Cybercriminals have a lot in common with the Periplaneta americana, the common household cockroach. They seek out the dark, poking and prodding for ways to get in where they are unwanted. In their case it isn’t food, but the misery of computer users they seek out. And, just like cockroaches, once you think you’ve got them blocked, they find a new way in.
Kaspersky Labs’ Cyberthreat Forecast for 2010 says that IT managers and users are becoming more savvy, making fake programs, gaming Trojans, or web sites less useful for cybercriminals. Instead, it looks like they’ll be focusing their attention on P2P networks, botnets, and mobile platforms.
P2P networks will be used to support malware attacks. According to Kaspersky: “This method has been used to spread notorious threats such as TDSS and Virut as well as the first backdoor for Mac OS X. In 2010, we expect to see a significant increase in these types of incidents on P2P networks.”
Mobile platforms, iPhone and Android, will also be more frequently targeted. Kaspersky suspects that iPhone users, without compromised handsets, will be okay, but that Android users might be in for some pain: “The increasing popularity of mobile phones running the Android OS combined with a lack of effective checks to ensure third-party software applications are secure, will lead to a number of high-profile malware outbreaks.”
As for botnets, Kaspersky sees them as offering profitable possibilities by manipulating Internet traffic: “In the future, we foresee the emergence of more "grey" schemes in the botnet services market. These so-called "partner programs" enable botnet owners to make a profit from activities such as sending spam, performing denial of service (DoS) attacks or distributing malware without committing an explicit crime.”
Lastly, Kaspersky sees Google Wave as a potential target for 2010. It’s new. It’s untested. And therefore it’s vulnerable. Kaspersky says: “Attacks on this new Google service will no doubt follow the usual pattern: first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware.”