SlideShare a Scribd company logo

Security Trends to Watch in 2010 - A Mid-Year Status Check

Download as PPTX, PDF
Symantec
Symantec

As 2009 came to a close, we at Symantec looked into our crystal ball and made a few predictions of what we expected to see in 2010. Now that we're half way through the year, we've taken a look back and evaluated ourselves based on how our forecasts have panned out thus far.

Technology
1 of 17
1 Security Trends to Watch in 2010A Mid-Year Status Check
A Mid-Year Status Check As 2009 came to a close, we at Symantec looked into our crystal ball and made a few predictions of what we expected to see in 2010. Now that we’re half way through the year, we’ve taken a look back and evaluated ourselves based on how our forecasts have panned out thus far. 2
Prediction #1 Antivirus is not enough Unfortunately, the bad guys have proven us correct here. Symantec created 2,895,802 new malicious code signatures last year alone. This was a 71 percent increase over 2008 and a number representing more than half of all malicious code signatures ever created by Symantec. Furthermore, Symantec identified more than 240 million distinct new malicious programs, a 100 percent increase over 2008. We are on track to continue this upward trend in 2010. In just the first half of the year, we have created 1.8 million new malicious code signatures and identified more than 124 million distinct new malicious programs. Status: On track 3
Prediction #2 Social engineering as the primary attack vector OK, so we didn’t exactly go out on a limb here. Social engineering is likely the world’s second oldest profession and its exploitation in the digital world was nothing unexpected. However, we have seen its effectiveness improve even further thanks to Web 2.0. With so many computer users enraptured in a love affair with social networking, we have become accustomed to receiving emails announcing so-and-so would like to be our “friend” or is now “following” us. Attackers are taking advantage of this and are devising ever-more creative and convincing tricks to get users to download malware or divulge sensitive information. ,[object Object],4
Prediction #3 Rogue security software vendors escalate their efforts Rogue security software is still one of the biggest issues facing the security industry and consumers alike, but we have not yet seen peddlers of such nefarious applications go as far as making ransom requests to free locked down computers a regular practice. That does not mean, however, that we have not seen the bad guys expand their repertoire. For example, Symantec recently investigated a company, Online PC Doctors, which is cold calling computer users with a live telephone agent in an attempt to persuade them that their computer is “infected.” Status: Mostly on track 5
Prediction #4 Social networking third-party applications will be the target of fraud This is difficult to track directly, but anecdotal feedback and analysis of URLs from Symantec Hosted Services’ Web Security Service both suggest that social networking sites are triggering more blocks in 2010 for malicious content than they did in 2009. On average in 2009, one in 451 Web Security Service blocks related to a social networking site. However, in 2010 this number rose to one in just 301. Status: Mostly on track 6
Prediction #5 Windows 7 will come into the cross-hairs of attackers Thus far, we’ve been pleasantly surprised to have seen only one major attack leveraging a vulnerability in Windows 7, though it should be noted that this vulnerability was also present in all of Microsoft’s supported operating systems. The attack involved a piece of malware known as Stuxnet. It exploited a vulnerability in the way Windows handles shortcut links. Stuxnet was limited in distribution, but it was high-profile because it was the first known piece of malware specifically targeting SCADA systems. ,[object Object],7
Prediction #6 Fast flux botnets increase Thus far this year, we haven’t seen any major new threats using the fast flux technique. We hope it stays that way, but the reality is that the year is only half over. We have, however, seen the resurgence of an old foe which leverages the fast flux technique. The Stormbotnet has recently re-emerged as a top botnet and it continues to use the fast flux technique to hide the website domains behind the hyperlinks it spams out. ,[object Object],8
Prediction #7 URL shortening services become the phisher’s best friend As predicted, spammers’ use of URLs from link shortening services has become increasingly popular. At its peak in July 2009, 9.3 percent of spam included some form of shortened hyperlink provided by one of the many free online shortening services; this is equivalent to more than 10 billion spam emails each day worldwide. In April of 2010, however, this peak figure nearly doubled to 18.0 percent of spam, the current historical peak. ,[object Object],9
Prediction #8 Mac and mobile malware will increase We have seen a few new pieces of malware for Mac OS X, but so far, nothing earth-shattering; though we may never see “earth-shattering,” especially as we enter the post-PC era. iOS devices, such as the iPad, iPhone and iPod Touch, continue to be mostly secure from a client perspective. However, we did see the App Store sell several applications that exhibited malicious behavior, though Apple insists only 400 users were impacted. So, the platform did get attacked, just not in the way most anticipated. ,[object Object],10
Prediction #9 Spammers breaking the rules Though there hasn’t been an explosion yet, we are seeing more “gray” mail this year. One example of such gray mail is unsolicited, but legitimate-looking newsletters. These emails generally carry an opt-out message to comply with the CAN-SPAM Act; however, users most likely never subscribed to corresponding distribution lists in the first place, indicating the senders are getting their mailing lists from less-than-legitimate sources. ,[object Object],11
Prediction #10 As spammers adapt, spam volumes will continue to fluctuate We have indeed continued to see the arms race between spammers and antispammers continue. Such antispam victories as the shutdown of the Mariposa botnet have been countered by spammers with actions like the explosive use of disposable and hijacked URLs. While the percentage of messages identified as spam has stayed in a relatively tight range, spam volume has shown much more movement. ,[object Object],12
Prediction #11 Specialized malware We haven’t seen a widespread outbreak of specialized malware, but we have seen glimpses of activity that lead us to believe we could still see this trend develop. For example, in late 2009 after we published our original predictions, The Gouverneur Times in New York reported that computerized voting machines used by “many voters” in Hamilton County, New York were found to be infected with a computer virus aimed at tainting the voting results. ,[object Object],13
Prediction #12 CAPTCHA technology will improve In late April 2010, The New York Times reported spammers are paying workers in developing countries to physically enter in CAPTCHA codes to manually generate new accounts for spamming. According to the report, the going rate for the work ranges from 80 cents to $1.20 for each 1,000 deciphered CAPTCHAS. So, we were admittedly a bit off in terms of how much individuals would be getting paid to do this work—the situation is worse than we assumed it would be—but in terms of the overall trend, we were unfortunately dead on. ,[object Object],14
Prediction #13 Instant messaging spam As of June 2010, Symantec data indicates that one in 387 IMs contain some form of hyperlink and that one in eight hyperlinks are to a malicious website, i.e. the website harbored some form of malware designed to perform a drive-by attack on a vulnerable Web browser or browser plug-in. ,[object Object],15
Prediction #14 Non-English spam will increase Further analysis shows that some domains experience higher than 50 percent spam rates in their local language, but the average isn’t as clear. Certain domains, such as .com, still attract more English language spam than top-level country code-type domains. Although we expected this number to increase, the opposite has been the case in many non-English speaking countries. ,[object Object],16
17

Recommended

14 cyber threats
14 cyber threats14 cyber threats
14 cyber threatsmahesh43211
 
Symantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer JungleJason S
 
Social Engineering CSO Survival Guide
Social Engineering CSO Survival GuideSocial Engineering CSO Survival Guide
Social Engineering CSO Survival GuideE.S.G. JR. Consulting, Inc.
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSPaul Walsh
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Symantec
 
Top Cyber Threats of 2009
Top Cyber Threats of 2009Top Cyber Threats of 2009
Top Cyber Threats of 2009Symantec
 
Security Presentation
Security PresentationSecurity Presentation
Security Presentationjpeters_securitysnapshot
 

Recommended

14 cyber threats
14 cyber threats14 cyber threats
14 cyber threatsmahesh43211
 
Symantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec
 
Malware from the Consumer Jungle
Malware from the Consumer JungleMalware from the Consumer Jungle
Malware from the Consumer JungleJason S
 
Social Engineering CSO Survival Guide
Social Engineering CSO Survival GuideSocial Engineering CSO Survival Guide
Social Engineering CSO Survival GuideE.S.G. JR. Consulting, Inc.
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSPaul Walsh
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Symantec
 
Top Cyber Threats of 2009
Top Cyber Threats of 2009Top Cyber Threats of 2009
Top Cyber Threats of 2009Symantec
 
Security Presentation
Security PresentationSecurity Presentation
Security Presentationjpeters_securitysnapshot
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
 
Arrott Htcia St Johns 101020
Arrott Htcia St Johns 101020Arrott Htcia St Johns 101020
Arrott Htcia St Johns 101020Anthony Arrott
 
ODMOB Ransomware newsletter final
ODMOB Ransomware newsletter finalODMOB Ransomware newsletter final
ODMOB Ransomware newsletter finalDOTS Talent Solutions
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Securityscstatelibrary
 
Facebook
FacebookFacebook
FacebookPuni Hariaratnam
 
Social Media & Crime
Social Media & CrimeSocial Media & Crime
Social Media & CrimeInstant Checkmate
 
Spam attacks
Spam attacksSpam attacks
Spam attacksRanushka Pasindu
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013n|u - The Open Security Community
 
The Dangers of Lapto
The Dangers of LaptoThe Dangers of Lapto
The Dangers of LaptoInfosec Europe
 
Symantec Intelligence Report November 2014
Symantec Intelligence Report November 2014Symantec Intelligence Report November 2014
Symantec Intelligence Report November 2014Symantec
 
INTSUM
INTSUMINTSUM
INTSUMworldwidebranding
 
E-threat landscape report H1 2012
E-threat landscape report H1 2012E-threat landscape report H1 2012
E-threat landscape report H1 2012BitDefenderRo
 
H1 2011 E-Threat Landscape Report
H1 2011 E-Threat Landscape ReportH1 2011 E-Threat Landscape Report
H1 2011 E-Threat Landscape ReportBitdefender
 
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...IRJET Journal
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android applicationIAEME Publication
 
Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Dan L. Dodson
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat ReportKim Jensen
 
2013 Threat Report
2013 Threat Report2013 Threat Report
2013 Threat ReportEnvision Technology Advisors
 
PhishingBox Presents 'What is Phishing' 2017
PhishingBox Presents 'What is Phishing' 2017PhishingBox Presents 'What is Phishing' 2017
PhishingBox Presents 'What is Phishing' 2017Ryan Hardesty
 
Open Food Facts - Computer Cooking Contest 2012
Open Food Facts - Computer Cooking Contest 2012Open Food Facts - Computer Cooking Contest 2012
Open Food Facts - Computer Cooking Contest 2012Stéphane Gigandet
 
Computer Security Trends
Computer Security TrendsComputer Security Trends
Computer Security TrendsMatthew Horner
 

More Related Content

What's hot

Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
 
Arrott Htcia St Johns 101020
Arrott Htcia St Johns 101020Arrott Htcia St Johns 101020
Arrott Htcia St Johns 101020Anthony Arrott
 
Symantec Intelligence Report November 2014
Symantec Intelligence Report November 2014Symantec Intelligence Report November 2014
Symantec Intelligence Report November 2014Symantec
 
E-threat landscape report H1 2012
E-threat landscape report H1 2012E-threat landscape report H1 2012
E-threat landscape report H1 2012BitDefenderRo
 
H1 2011 E-Threat Landscape Report
H1 2011 E-Threat Landscape ReportH1 2011 E-Threat Landscape Report
H1 2011 E-Threat Landscape ReportBitdefender
 
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...IRJET Journal
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android applicationIAEME Publication
 
Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Dan L. Dodson
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat ReportKim Jensen
 
PhishingBox Presents 'What is Phishing' 2017
PhishingBox Presents 'What is Phishing' 2017PhishingBox Presents 'What is Phishing' 2017
PhishingBox Presents 'What is Phishing' 2017Ryan Hardesty
 

What's hot (20)

Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a ride
 
Arrott Htcia St Johns 101020
Arrott Htcia St Johns 101020Arrott Htcia St Johns 101020
Arrott Htcia St Johns 101020
 
ODMOB Ransomware newsletter final
ODMOB Ransomware newsletter finalODMOB Ransomware newsletter final
ODMOB Ransomware newsletter final
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Security
 
Facebook
FacebookFacebook
Facebook
 
Social Media & Crime
Social Media & CrimeSocial Media & Crime
Social Media & Crime
 
Spam attacks
Spam attacksSpam attacks
Spam attacks
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013
 
The Dangers of Lapto
The Dangers of LaptoThe Dangers of Lapto
The Dangers of Lapto
 
Symantec Intelligence Report November 2014
Symantec Intelligence Report November 2014Symantec Intelligence Report November 2014
Symantec Intelligence Report November 2014
 
INTSUM
INTSUMINTSUM
INTSUM
 
E-threat landscape report H1 2012
E-threat landscape report H1 2012E-threat landscape report H1 2012
E-threat landscape report H1 2012
 
H1 2011 E-Threat Landscape Report
H1 2011 E-Threat Landscape ReportH1 2011 E-Threat Landscape Report
H1 2011 E-Threat Landscape Report
 
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government Sector
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android application
 
Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat Report
 
2013 Threat Report
2013 Threat Report2013 Threat Report
2013 Threat Report
 
PhishingBox Presents 'What is Phishing' 2017
PhishingBox Presents 'What is Phishing' 2017PhishingBox Presents 'What is Phishing' 2017
PhishingBox Presents 'What is Phishing' 2017
 

Viewers also liked

Open Food Facts - Computer Cooking Contest 2012
Open Food Facts - Computer Cooking Contest 2012Open Food Facts - Computer Cooking Contest 2012
Open Food Facts - Computer Cooking Contest 2012Stéphane Gigandet
 
Computer Security Trends
Computer Security TrendsComputer Security Trends
Computer Security TrendsMatthew Horner
 
Gartner TOP 10 Strategic Technology Trends 2017
Gartner TOP 10 Strategic Technology Trends 2017Gartner TOP 10 Strategic Technology Trends 2017
Gartner TOP 10 Strategic Technology Trends 2017Den Reymer
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 

Viewers also liked (6)

Open Food Facts - Computer Cooking Contest 2012
Open Food Facts - Computer Cooking Contest 2012Open Food Facts - Computer Cooking Contest 2012
Open Food Facts - Computer Cooking Contest 2012
 
Computer Security Trends
Computer Security TrendsComputer Security Trends
Computer Security Trends
 
Gartner TOP 10 Strategic Technology Trends 2017
Gartner TOP 10 Strategic Technology Trends 2017Gartner TOP 10 Strategic Technology Trends 2017
Gartner TOP 10 Strategic Technology Trends 2017
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 

Similar to Security Trends to Watch in 2010 - A Mid-Year Status Check

Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Symantec Italia
 
Trendlabs 1h-2016-security-roundup-en
Trendlabs 1h-2016-security-roundup-enTrendlabs 1h-2016-security-roundup-en
Trendlabs 1h-2016-security-roundup-enAndrey Apuhtin
 
Discuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxDiscuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxbkbk37
 
Discuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxDiscuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxwrite12
 
A Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information SecurityA Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information SecurityMichele Thomas
 
2010q1 Threats Report
2010q1 Threats Report2010q1 Threats Report
2010q1 Threats ReportMcafeeCareers
 
Ransomware Review 2017
Ransomware Review 2017Ransomware Review 2017
Ransomware Review 2017Dryden Geary
 
Symantec Intelligence Report August 2013
Symantec Intelligence Report August 2013Symantec Intelligence Report August 2013
Symantec Intelligence Report August 2013Kenn Peterson
 
proofpoint-blindspots-visibility-white-paper
proofpoint-blindspots-visibility-white-paperproofpoint-blindspots-visibility-white-paper
proofpoint-blindspots-visibility-white-paperKen Spencer Brown
 
M86 security predictions 2011
M86 security predictions 2011M86 security predictions 2011
M86 security predictions 2011subramanian K
 
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013- Mark - Fullbright
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014EMC
 
The Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBsThe Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBsProtected Harbor
 
Tackling the maze ransomware attack with security testing
Tackling the maze ransomware attack with security testingTackling the maze ransomware attack with security testing
Tackling the maze ransomware attack with security testingCigniti Technologies Ltd
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar ReportArindam Sarkar
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineSymantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineRapidSSLOnline.com
 

Similar to Security Trends to Watch in 2010 - A Mid-Year Status Check (20)

Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013
 
Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010
 
Trendlabs 1h-2016-security-roundup-en
Trendlabs 1h-2016-security-roundup-enTrendlabs 1h-2016-security-roundup-en
Trendlabs 1h-2016-security-roundup-en
 
Discuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxDiscuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docx
 
Discuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxDiscuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docx
 
Ransomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacksRansomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacks
 
A Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information SecurityA Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information Security
 
2010q1 Threats Report
2010q1 Threats Report2010q1 Threats Report
2010q1 Threats Report
 
Ransomware Review 2017
Ransomware Review 2017Ransomware Review 2017
Ransomware Review 2017
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES
 
B intelligence report-08-2013.en-us
B intelligence report-08-2013.en-usB intelligence report-08-2013.en-us
B intelligence report-08-2013.en-us
 
Symantec Intelligence Report August 2013
Symantec Intelligence Report August 2013Symantec Intelligence Report August 2013
Symantec Intelligence Report August 2013
 
proofpoint-blindspots-visibility-white-paper
proofpoint-blindspots-visibility-white-paperproofpoint-blindspots-visibility-white-paper
proofpoint-blindspots-visibility-white-paper
 
M86 security predictions 2011
M86 security predictions 2011M86 security predictions 2011
M86 security predictions 2011
 
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014
 
The Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBsThe Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBs
 
Tackling the maze ransomware attack with security testing
Tackling the maze ransomware attack with security testingTackling the maze ransomware attack with security testing
Tackling the maze ransomware attack with security testing
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar Report
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineSymantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnline
 

More from Symantec

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec
 

More from Symantec (20)

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of Broadcom
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own IT
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
 

Recently uploaded

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 

Recently uploaded (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

Security Trends to Watch in 2010 - A Mid-Year Status Check

  • 1. 1 Security Trends to Watch in 2010A Mid-Year Status Check
  • 2. A Mid-Year Status Check As 2009 came to a close, we at Symantec looked into our crystal ball and made a few predictions of what we expected to see in 2010. Now that we’re half way through the year, we’ve taken a look back and evaluated ourselves based on how our forecasts have panned out thus far. 2
  • 3. Prediction #1 Antivirus is not enough Unfortunately, the bad guys have proven us correct here. Symantec created 2,895,802 new malicious code signatures last year alone. This was a 71 percent increase over 2008 and a number representing more than half of all malicious code signatures ever created by Symantec. Furthermore, Symantec identified more than 240 million distinct new malicious programs, a 100 percent increase over 2008. We are on track to continue this upward trend in 2010. In just the first half of the year, we have created 1.8 million new malicious code signatures and identified more than 124 million distinct new malicious programs. Status: On track 3
  • 4.
  • 5. Prediction #3 Rogue security software vendors escalate their efforts Rogue security software is still one of the biggest issues facing the security industry and consumers alike, but we have not yet seen peddlers of such nefarious applications go as far as making ransom requests to free locked down computers a regular practice. That does not mean, however, that we have not seen the bad guys expand their repertoire. For example, Symantec recently investigated a company, Online PC Doctors, which is cold calling computer users with a live telephone agent in an attempt to persuade them that their computer is “infected.” Status: Mostly on track 5
  • 6. Prediction #4 Social networking third-party applications will be the target of fraud This is difficult to track directly, but anecdotal feedback and analysis of URLs from Symantec Hosted Services’ Web Security Service both suggest that social networking sites are triggering more blocks in 2010 for malicious content than they did in 2009. On average in 2009, one in 451 Web Security Service blocks related to a social networking site. However, in 2010 this number rose to one in just 301. Status: Mostly on track 6
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. 17

Editor's Notes

  1. Prediction #1 Antivirus is Not Enough – With the rise of polymorphic threats and the explosion of unique malware variants in 2009, the industry is quickly realizing that traditional approaches to antivirus, both file signatures and heuristic/behavioral capabilities, are not enough to protect against today’s threats. We have reached an inflection point where new malicious programs are created at a higher rate than good programs. As such, we have also reached a point where it no longer makes sense to focus solely on analyzing malware. Instead, approaches to security that look to ways to include all software files, such as Reputation-Based Security, will become key in 2010. Status:On track Reasoning: Unfortunately, the bad guys have proven us correct here. Symantec created 2,895,802 new malicious code signatures last year alone. This was a 71 percent increase over 2008 and a number representing more than half of all malicious code signatures ever created by Symantec. Furthermore, Symantec identified more than 240 million distinct new malicious programs, a 100 percent increase over 2008. We are on track to continue this upward trend in 2010. In just the first half of the year, we have created 1.8 million new malicious code signatures and identified more than 124 million distinct new malicious programs. This means it is becoming less likely that traditional security technologies will catch every new threat out there; there are simply too many of them, even with automated systems in place. Technology that does not rely on capturing and analyzing a threat in order to protect against it, like Symantec’s Reputation-Based Security, is indeed becoming imperative. Other methods that are also playing a key role in combating today’s most pervasive threats are heuristic, behavioral and intrusion prevention technologies.
  2. Prediction #2 Social Engineering as the Primary Attack Vector – More and more, attackers are going directly after the end user and attempting to trick them into downloading malware or divulging sensitive information under the auspice that they are doing something perfectly innocent. Social engineering’s popularity is, at least in part, spurred by the fact that what operating system and Web browser rests on a user’s computer is largely irrelevant, as it is the actual user being targeted, not necessarily the vulnerabilities on the machine. Social engineering is already one of the primary attack vectors used today, and Symantec estimates that the number of attempted attacks using social engineering techniques is sure to increase in 2010. Status: On track Reasoning: OK, so we didn’t exactly go out on a limb here. Social engineering is likely the world’s second oldest profession and its exploitation in the digital world was nothing unexpected. However, we have seen its effectiveness improve even further thanks to Web 2.0. With so many computer users enraptured in a love affair with social networking, we have become accustomed to receiving emails announcing so-and-so would like to be our “friend” or is now “following” us. Attackers are taking advantage of this and are devising ever-more creative and convincing tricks to get users to download malware or divulge sensitive information.  Phishing attacks are a prime example of a socially engineered threat. Through the first half of 2010, an average of approximately one in every 476 emails included some form of phishing attack. What makes these attacks even more dangerous is that they are completely operating system agnostic. In a world that is becoming less centralized around the PC, phishing allows cybercriminals to take advantage of computer users regardless of what platform they are operating on. For example, in July 2010 Symantec observed a phishing website that spoofed an Internet Service Provider popular in Australia. Users received an email stating the ISP was unable to verify their account due to a recent change in their contact details. It linked to the spoofed site and requested users visit it in order to confirm crucial customer information, including billing details such as credit card numbers. In a case such as this, Windows, Macintosh and even mobile phone users are all vulnerable to online fraud.  We have also seen social engineering play a large role in some recent, very high-profile attacks. For example, earlier this year the infamous Hydraq attacks against a number of large organizations used, at least in part, socially engineered emails sent to an individual or a small group of individuals within the affected organizations. Once the user was tricked into either clicking a malicious link or opening an attachment, the Hydraq Trojan was installed on their machine.
  3. Prediction #3 Rogue Security Software Vendors Escalate Their Efforts – In 2010, expect to see the propagators of rogue security software scams take their efforts to the next level, even by hijacking users’ computers, rendering them useless and holding them for ransom. A less drastic next step, however, would be software that is not explicitly malicious, but dubious at best. For example, Symantec has already observed some rogue antivirus vendors selling rebranded copies of free third-party antivirus software as their own offerings. In these cases, users are technically getting the antivirus software that they pay for, but in reality the software can be downloaded for free elsewhere. Status: Mostly on track Reasoning: Rogue security software is still one of the biggest issues facing the security industry and consumers alike, but we have not yet seen peddlers of such nefarious applications go as far as making ransom requests to free locked down computers a regular practice. That does not mean, however, that we have not seen the bad guys expand their repertoire. For example, Symantec recently investigated a company, Online PC Doctors, which is cold calling computer users with a live telephone agent in an attempt to persuade them that their computer is “infected.”  Once the agent has convinced a user that their computer is infected, he or she offers to remotely connect to the machine to take a closer look. Naturally, the agent reports finding a severe malware infection—whether there is one or not. No fear, however, as the agent explains that Online PC Doctors can “fix” the problems, for a fee of course. All the user has to do is send an email to Online PC Doctors with all the pertinent payment information, including full credit card details.
  4. Prediction #4 Social Networking Third-Party Applications Will be the Target of Fraud – With the popularity of social networking sites poised for another year of unprecedented growth, expect to see fraud being leveraged against site users to grow. In the same vein, expect owners of these sites to create more proactive measures to address these threats. As this occurs, and as these sites more readily provide third-party developer access to their APIs, attackers will likely turn to vulnerabilities in third-party applications for users’ social networking accounts just as we have seen attackers leverage browser plug-ins more as Web browsers themselves become more secure. Status: Mostly on track Reasoning: This is difficult to track directly, but anecdotal feedback and analysis of URLs from Symantec Hosted Services’ Web Security Service both suggest that social networking sites are triggering more blocks in 2010 for malicious content than they did in 2009. On average in 2009, one in 451 Web Security Service blocks related to a social networking site. However, in 2010 this number rose to one in just 301.  There are also many recent anecdotal reports of rogue applications being created for a variety of purposes, some to spread malware, others for financial fraud or taking advantage of users to send spam. For example, an app was recently discovered to be part of an IQ testing scam which aimed at covertly signing users up for a premium mobile service that costs $10 per month. As further validation that this trend is indeed developing, Facebook recently updated their application authorization system in an effort to reduce the number of these scams and misleading applications being propagated via their network. Now a user is informed when an application seeks permission to access the user’s basic information or to post on their wall.
  5. Prediction #5 Windows 7 Will Come into the Cross-Hairs of Attackers – Microsoft has already released the first security patches for the new operating system.As long as humans are programming computer code, flaws will be introduced, no matter how thorough pre-release testing is, and the more complex the code, the more likely that undiscovered vulnerabilities exist. Microsoft’s new operating system is no exception, and as Windows 7 hits the pavement and gains traction in 2010, attackers will undoubtedly find ways to exploit its users. Status: Still possible Reasoning: Thus far, we’ve been pleasantly surprised to have seen only one major attack leveraging a vulnerability in Windows 7, though it should be noted that this vulnerability was also present in all of Microsoft’s supported operating systems. The attack involved a piece of malware known as Stuxnet. It exploited a vulnerability in the way Windows handles shortcut links. Stuxnet was limited in distribution, but it was high-profile because it was the first known piece of malware specifically targeting SCADA systems.  A big reason why we think we have yet to see a major increase in attacks targeting Windows 7, one of Microsoft’s best selling operating systems ever, is because attackers are always looking for the path of least resistance. With so many bugs in Web browsers and Web-facing third-party applications and plug-ins that are easier nuts to crack, hacking the new operating system has simply not been the preferred method of gaining access to these systems, with rare exception, as already mentioned.
  6. Prediction #6 Fast Flux Botnets Increase – Fast flux is a technique used by some botnets, such as the Storm botnet, to hide phishing and malicious websites behind an ever-changing network of compromised hosts acting as proxies. Using a combination of peer-to-peer networking, distributed command and control, Web-based load balancing and proxy redirection, it makes it difficult to trace the botnets’ original geo-location. As industry counter measures continue to reduce the effectiveness of traditional botnets, expect to see more using this technique to carry out attacks. Status: Still possible Reasoning: Thus far this year, we haven’t seen any major new threats using the fast flux technique. We hope it stays that way, but the reality is that the year is only half over. We have, however, seen the resurgence of an old foe which leverages the fast flux technique. The Storm botnet has recently re-emerged as a top botnet and it continues to use the fast flux technique to hide the website domains behind the hyperlinks it spams out.  We have also seen an increase in threats like Spakrab, a back door Trojan that is typically used to send out spam. This threat uses techniques that result in similar camouflaging effects to fast flux, such as masking command and control server geo-locations by exploiting Dynamic DNS providers. Dynamic DNS is free, easy to set up and allows attackers to use compromised hosts that do not have a static IP address, making their physical location harder to pinpoint. Regardless of if a threat uses fast flux or other similar techniques, if the geographical location of a threat cannot be pinpointed, it becomes much more difficult to stop the attack stream. Thus, it is easy to see why these methods are all the rage among cybercriminals, and why we think they will continue to grow in popularity.
  7. Prediction #7 URL Shortening Services Become the Phisher’s Best Friend – Because users often have no idea where a shortened URL is actually sending them, phishers are able to disguise links that the average security conscious user might think twice about clicking. Symantec is already seeing a trend toward using this tactic to distribute misleading applications and we expect much more to come. Also, in an attempt to evade antispam filters through obfuscation, expect spammers to leverage shortened URLs to carry out their own evil deeds. Status: On track Reasoning: As predicted, spammers’ use of URLs from link shortening services has become increasingly popular. At its peak in July 2009, 9.3 percent of spam included some form of shortened hyperlink provided by one of the many free online shortening services; this is equivalent to more than 10 billion spam emails each day worldwide. In April of 2010, however, this peak figure nearly doubled to 18.0 percent of spam, the current historical peak. Not only are phishers and malware authors using shortened URLs to set traps for unsuspecting computer users, but we have seen shortened URLs used as a means to spark life into some older threats. As already mentioned, in late April and early May 2010, Symantec observed the Storm botnet reappear in the wild. Most of the spam messages sent from the new Storm, which peaked at around 1.4 percent of all spam on May 8, 2010 contained links to online pharmacy sites. The majority of these links were in the form of shortened URLs.
  8. Prediction #8 Mac and Mobile Malware Will Increase – The number of attacks designed to exploit a certain operating system or platform is directly related to that platform’s market share, as malware authors are out to make money and always want the biggest bang for their buck. In 2009, we saw Macs and smartphones targeted more by malware authors, for example the Sexy Space botnet aimed at the Symbian mobile device operating system and the OSX.Iservice Trojan targeting Mac users. As Mac and smartphones continue to increase in popularity in 2010, more attackers will devote time to creating malware to exploit these devices.  Status: Still possible Reasoning: We have seen a few new pieces of malware for Mac OS X, but so far, nothing earth-shattering; though we may never see “earth-shattering,” especially as we enter the post-PC era. iOS devices, such as the iPad, iPhone and iPod Touch, continue to be mostly secure from a client perspective. However, we did see the App Store sell several applications that exhibited malicious behavior, though Apple insists only 400 users were impacted. So, the platform did get attacked, just not in the way most anticipated. On the mobile front, there have been more than 300 iPhone vulnerabilities to date and around a dozen on the Android platform, but beyond that, we have not seen a massive surge in mobile security threats. That said, as more apps flood the market, some of which are created by novice programmers using tools such as Google’s new App Inventor for Android, we think the security integrity of mobile devices could be impacted. In fact, we think the rapidly expanding app market for popular mobile platforms will be the key driver behind mobile security threats in the future. We hope not, but the second half of the year might still see this trend come into its own.for Android, we think the security integrity of mobile devices could be impacted. We hope not, but the second half of the year might still see this trend come to fruition.
  9. Prediction #9 Spammers Breaking the Rules – As the economy continues to suffer and more people seek to take advantage of the loose restrictions of the CAN-SPAM Act, we’ll see more organizations selling unauthorized email address lists and more less-than-legitimate marketers spamming those lists. Status: Mostly on track Reasoning: Though there hasn’t been an explosion yet, we are seeing more “gray” mail this year. One example of such gray mail is unsolicited, but legitimate-looking newsletters. These emails generally carry an opt-out message to comply with the CAN-SPAM Act; however, users most likely never subscribed to corresponding distribution lists in the first place, indicating the senders are getting their mailing lists from less-than-legitimate sources. Common examples of such unsolicited gray mail are offers for complimentary subscriptions to online newsletters. Symantec recently analyzed one such sample which indeed did include an opt-out message, thus complying with the CAN-SPAM Act, but the promptness of the sending organization honoring opt-out requests was another story.
  10. Prediction #10 As Spammers Adapt, Spam Volumes Will Continue to Fluctuate – Since 2007, spam has increased on average by 15 percent. While this significant growth in spam email may not be sustainable in the long term, it is clear that spammers are not yet willing to give up as long an economic motive is present. Spam volumes will continue to fluctuate in 2010 as spammers continue to adapt to the sophistication of security software, the intervention of responsible ISPs and government agencies across the globe. Status: On track Reasoning: We have indeed continued to see the arms race between spammers and antispammers continue. Such antispam victories as the shutdown of the Mariposa botnet have been countered by spammers with actions like the explosive use of disposable and hijacked URLs. While the percentage of messages identified as spam has stayed in a relatively tight range, spam volume has shown much more movement.
  11.  Prediction #11 Specialized Malware – Highly specialized malware was uncovered in 2009 that was aimed at exploiting certain ATMs, indicating a degree of insider knowledge about their operation and how they could be exploited. Expect this trend to continue in 2010, including the possibility of malware targeting electronic voting systems, both those used in political elections and public telephone voting such as the systems connected with reality television shows and competitions. Status: Still possible Reasoning: We haven’t seen a widespread outbreak of specialized malware, but we have seen glimpses of activity that lead us to believe we could still see this trend develop. For example, in late 2009 after we published our originals predictions, The Gouverneur Times in New York reported that computerized voting machines used by “many voters” in Hamilton County, New York were found to be infected with a computer virus aimed at tainting the voting results. In addition, the previously mentioned Stuxnet threat, discovered in July 2010, was specifically designed to steal SCADA related documents, including industrial automation layout design and control files. As a side note in relation to our original prediction, in April 2010 Rodney Reed Caverly was charged with computer fraud for allegedly creating malware that infected bank computers and ATMs. The use of inside knowledge of the computer systems and cash machines enabled him to carry out the crime and steal an estimated $200,000 or more before being caught.
  12. Prediction #12 CAPTCHA Technology Will Improve – As this happens and spammers have a more difficult time breaking CAPTCHA codes through automated processes, spammers in emerging economies will devise a means to use real people to manually generate new accounts for spamming, thereby attempting to bypass the improved technology. Symantec estimates that the individuals employed to manually create these accounts will be paid less than 10 percent of the cost to the spammers, with the account-farmers charging $30-40 per 1,000 accounts. Status: On track Reasoning: In late April 2010, The New York Times reported spammers are paying workers in developing countries to physically enter in CAPTCHA codes to manually generate new accounts for spamming. According to the report, the going rate for the work ranges from 80 cents to $1.20 for each 1,000 deciphered CAPTCHAS. So, we were admittedly a bit off in terms of how much individuals would be getting paid to do this work—the situation is worse than we assumed it would be—but in terms of the overall trend, we were unfortunately dead on.
  13. Prediction #13 Instant Messaging Spam – As cybercriminals exploit new ways to bypass CAPTCHA technologies, instant messenger (IM) attacks will grow in popularity. IM threats will largely be comprised of unsolicited spam messages containing malicious links, especially attacks aimed at compromising legitimate IM accounts. By the end of 2010, Symantec predicts that one in 300 IM messages will contain a URL. Also, in 2010, Symantec predicts that overall, one in 12 hyperlinks will be linked to a domain known to be used for hosting malware. Thus, one in 12 hyperlinks appearing in IM messages will contain a domain that has been considered suspicious or malicious. In mid 2009, that level was one in 78 hyperlinks. Status: On track Reasoning: As of June 2010, Symantec data indicates that one in 387 IMs contain some form of hyperlink and that one in eight hyperlinks are to a malicious website, i.e. the website harbored some form of malware designed to perform a drive-by attack on a vulnerable Web browser or browser plug-in.
  14. Prediction #14 Non-English Spam Will Increase – As broadband connection penetration continues to grow across the globe, particularly in developing economies, spam in non-English speaking countries will increase. In some parts of Europe, Symantec estimates the levels of localized spam will exceed 50 percent of all spam. Status: More likely next year Reasoning: Further analysis shows that some domains experience higher than 50 percent spam rates in their local language, but the average isn’t as clear. Certain domains, such as .com, still attract more English language spam than top-level country code-type domains. Although we expected this number to increase, the opposite has been the case in many non-English speaking countries. For example, Brazil has consistently had the highest percentage of spam in the local language, but rather than seeing this percentage increase from the high value we were seeing at the end of 2009—roughly 41 percent—the percentage of spam in Portuguese has fallen to about 29 percent.