AVG’s Prediction on Internet Security Threats for 2010

The year gone by has seen a significant rise in the incidence of spam, phishing, botnet activity, and malware. Each year cyber-criminals who have largely succeeded in duping the unsuspecting user, are investing in sophisticated and automated ways to run their operations. It can be safely predicted that in 2010 the threat environment will witness higher volumes of web-threats and be even more transient, agile and organised! Internet security threats that AVG expects to have significant impact on users in 2010 are as follows:

1. More diverse, automatically generated malware: Cyber-criminals can now automatically create hundreds of thousands of unique pieces of malware a day, much of which has no unique signature and can bypass old-fashioned, signature-based virus detection software.

2. The bad guys still want your money, identity and/or resources: In the coming year, cyber-criminals will, with increased sophistication, continue to make money via social engineering and phishing scams, trick users into providing, or steal personal details.

3. Cyber criminals in the cloud: To keep ahead of the computer security industry’s efforts to thwart their activities, the cyber-criminals are now using “in the cloud” technologies in far more sophisticated and effective ways than most legitimate businesses.

4. Highly transient web threats: In 2010, cyber criminals will continue to improve the speed with which they are able to move their campaigns from domain to domain, server to server. In early 2009, AVG researchers reported that 60% of these poisoned web threats were active for less than a day and 75% for less than 30 days.

5. Exploitation of major events, news and gossip: Cyber-criminals exploit latest trends and topics that are gaining popularity on the internet by hijacking search results into clicks on links to their malicious web pages. Expect to see more highly targeted, convincing attacks with custom malware in 2010.

6. “Web two-point-uh-oh”: Cyber-criminals exploit trust. With the rise of Web 2.0, attacks that impersonate social networking sites or spoof contacts from your “friends” list are more likely to be clicked on. It is likely we’ll see a great deal more of similar scams in 2010.

7. Emerging nations go online with poor security: Many users especially from amongst developing countries, who are amongst the growing millions who are getting connected to the Internet, still use pirated software that can’t be kept up to date with security patches. We expect to see a big increase in threats being delivered via emerging countries in 2010.

8. Global economic crisis impacts security: As employment has taken a hard hit due to the economic crisis, it is likely that more people will be lured by the easy money of cyber-crime. Also, individuals desperate in search of earning opportunities are more likely to fall prey to bogus offers or disgruntled employees may breach official data that could fall into the wrong hands.

9. Business still too complacent: Events in 2009 showed that many businesses simply weren’t properly protected. The success of the exploits used to penetrate and establish Conficker into business and enterprise networks early in 2009 was largely because of complacency.

10. More people will buy complete protection: The good news is that reputable security vendors now provide full Internet security suites with multiple layers of protection. The majority of people that pay for security software now buy the full suite, complete protection solution instead of entry-level solutions. This trend continued through 2009, in spite of tougher economic times, and AVG expects it to be maintained in 2010.

It will get worse before it gets better

Sadly, the security threats in 2010 are likely to be nastier, more targeted and more frequent, with malware and cyber-crime being almost exclusively driven by organised crime and motivated by money.