2009: The year ahead in security

2009: The year ahead in security

Like most of the technology industry, IT security is unlikely to see a major new trend next year, but rather a continuation of many of the themes and vulnerabilities reported in 2008.

It is clear that spam, despite recent triumphs by law enforcers, will continue to grow and become more malicious. Businesses and home users will also have to be on their guard against increasingly stealthy and sophisticated malware designed to steal their details.

And web vulnerabilities will be the most highly exploited as criminals go for the path of least resistance, so web site owners will need to be on guard as hacks of legitimate sites increase.

The continuing financial crisis is also likely to affect the security landscape in increasingly dangerous ways.

So here are the top threats to watch out for in order of importance:

Exploitation of web vulnerabilities
This is the one that all the security vendors are talking about. This year saw some of the biggest growth in web site hacks yet, with SQL injection attacks particularly prevalent. One new infected web page was discovered every 15 seconds in 2008, according to Sophos, and hackers are likely to continue to exploit this path while the flaws exist and email security becomes tighter.

Email attachments
Email security is getting better, hence the increasing reliance by criminals on the web channel, but hackers are likely to look at new ways of installing malware on PCs via email attachments, according to some vendors. In particular, methods such as booby-trapping Word or PDF files, which users are more likely to open, will be a popular method.

Spam
This old favourite never goes away because users keep clicking on the links in unsolicited emails. This year saw some high-profile wins in the spam sphere, but spammers will increasingly organise their botnets in more distributed ways to make them harder to detect. And next year will see more and more unsolicited emails containing links to malicious sites.

The credit crunch
The current financial crisis is likely to be exploited further by hackers, as they try to gather details by sending fake emails claiming to be from ailing banks. There is also a chance that unemployed software engineers may decide to make a living on the dark side, further straining the resources of the anti-malware firms. This new influx of criminals could also force some to look for new avenues to exploit, so we can expect Macs and mobile phones to be targeted more than at present.

Virtual malware
A new one to watch out for next year. MessageLabs is predicting that a new type of malware could be unleashed which exists as a virtualisation layer running directly on the hardware and undiscoverable by the operating system.