On Thursday McAfee’s Avert Labs announced its Top 10 predictions for security threats in 2007 and the overarching theme is mass-mailing worms are a thing of the past as professionalism takes over the ranks of malware writers.
“They understand that noise is bad for business,” said David Marcus, McAfee’s Security Research and Communications manager. “They understand, ‘If I can make my bot quieter or make my adware quieter it’s going to live longer’.”
|More Security Articles on CIO Update|
Zombies Control Half of Windows PCs
Cyber Extortion Getting Renewed Interest from Criminals
Spam Is Back With a Vengeance
Cyber-Defenses Never Enough
McAfee Avert Labs’ Top 10 security threats for 2007 are as follows with the ones corporations need to pay particular attention to at or near the top:
“I guess the ones that would concern me probably for the enterprise would definitely be the continuing issues of spam—that’s always huge enterprise problem,” said Marcus. “The bot issue is definitely something that corporations and enterprises should definitely be aware, especially considering how much more cleaver bot-writers tend to be than most mal-writers.”
McAfee researchers are seeing evidence of the rise of professional and organized crime in malware creation, whereby development teams are creating malicious software, testing it and automating its production and release.
Sophisticated techniques such as polymorphism, the recurrence of parasitic infectors, rootkits, and automated systems with cycling encryption releasing new builds are becoming more prevalent.
Furthermore, threats are being packed or encrypted to disguise their malicious purpose on a more rapid and complex scale.
In July 2006, McAfee announced that it officially released protection for the 200,000th threat in its database. Since January 1, 2006, McAfee has added approximately 50,000 new threats to its database and is on track to exceed 225,000 new threats by the end of the year.
Given current trends, McAfee expects the 300,000th threat to be identified by the end of 2007, demonstrating its growth potential.
A Little More on Each
Password-stealing Web sites are on the rise. More attacks that attempt to capture a user’s ID and password by displaying a fake sign-in page, and increased targeting of popular online services such as eBay, will become more evident in 2007.
As evidenced by the phishing attacks that followed Hurricane Katrina, McAfee Avert Labs also expects more attacks that take advantage of people’s willingness to help others in need. In contrast, the number of attacks on ISPs are expected to decline while those aimed at the financial sector will remain steady.