Fortinet, a global provider of network security appliances that specializes in unified threat management, has released it's forecast of security trends for the coming year. The following is Fortinet's list of its top five predicted security trends for 2011.
Increased Global Collaborative Takedowns
According to Fortinet "This year, we’ve seen examples of countries working together on efforts, such as such as Operation Bot Roast (FBI initiative), Conficker Working Group and the recent Mariposa/Pushdo/Zeus/Bredolab busts, to bring syndicates down, but these takedown operations are only focused on the most visible violators and sometimes only cause a temporary impact. While there were other notable takedowns, these operations only focused on the most visible violators and sometimes only caused a temporary impact. For example, while authorities took down the massive Koobface botnet in November, the servers were reconfigured and back up and running at full capacity a week later."
"In 2011, we predict authorities will consolidate global collaborative efforts and partner with security task forces to shut down cyber criminal operations that are growing in number. The Zeus takedown that occurred in 2010, leading to charges by authorities in both the US and United Kingdom, is a great example, and we believe foreshadows things to come," according to the company.
Infected Machines Stimulate Inflation
Fortinet sees a territorial concern for criminals building their malware empire(s), since control over managed infections can lead to longer up times and greater cash flow. Features advertised as “bot killers” are being implemented into new bots to generically kill other threats that may lurk on the same system.
"As attackers infect machines in 2011, the value of already infected machines will increase. As a result, we’re likely to see a price increase for crime services, such as bot rentals that load malicious software on machines and malware that includes machine maintenance to maximize an infected machine’s uptime. To keep infections discrete, malware operators may turn to quality assurance services that would, say, refuse to load software that may crash a machine or otherwise impact their business. As part of the package, malware operators may also include leasing infection process time. When the lease is up, the malware would clean up after itself, reducing the amount of load/threats on a single machine," according to Fortinet.
32- to 64-Bit Infections
Multicore machines will no longer get a pass from malware. "Security technologies such as address space layout randomization (ASLR), data execution prevention (DEP), virtualization, PatchGuard/kernel driver signing and sandboxing, a technique for creating confined execution environments, are becoming more commonplace, along with the 64-bit machines running them. This evolution has certainly restricted malware stomping grounds, which will drive demand in 2011 to break through these chains," according to Fortinet.
"In 2010, we saw JIT-spraying and return oriented programming (ROP) used to defeat ASLR/DEP with PDF/Flash exploits. In addition, we saw 64-bit rootkits such as Alureon, which bypassed PatchGuard and signing checks by infecting the master boot record to stage the attack ... Expect more 64-bit rootkits to follow in the quest to gain a foothold on newer machines and further, innovative attacks that circumvent defences like ASLR/DEP and sandboxing," Fortinet warns.
Cybercriminals Hang Out the "Help Wanted" Sign
Fortinet foresees growing demand for developers of custom packers and platforms, hosting services for data and drop-zones, CAPTCHA breakers, quality assurance (anti-detection), and distributors (affiliates) to spread malicious code.
"As demand grows for these resources in 2011, criminal operations will effectively expand head count. New affiliate programs will likely create the most head count by hiring people who sign up to distribute malicious code," according to the company.
"Botnet operators have typically grown their botnets themselves, but, we believe more operators will begin delegating this task to affiliates (commissioned middle-men) in 2011. The Alureon and Hiloti botnets are two examples that have already grasped this concept by establishing affiliate programs for their own botnets; paying anyone who can help infect systems on the operator's behalf. By using an army of distributors, botnets will continue to thrive," Fortinet predicts.
Fortinet notes that malware today can appear under multiple names and aliases. "Oftentimes, two pieces of malware we are evaluating are nearly identical in nature except for a small component inside of it that has changed. This type of 'copy and paste' malware is an indication that multiple developers have adopted the same source code," according to Fortinet.
"In 2011, we predict more cyber criminals will enter the game by attempting to make money using recycled source code. This trend will create more threat names/variants as they begin to circulate in the wild, which, in turn, will only create further confusion and dilute the meaning of these names. While public source code will continue to create problems on the security landscape, private source code will increase in value as will jobs for adept developers. We also expect to see new cases of leaked private source that are employed by new up-and-comers, thus continuing the vicious cycle," according to Fortinet.