Skip Links

Smartphone attacks, rogue antivirus, cloud breaches top 2010 security concerns

Security savants predict 2010 trends, threats

By , Network World
December 23, 2009 12:50 PM ET

Network World - The rise of the Conficker worm and Heartland Payment Systems' enormous data breach were two defining security events in 2009. What's in store for 2010?

"It's going to get worse," says Patrik Runald, senior manager of security and research at Websense, who argues there has not yet been a year when things got better in terms of security and the wider Internet. Criminals have been mastering botnets, phishing scams and fake antivirus software sales, and 2010 will bring new waves of attacks that exploit fresh targets. Specifically, smartphones such as the Apple iPhone and those based on Google's Android operating system will be in attackers' line of sight for 2010, Runald says.

New laws complicate security efforts in 2010

While a handful of malware attacks have surfaced of late against "jailbroken" iPhones (ones whose owners have deliberately disabled Apple controls), it's only the beginning.

People are jailbreaking their phones to "get out of what they see as a stranglehold by Apple so they can install what they want," Runald says, but one effect is that "they're opening themselves to greater risk."

As attackers accelerate malware attacks against jailbroken phones, the dilemma, Runald says, is that vendors "cannot develop an antivirus application for the iPhone" because of the way Apple engineered it to preclude low-level access. "There's no way you can intercept file transactions," Runald says. Though security vendors might eye writing antivirus software for iPhones, "no one will do it" because of the nature of the iPhone's underlying design.

Khoi Nguyen, group product manager at Symantec, also says the current iPhone SDK doesn't allow third-party vendors to conduct the background processes for malware prevention that involve deep scans and checks for file protection. "We're hoping Apple will open up its SDK," Nguyen says.

Smartphones based on Google's Android present a different situation. Google has not made itself the gatekeeper of applications, but malware disguised as helpful applications could end up on Google application stores and people could end up downloading malicious code, unaware of the consequences.

Another accelerating security trend is the wave of criminals selling rogue antivirus software. Fake antivirus software is often called "scareware," since frightening the PC owner is often part of the scam. Rogue antivirus, which Symantec counts as a top threat going into 2010, is not only thriving, but criminals selling it are starting to display new tricks.

"They're selling and re-branding copies of software that could have been downloaded for free elsewhere," says Zulfikar Ramzan, technical director at Symantec Security Response, which has tracked several hundred distinct rogue antivirus software products and 43 million attempts to download it in the latter part of 2009. Social networking sites are becoming a way to disseminate it.

An emerging security concern in 2010 is the potential for cyber-criminals to abuse cloud computing, says Tom Cross, X-Force advanced research manager at IBM. It's already starting to happen, he says, though incidents aren't yet getting much publicity.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News