On December 27th I asked for predictions for 2006. Here is what we got. Many thanks to all of you that responded. Now let's see how close these guys are.
From Dan:You asked for them...
Below is a list of some of
the topics we may be seeing in the New Year:
Not a lot of these around
yet. Myspace and some other online sites were infected, but with the mass
amounts of exploits for Web scripting languages and un-patched machines this is
bound to happen.
* RSS malcode
Great technology. As more
browsers embed this and include exploits,
the frequent / unattended nature of RSS will be used to infect.
* Trojans outpace worms
We already are starting to
see this. New Trojans and variants of Trojans are coming out daily in volume.
* Voice-over-IP Phishing
Somebody had to come up with
another name :-). Using Voice over the Internet could introduce another means
to deceive unsuspecting users to do something they should not be.
* Toxic Blogs
Yes, blogs are everywhere.
Including here. Fact is that most of them do not check for scrupulous
scripting, scan their file posts, and allow active content in posts.
* Xbot 360
The Xbox connecting over the
Internet for updates and other things leads me to believe that this will simply
be another way for attackers to use your PC and your connection at home for
their own purposes.
* Cross Site scripting
High-profile ecommerce and
financial websites have had (and will have cross site scripting
vulnerabilities). Attackers will leverage these for Phishing , Trojan
Downloader's and for other nefarios reasons more frequently.
I believe that one of the
biggest threats are going to be insecure databases. The proof of concept database worm that was
released about a month or so ago is just the very beginning of what we will see
over the next year+. To me this is a
very real problem as I have audited environments where there was a huge focus
on securing hosts and servers, but zero or minimal focus on securing the
My 2006 predictions/paranoid
- "Zero-Day" exploits that are discovered
and exploited by The Bad Guys, with no one being the wiser until it is
far, far too late; 2. Tightly-targeted malware (currently being used)
that, once it gleans information from financial institutions, allows the
attacker(s) to then completely trash the entire information store -
causing panic/chaos (if only for the targeted company(s); 3. Hackers
taking the Fed's recent announcement that "the Internet is not vulnerable
to widespread attack" as a personal challenge.
Again - thanks to the contributers.