The cyber threat landscape has matured over the past 10 years, due in part to the proliferation of new technologies and an increasing reliance on the Internet for personal, business and governmental needs. Wielding their keyboards, cyber criminals exploit new and existing technologies for financial gain, to exact revenge or to carry out political coups. In their wake, they leave behind the tattered remains of unsuspecting individuals' life savings or companies' intellectual property, or the potential for disruption of national infrastructures.
Narus, Inc., a leader in real-time traffic intelligence for protecting governments, service providers and enterprises against cyber threats and the risks of doing business in cyber space, recently compiled a top 10 list of the latest cyber threat trends that will likely pop up over the next few years. Many on the list originated in the last decade, and have been fine-tuned to create more chaos in the years ahead.
Click through for Narus, Inc.'s top 10 cyber security threats for 2011 and beyond.
As USB drives become cheaper and information is distributed on them at trade shows and other venues, the possibility of Trojans and other malware increases.
Expect to see more sophisticated targeted peer-to-peer-based botnets (along the lines of "Storm") that will be completely distributed with no standard command-and-control traffic.
Whether disrupting services or crashing services by flooding servers, DDoS attacks spurred by political activism or for disruption and destruction of critical infrastructures will continue to rise.
Social network users can expect more threats to travel virally, infecting everyone on a user's friends list. Future viruses will likely be designed to steal or delete users' personal information, which can be sold in numerous black markets and used to acquire credit card and bank information.
Related to No. 4 on the list, click jacking and cross-site scripting are used to trick users into revealing confidential information, or taking control of a user's computer while they click on seemingly innocuous Web pages. Expect to see an increase of this malicious behavior over the next few years.
These phishing attacks originated over the past several years and will continue, especially with the increased use of smart phones for mobile e-mail. The most common attacks come in the form of e-mails from recognizable companies, banks or organizations that tempt the reader to open a link.
The dramatic rise in phishing and identity theft attacks includes a well-organized offline component — the not-so-innocent "money mules" recruited by fraudsters to launder stolen money across the globe. These are active attempts to enlist people to transfer illegal funds from credit card thieves. The number of money mule sites is increasing exponentially each year.
The incredible cost savings and flexibility cloud computing affords also opens up a superhighway for cybercrime. As cloud use increases, so, too, will the number of opportunities for data infection or theft.
No. 9 on the list is a bit tricky, as technology alone will not solve it. Unfortunately, untrustworthy people will always find a way to anonymously leak private (government, enterprise, etc.) information; hence, this trend will grow. Criminal elements or nations will try to entice employees to exfiltrate data and compromise company and government assets.
Wireless communication has been a hallmark of the past decade, and there's no indication that it will slow. While computer networks remain the traditional targets for cyber attacks, increasingly powerful computers and smartphones with wireless connections are likely to result in unprecedented opportunities for cyber criminals as well. Mobile computing devices contain the same vulnerabilities as laptops and desktops, but they are also susceptible to DDoS attacks specifically designed for wireless devices. New custom financial applications like digital wallets and pocket ATMs are also particularly attractive to hackers. Moreover, wireless networks themselves put entire companies at risk, especially as the mobile workforce does not have the benefit of the secured corporate LAN.
