- Apple threats: the number of people using Macs is growing very fast. It is starting to become something attractive for botnet herders, specially because almost all Mac users don't have anti-malware software installed nor have the habit of worrying about it, so it's easy to mantain the bots installed. If it was in the past I would think about a big worm coming, but cybercrime is reality now and those guys know when an opportunity like this arises.
- Blended/Hybrid Threats: We are seeing this already, like this malware that exploits SQL Injection and an IE vulnerability. I believe we will see a lot of threats using multiple attack vectors, maybe even from different platforms and technologies. Vulnerabilities than can be used to redirect traffic from multiple users (like Dan Kaminsky's DNS bug) will be used to force people to access infected content, that will trigger other infection mechanisms. Worms will be able to disseminate to a higher number of hosts without generating suspect spikes on charts, as the malware code will randomly choose between several infection methods to spread itself. Expect some huge botnets being found as a result.
- At least one "cloud computing" security incident: Ok, not that hard to say that, but I'll try to be a little more specific in the details :-), there will be a discussion about what was compromised (infrastructure? application? vendor? client?) and people will start discussing how to conduct forensics on those new conditions.
- Virtualization nightmare: A vulnerability will be found in a virtualization platform or in a virtualization-aware product, enabling attacks from one guest OS to another (or even reaching a Guest OS and triggering the exploit on another). It would be extremely fun to watch those "the cat is on the roof" discussions. A new wave of miraculous products will be released to solve the issue from that specific kind of attack. Your VM infrastructure will look like a Christmas Tree and the operation cost of a virtualized environment will not be what was expected anymore.
Tuesday, December 16, 2008
Everybody is doing that, so I'll try some too. But I won't try any bold move here, like Paul Asadoorian did :-)I'll mention four main things: