Threats 2.0: A glimpse into the near future

Collaboration and socializing, flexible and movable content, interoperability – these are all things that made Web 2.0 the answer to our needs. New technologies to sustain this evolution are introduced almost daily, but we should not be so naive to think that attackers won’t be able to find ways to compromise and take advantage of them and us.

Stefan Tanase, senior security researcher of Kaspersky’s Global Research and Analysis Team, ventured a few predictions for the evolution of threats that await us in 2010. He started by summarizing the current situation:

• 2009 saw the Internet become the biggest infection vector – most of the infections are not coming from instant messaging platforms, peer-to-peer networks or email, but directly from the Web (through web applications)
• 1 in 150 websites is currently spreading infection – and these are no longer websites created for the specific purpose of spreading malware, but legitimate websites that got breached through compromised FTP accounts, which were the point of entry for injecting iFrames or JavaScript for delivering exploits.

But what about the future? There are 4 different combinations of threats and web application that we can expect:

• Old applications, old threats = old news
• New applications, old threats = predictable
• Old applications, new threats = more or less predictable
• New threats, new applications = the Unknown (mostly)

New applications, old threats

Cross-site scripting in the Google Wave application is a good example. Spam and phishing scams will follow all new popular applications because the bigger the target pool is, the bigger the chance of succeeding will be. New applications will bring more unwanted content and offer more space for criminals to maneuver in and spread malware, and new, improved Koobface modules to target them.

Old applications, new threats

New features will be exploited. Koobface will evolve – encrypted or obfuscated configuration files and improved communications infrastructure (possibly peer-to-peer architecture).

AV detection rates will start to matter because they will start targeting more experienced users – users who keep their software up-to-date. Because of this they will probably start encrypting the packets to avoid detection and to make the analysis process harder. And, finally, technical exploits will be developed and used in addition to social engineering

New applications, new threats

It is, of course, difficult to predict which new threats will rise from new, yet unknown applications because we can’t possibly know what the features will be or what they will be designed to do.

But, as more and more personal information becomes public on social networks, it will be used to execute targeted attacks. Advertisers are already using this information for targeted ads, so the potential for exploitation seems obvious.

Another new aspect of these attacks will be automation – with the use of geographical IP location, automatic language translators that are becoming better and better, and information about personal interests and tastes that can be found and accessed on the Web. These attacks will be localized, contextualized and personalized.

What can we do about it?

We should use a fully featured Internet Security solution, an up-to-date browser, and always the latest versions of software that has historically proved to be very vulnerable (e.g. Flash Player, Adobe Reader, etc.).

We should also learn not to trust every message from contacts in the social networks we use, and don’t assume that just because a website is high-profile and has a good reputation, it is inherently safe.

In the end – we should learn and teach. Educate ourselves and others about potential threats.