ScanSafe Predicts Web 2.0 Exploits and Roaming Workers Will Top Security Threats in 2008

December 11, 2007; 05:34 AM

LONDON & SAN MATEO, Calif.--ScanSafe, the pioneer and leading provider of Web Security-as-a-Service, today issued its 2008 security threat predictions. Topping the list—a continued growth in malware hidden on Web 2.0 sites and heightened security risks related to the growing number of remote and roaming workers. The full list of predictions includes:

1. Cyber Criminals Follow the Money: Web 2.0 Will Continue to Fuel High Profile Attacks

2. Remote and Roaming Security Becomes a Mounting Pain Point for Businesses

3. Continued Pressure to End Public Disclosure of “WhoIs” Information

4. Growing Underground Market for Warehousing and Selling of Stolen Database Information

5. Storm Worm Hangover Continues Well Into 2008

“Cybercrime is estimated to be a 100 billion dollar-a-year industry,” said Mary Landesman, senior security researcher. “According to the SANS Institute, the average lifetime of an unprotected PC on the Internet is 30 minutes before over 55 percent of them are infected with some form of spyware. With odds such as this, users and corporations alike must be vigilant. The 2008 threat landscape further highlights the need for improved user education and awareness. At the same time, solutions need to find a balance between security and usability, making it as easy as possible for people to integrate security into their everyday business and consumer communication habits.”

ScanSafe scans more than 7 billion Web requests and blocks more than 70 million Web-based threats each month, representing the largest analysis of Web security threats based on real-world traffic.

1. Web 2.0 Will Continue to Fuel High Profile Attacks

The explosion in popularity of Web 2.0 applications has made Web 2.0 sites an increasingly rich target for cyber criminals. MySpace alone boasts more than 200 million users. Web 2.0 applications will remain a key source of Web-based malware in 2008 and beyond. Examples include:

• Social Networks Present Continued Risks to Corporate Reputation and Data Leakage: Social networks, blogs, wikis and other collaborative sites pose an ongoing risk of employees deliberately or inadvertently discussing proprietary corporate information, office gossip or posting inappropriate information. For example, in 2007, the CEO of Whole Foods posted disparaging comments about a competitor on a financial blog.
• Gaming and Other Virtual Environments Become a Growing Target: The continued popularity of massive multiplayer online games (MMOs) like World of Warcraft, City of Heroes, Ragnarok Online and other MMOs will continue to fuel a black market economy in in-game currency and rare items. This economy will be supported through the use of backdoors, bots and password-stealing Trojans that target the users of these games, compromising their account details and trafficking the stolen goods to less talented players seeking instant status.
• Second Life Sites Emerge as a Hacker Target: Second Life and other avatar-driven virtual worlds will likely emerge as targets for pranksters or malware authors. Second Life residents logged 24 million usage hours in September 2007, according to an October Reuters report on the virtual 3-D world. Residents have already been plagued with bots such as the CopyBot, which fleeces the virtual avatar of items they have purchased or developed in-game.
• Malware Authors Will Continue to Leverage Online Advertising to Seed Attacks: In 2007, ScanSafe identified numerous instances of malware hidden in banner ads, including a Trojan-laced banner ad displayed on high profile Web 2.0 sites such as MySpace and PhotoBucket. The ad required no user interaction to activate infection. The complex network of ad providers and ad affiliates has made it easy for attackers to surreptitiously insert malware in online ads.
• Social Engineering Tactics Evolve With Web 2.0: User communities have sprung up around today’s interactive and highly social websites. These communities bond based on common interests; physical proximity boundaries are removed and this paves the way for trust relationships between virtual strangers. As a result, malware writers are able to bait a captive end user audience that is desensitized to invites or links from "unknown" user names based on their history of accepting links from "Friends of Friends" on sites like Facebook and MySpace.
• Hackers Leverage Implicit Trust of Known and Brand Name Websites: Additionally, the trust relationship the user has with the site itself may cause them to automatically trust content coming from that site. For example, a user would understandably be more likely to allow ActiveX controls or allow javascript from a site which they visited frequently or a site with a well known brand name. If the site has been compromised in some way, either through exploit of a vulnerability or via third-party delivered content, this blanket trust can lead to so-called drive-by infections – even from otherwise perfectly legitimate sites.

2. Remote and Roaming Security a Mounting Pain Point for Businesses

The workforce has expanded well beyond the four walls of the office. According to research from WorldatWork, 45 million Americans work from various locations outside the office including home, hotels, airports, cars and other hotspots. As more employees are required to work remotely, and as many companies offer telecommuting as a job perk, it has become increasingly challenging for IT administrators to enforce policies for appropriate use of corporate resources—including use of the Internet on corporate-issued laptops. While employees enjoy the benefits of being un-tethered from the office, IT departments are left to address the unique security challenges that the roaming worker and an increasingly elastic network perimeter present, and that are beyond the scope of a VPN tunnel.

3. Continued Pressure to End Public “WhoIs” Information

Expect the heated debate over whether or not to continue to make “WhoIs” database information—the information that ties an Internet domain name (www.mywebsite.com) to the owner of the site—public to continue in 2008. Privacy advocates and others are urging ICANN, the international body that overseas domain names, to end the ability for anyone to do a “WhoIs” lookup, arguing it infringes on website owners’ privacy. Current methods provide a means for legitimate users to suppress public display of their private information. The real beneficiaries of the removal of “WhoIs” will be the attackers themselves. As criminal profits continue to soar on the Internet, these same entities will likely actively lobby for and pursue changes that create an Internet environment even more conducive to carrying out online crime.

4. Growing Underground Market for Warehousing and Selling of Stolen Database Information

In 2007, data theft hit new records. Discount retailer T.J. Maxx, parent of T.K. Maxx, reported data theft involving 45.7 million credit and debit cards. In late November, the British Government announced that the complete personal data of 25 million individuals had been inadvertently lost—the largest data loss in the country’s history. Given the frequency of such large scale data vulnerabilities, expect to see a growing underground market for confidential personal information. ScanSafe predicts an increase in the selling and servicing of stolen contact databases, mimicking what is seen in “legitimate” data warehousing.

5. “Storm Worm” Hangover Continues Well Into 2008

The Storm Worm dominated the security landscape in 2007 and its effects will continue to be felt in 2008. However, there have been several misconceptions about Storm. Contrary to popular belief, the Storm family of threats evolved in 2006. In January 2007, one of the variants was spread in an email bearing the subject line “230 dead as storm batters Europe.” This email coincided with a very real and deadly storm in Europe, earning its nickname “Storm worm.” The real take-away from Storm is that it is a well thought out, extremely organized series of attacks that have led to the creation of one of the largest botnets, estimated to be well over 1.5 million infected machines at any given time. Expect this botnet to be leveraged by cyber criminals in 2008 and beyond.

For continued discussion of 2008 security predictions as well as the latest information on Web-based threats, please visit the ScanSafe STAT blog at http://blog.scansafe.com/.

About ScanSafe

ScanSafe is the largest global provider of Web Security-as-a-Service, ensuring a safe and productive Internet environment for businesses. ScanSafe solutions keep viruses and spyware off corporate networks and allow businesses to control and secure the use of the Web and instant messaging. As a fully managed service, ScanSafe's solutions require no hardware, upfront capital costs or maintenance and provide unparalleled real-time threat protection. Powered by its proactive, multilayered Outbreak Intelligence^TM threat detection technology, ScanSafe scans more than 7 billion Web requests and blocks 70 million threats each month for customers in over 50 countries.

With offices in London and San Mateo, California, ScanSafe is privately owned and financed by Benchmark Capital and Scale Venture Partners. The company received a 2007 CODiE award for Best Software as a Service Solution, the SC Magazine Europe Readers Trust Award for Best Content Security Solution and was named one of Red Herring Magazine’s 2007 Top 100 Global tech companies. For more information, visit www.scansafe.com.