2010 predictions: Security

The issue of cyber attacks will move up the national security agenda

The security landscape is a complex, multi-layered one that changes more subtly and indefinitely than the seasons. It is therefore hard to predict security trends with any degree of certainty. That said, by looking back at the security developments of the past year and talking to security experts, we believe we have come up with a list of key trends that any IT leader worth his or her salt would be wise to keep an eye out for in 2010.

Spam, botnets, social networks - the threats continue
As the heavyweight botnets such as Cutwail and Rustock gain access to greater bandwidth with more homes becoming broadband-enabled, spam levels are likely to further increase, according to MessageLabs' senior analyst Paul Wood.

The increasing difficulty in tracking down the command and control channels of botnets will also mean no let-up in the proliferation of malware on the horizon. Meanwhile, the increased availability of specialised criminal toolkits online will make it easier to create, distribute and use spam and malware than ever before, said MessageLabs.

Although social networks will continue their efforts to fight back by launching more built-in tools to scan content and links for malware, there will be no let-up in the attempts by cybercriminals to infect machines and mine personal data via these channels.

Year of DNSSec
Domain Name Systems Security Extensions (DNSSec), the specifications that use public key cryptography to boost the security of the internet's underlying layer, have been around for a while, but widespread deployment has so far proved elusive. However, according to Rodney Joffe, senior technologist at NeuStar and director of the Conficker Working Group, 2010 is likely to see the technology come of age.

"Together with IPv6, it will catapult the DNS to the front of everyone's thoughts," he predicted. The VeriSign .com registry has already announced that it is set for a massive rollout of the security extensions on its .com and .net domains, which it expects will be completed by early 2011. DNS server vendor Nominum, meanwhile, recently launched a new hosted service designed to simplify the rollout of such technology.

Malware writers go after intellectual property
We could also see malware writers increasingly eschewing customer credit card information in favour of other, more valuable, credentials such as intellectual property or financial information, according to Matt Moynahan, president of code scanning firm Veracode.

"All data has a currency attached to it," he said. "How much would you pay for Coke's secret formula, for example? Quite a lot if you're Pepsi."

NeuStar's Joffe added that this kind of industrial espionage has already been seen this year with the theft of 7TB of F-35 jet fighter documents from a Federal subcontractor.