2010 Predictions: Zscaler

The Tech Herald has had an enormous amount of email and blog post links from vendors offering their 2010 predictions. As a result, I’ll be listing them one or two a day until the end of the year, adding my thoughts to the mix. Continuing the series, the observations below come thanks to Michael Sutton, VP of security research at Zscaler.

Sutton starts hard, and says that Apple will get a wakeup call and be forced to climb the security learning curve.

“Apple has for some time been considered to have a safer operating system in OS X as it is less often targeted by attackers. While that may be true, it is less secure overall, and Apple's increasing market share will force them to finally invest in security due to increasing attacks targeted at Apple devices,” he said.

I have to agree with him on many levels, but I still maintain that criminals ultimately target users and the operating system is only an ends to a means. Yes, you target where the money is, and most victims are on Window’s systems, so naturally most of the Malware and targeted attacks are aimed at them. However, people are easy to fool, my fear is that not only is Sutton right, but Apple will be slow to act.

This isn’t a stab really, but some users on OS X fall for the marketing and swear they are immune from attack. They’re not. While it is comical to see the reactions as a Windows-based Rogue anti-Virus application tries and fails to infect a Mac user’s system, this should be a warning sign. Those attacks will always fail. OS X and Windows are two different environments.

However, launch a Phishing attack against a Mac user, or develop an exploit aimed at OS X, and the majority of Apple’s customers are no better protected than Windows users. The irony here is that it has already happened, but you’ll never see an “I’m a Mac” commercial based on this.

The second prediction coming from Sutton looks at all of those wonderful applications for your phone.

“App stores are all the rage, with every mobile vendor racing to replicate Apple's success. Generally, vendors stand guard and only let in the applications that they feel are appropriate. Consumers mistakenly believe that this ensures that only secure applications can be obtained but that is not the case. Security testing is limited at best with app developers already having success slipping in apps with undocumented APIs. Attackers will take things one step further and slip malicious apps in under the gate keeper's watch,” he commented.

Research has proven that the iPhone is vulnerable from a malicious application, so it isn’t a far stretch to see this on Android-based phones or Blackberry applications.

Sutton hits the Web with predictions three, four, and five. Commenting that Web-based Worms such as Samy and StalkDaily, were only the beginning, mostly experiments he said. However, that’s going to change in 2010. In addition, he covered platforms like Facebook, who offer users the ability to develop their own creations.

“Social Networking sites such as Facebook have gone beyond delivering dynamic applications welcoming user supplied content. They have now evolved into platforms inviting user supplied functionality, allowing virtually anyone to develop unique applications within their ecosystem. Attacker will take advantage of this to deploy malicious applications on social networks and the sites will struggle to identify and block them before deployment,” Sutton said.

However, his comments with the cloud are what hit home the most. “The cloud offers unprecedented storage and processing power at an attractive price. Think that's only attractive to enterprises? Think again.”

Again, we’ve seen Amazon used as a C&C, so the idea that criminals will use cloud-services just as fast as the average businessperson isn’t hard to imagine. Sutton also predicted that these cloud-based services, as they charge based on actual consumption, will be used in DDoS attacks, signaling 2010 as the year the financial DDoS will arrive.

The fact most cloud-based providers charge based on consumption, “…provides attackers with incentive to hold enterprises hostage by artificially inflating costs. Unfortunately, cloud providers have little incentive to stop this practice.”

I disagree with the last part of that. I can see criminals launching DDoS attacks on cloud-based services. However, I cannot imagine Amazon holding the business that is under attack responsible and forcing them to pay. Not when the cloud instance can be deactivated. If this happened, the bigger news wouldn’t be the DDoS. The news would likely center on the lawsuits that follow.

“My greatest hope for 2010 is that marketing departments will give the term 'cloud computing' a well deserved break. 2009 saw great interest in the development of cloud computing architectures and one must wonder how often security was sacrificed in order to get to market quickly. Expect attackers to devote time to poking holes in the APIs of cloud providers. When they're found, thanks to multi-tenant architectures, it will have been worth the effort,” Sutton said on his seventh prediction.

He’s right. Desktop and network security got better thanks to all the people who poke holes in the system and design. The same can be argued for cloud services.

If the term cloud computing gets a rest, then the terms next generation, game changing, and best in breed when referring to a security company and not a dog show need to go as well.

Sutton rounded out his final three predictions by noting that Clickjacking will return in force in 2010. He also predicted that the developers behind the most popular browsers will start to take Cross-Site Scripting (XSS) seriously. He complemented Microsoft on their anti-XSS features in Internet Explorer 8.

Finally, Sutton noted that his last prediction “is by far the easiest prediction to make.”

“As memory becomes cheaper and power becomes more expensive, enterprises are looking to consolidate data storage and continue to build massive data centers and develop ever larger data stores thanks to cloud computing. The volume of data that can be stolen when adequate security controls are not implemented will be truly staggering.”

What do you think? Did Sutton hit the mark? Comment and have your say. You can read the blog post here.

[This editorial is the opinion of Steve Ragan and not necessarily those of the staff on The Tech Herald or the Monsters and Critics (M&C) network. Comments can be left below or sent to [email protected]]


Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in the photo is probably causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a university in the UK told the BBC that it was impossible to see what other people see but that it […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.