Fortinet gives top 5 security trends for 2011

by CXOtoday Staff    Dec 13, 2010

cyber crimeFortinet, (NASDAQ:FTNT) a network security and a unified threat management (UTM) solutions provider recently announced the ‘Top 5 Security Trends for 2011‘. Highlighting the top security trends, the company has predicted of more cyber criminals entering the game by attempting to make money using recycled existing source code. A price increase for tomorrow’s crime services can increase in 64-bit attacks, increase in job demand for developers, CAPTCHA breakers, QA and distributors will be a security treat also.

Here are the Fortinet’s Top 5 Security Trends for 2011.

1) Increased Global Collaborative Takedowns
This year, several countries have worked together to bring syndicates such as the Conficker Working Group down. While there were other notable takedowns, these operations only focused on the most visible violators and sometimes only caused a temporary impact.

In 2011, the company predicts, authorities will consolidate global collaborative efforts and partner with security task forces to shut down cyber criminal operations that are growing in number. The Zeus takedown that occurred in 2010, leading to charges by authorities in both the US and United Kingdom, is a great example, and we believe foreshadows things to come.

2) Infected Machine Inflation
Today, a territorial concern for criminals building their malware empire(s) can be observed, since control over managed infections can lead to longer up times and greater cash flow. Features advertised as ‘bot killers’ are being implemented into new bots to generically kill other threats that may lurk on the same system. For example, one bot enumerates process memory to look for commands used by resident IRC bots. Once it finds processes that use these commands, it will kill them since they are perceived as a territorial threat.

As attackers infect machines in 2011, the value of already infected machines will increase. As a result, a price increase for crime services is likely, such as bot rentals that load malicious software on machines and malware that includes machine maintenance to maximize an infected machine’s uptime. To keep infections discrete, malware operators may turn to quality assurance services that would, say, refuse to load software that may crash a machine or otherwise impact their business. As part of the package, malware operators may also include leasing infection process time. When the lease is up, the malware would clean up after itself, reducing the amount of load/threats on a single machine.

3) 32- to 64-Bit Infections
Security technologies such as address space layout randomization (ASLR), data execution prevention (DEP), virtualization, PatchGuard/kernel driver signing and sandboxing, a technique for creating confined execution environments, are becoming more commonplace, along with the 64-bit machines running them. This evolution has certainly restricted malware stomping grounds, which will drive demand in 2011 to break through these chains. In 2010, we saw 64-bit rootkits such as Alureon, which bypassed PatchGuard and signing checks by infecting the master boot record to stage the attack. Expect more 64-bit rootkits to follow in the quest to gain a foothold on newer machines and further, innovative attacks that circumvent defences like ASLR/DEP and sandboxing.

4) Cybercriminals Hang Out the ‘Help Wanted’ Sign
As money mules are taken off line in the coming year, there will be a need for immediate replacements. Additional jobs we see growing in demand include developers for custom packers and platforms, hosting services for data and drop-zones, CAPTCHA breakers, quality assurance (anti-detection) and distributors (affiliates) to spread malicious code.

As demand grows for these resources in 2011, criminal operations will effectively expand head count. New affiliate programs will likely create the most head count by hiring people who sign up to distribute malicious code. Botnet operators have typically grown their botnets themselves, but more operators will begin delegating this task to affiliates (commissioned middle-men) in 2011. The Alureon and Hiloti botnets are two examples that have already grasped this concept by establishing affiliate programs for their own botnets; paying anyone who can help infect systems on the operator’s behalf. By using an army of distributors, botnets will continue to thrive.

5) Spreading Source
Malware today can appear under multiple names and aliases. Cross-detection between various security vendors is adding to the confusion as well. This is the result of a growing development community that is fuelled by available source code and libraries that are ‘borrowed’ to create and sell new malware. Oftentimes, two pieces of malware we are evaluating are nearly identical in nature except for a small component inside of it that has changed. This type of ‘copy and paste’ malware is an indication that multiple developers have adopted the same source code.

In 2011, more cyber criminals will enter the game by attempting to make money using recycled existing source code. This trend will create more threat names/variants as they begin to circulate in the wild, which, in turn, will only create further confusion and dilute the meaning of these names. While public source code will continue to create problems on the security landscape, private source code will increase in value as will jobs for adept developers. We also expect to see new cases of leaked private source that are employed by new up-and-comers, thus continuing the vicious cycle.