, 2008
You're probably gearing up for the well-known security risks you've watched emerge over the past year to go front burner in the new year -- the insider threat, Web 2.0, and targeted attacks. But don't pop that champagne cork just yet: Some obscure potential threats that could be more difficult to prepare for and defend against also are looming for 2009.
These aren't your typical enterprise hack attacks. They're mainly large-scale Internet threats that could trickle down to your organization. We're talking Internet network infrastructure attacks, radical extremist hackers, Web attacks that adversely affect online ad revenue, and even the unthinkable -- human casualties as a result of a cyberattack.
The bad news is that some security experts have these threats on their radar screen in the new year. The good news/bad news is that your organization is more likely to suffer a Website hack than one of these attacks. That doesn't mean you should scratch these threats from your list of threats for the new year, either. But don't panic: Even if you can't personally stop a cyberattack on your ISP, you can at least be aware of the risks and set up a contingency plan. "These aren't something IT administrators or everyday Joes can do [much of] anything about," says Kevin Prince, chief architect for Perimeter eSecurity.
So before you turn out the office lights for the night (and the year), check out these lesser-known potential threats that security experts are watching out for in '09.
Next: An Internet "e-bomb"
An Internet "e-bomb"
The attacks of 2008 indeed were focused on applications as the network perimeter was more secure. But before we knew it, our faith was shaken by disclosure of some major vulnerabilities in the Internet's TCP/IP architecture: the the Domain Name Service (DNS) cache-poisoning flaw and a denial-of-service vulnerability in the Transmission Control Protocol (TCP) itself. Not to mention researchers' constant hacking of Cisco router software.
David Maynor, CTO with Errata Security, says '09 could be the year when the first large-scale and widespread attack occurs on the Internet's infrastructure. "I think with the [hacking] work being done on Cisco and routing gear in general we'll see the first wide-scale 'e-bomb' that will break peering between ISPs and make large portions of the Internet unreachable," Maynor says.
Most likely it will be a denial-of-service attack, he says, that will "break" sections of the Net.
Perimeter eSecurity's Prince says such an attack is indeed possible, but defending against it falls at the feet of the ISPs. He expects botnets to become used for more lethal purposes, such as launching large-scale attacks on the Net's underlying infrastructure. "Botnets today are rarely used for wide-scale attacks," he says. "I have wondered when they will harness that power. Such attacks against the Internet infrastructure could very easily be next year."
Next: Radical extremist hackers
Radical extremist hackers
While many cybercrime organizations operate out of Eastern Europe today, that could soon change: iDefense predicts that 2009 will be the year that Middle Eastern cybercartels expand into online fraud. A recent wave of fatwas issued by radical Islamic religious leaders in that region authorizing these groups to use cyberattacks to defend Islam has opened the door for these groups to wage cyberattacks, according to iDefense.
"Religious hackers now have the authority to do these operations as long as they are protecting Islam," says Rick Howard, intelligence director for iDefense. "Some are specific to cyberfraud to fund the Islamic agenda."
IDefense expects U.S. financial institutions to be prime targets for these extremist hackers. "Now they have the authority of their religious leaders to go for it," Howard says.
Perimeter eSecurity's Prince says the addition of these hacker groups in the Middle East is a continuation of the political hacking we've seen in the recent Russia-Georgia conflict and other international clashes. Islamic extremist are suspected to be behind a series of hacks and defacements of Israeli Websites over the past few days. Attackers defaced more than 300 sites with anti-Israeli and anti-U.S. messages in the wake of Israel's bombing of Gaza.
"My take on defaced Websites is that they are not so much about attacks but more like cyber-tree huggers who want peace and have these hacking skills," Prince says. "When they see the reports on CNN, they want to participate in some way to do what they can to have their position heard and to fight in their small way."
But all-out cyberwarfare is indeed a threat, he adds. "What we've seen to date, though, are political uprisings against anything people don't like," Prince says.
Next: Attacks on online ad revenue
Attacks on online ad revenue
One casualty of the jump in Web attacks and threats could be Internet ads, as enterprises and users increasingly begin to deploy technologies that block third-party content. ScanSafe says that the volume of Web-borne malware is growing at a rate of 6 percent a month, and the rate that a user is exposed to this malware is increasing at a rate of 16 percent per month, a result of the wave of infections of legitimate Websites in the last year.
"That's a legitimate threat," Perimeter eSecurity's Prince says. "We've seen bad guys target Google AdWords. We've seen them inject iFrames for SQL injection attacks or other things inside ads on Websites."
To date, however, users are mainly blocking pop-ups rather than legitimate ads, he says.
But attackers could wreak havoc on online ads and their potential revenue by compromising the ad's source, for instance, he says. "If they can compromise the source of an ad" they could compromise the systems as well, he says.
Whether malware attacks translate into more ad blocking and fewer ads is unclear. Either way, the economy is likely to hit online advertising: "Revenues for ads are going to go down on Net next year, but that's more tied to the economy," Prince says.
Next: Human casualties
Three U.K. hospitals were forced to shut down their networks last month after a malware outbreak infiltrated their systems. St. Bartholomew's, the Royal London Hospital, and the London Chest Hospital went offline after a Mytob worm infection got out of control. Medical staff in some cases had to revert to using pen and paper.
The malware outbreak on the hospital networks was a jolting wake-up call for how serious a malware or other attack could be for health care and other organizations -- and the patients who rely on them. One U.S. hospital was recently hit with a denial-of-service attack that knocked its critical services offline temporarily. "There have been several close calls" including that one, notes Perimeter eSecurity's Prince, who couldn't reveal details about the attack on the hospital. Prince says the hospital was able to deploy some redundant power sources to keep its operations going during the attack on its network.
But Prince says he worries that eventually, human lives could be affected by a cyberattack like that of those hospitals or attacks on national infrastructures such as utilities. "It will happen at some point," he says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.