Predictions: Examining the threat landscape in 2011

As 2010 draws to a close, several security experts have offered their thoughts on what the threat landscape will look like in the next twelve months. We’ve selected some of the more interesting picks and included them below with our own predictions.

The Tech Herald:

- BlackHat SEO attacks will still offer the easiest way to exploit browser vulnerabilities and spread Rogue security or performance software. Expect to see a strong reaction from Microsoft and Google to kill hijacked search terms. A compromised search term that once took hours to scrub fully will take only minutes.

- Criminals will stick to the basics when it comes to Malware development. The number of variants within established Malware families will nearly double if not triple as the year moves on.

- Malware families such as Virut and Zeus will remain, but variants will have a lifespan of less than a day thanks to automatic development and deployment tools available to criminals. This will create a massive game of cat and mouse between criminals and security researchers and AV companies.


Paul Henry had some interesting observations. Most of his list centered on the expected threats, but two stood out:

VoIP will be used as a covert channel in data breaches

The blind adoption of VoIP, with little if any regard to security, makes it the perfect candidate for use as a covert channel to move data out of an otherwise protected network. It is the age old debate of security vs. performance. Inspecting each RTP packet at the application layer will impact performance and could render VoIP literally unusable in many environments. Hence it will continue because many will simply discount the risk as only being “theoretical” to avoid having to deal with the issue.

Medicare fraud via ID theft will see explosive growth

Changes brought about by health care reform will allow fraudsters to take advantage of the uncertainty and social engineer their way into garnering the information necessary to facilitate Medicare fraud. Be on the look out for mail from Medicare regarding surgical and/or hospital billing for a procedure you never had.


Anup Gosh listed ten blunt and honest predictions for 2011. Two of them are classic security concerns. There is little doubt that it will be a while before they are fully addressed. A third deals with issues that currently exist in the Enterprise segment.

Reactive approaches to security will continue to fail

Complaints about the ineffectiveness of anti-virus solutions will continue…yet organizations will continue to renew their subscriptions and anti-virus companies will continue to report how the problem is getting worse without mentioning how ineffective they are against addressing the threat.

Blame the User

The “blame the user” mentality will continue to grip the Security industry as users continue to be infected by trust-exploiting malware that leverage social networks. Many will call for enhanced user training; many will draw the conclusion that the endpoint cannot be protected. These parties will find themselves the victims of continuous intrusions. A new breed of security companies will emerge as the answer to the malware scourge.

Congress will rear its head

Major Cyber legislation will be passed by Congress that increases security costs substantially for regulated industries (e.g., public companies, govt contractors, critical infrastructure providers, ISPs, etc) without a commensurate reduction in security breaches.


Protegrity’s Chief Technology Officer, Ulf Mattsson singled out targeted attacks and issues within the cloud for his 2011 predictions.

“Let’s face it,” Mattsson stated, “hackers are going to find their way into networks as long as there is information that holds value behind the firewall.”

“While it remains a necessity to protect the endpoint and educate people on data protection best practices to discourage hackers, more needs to be done from within the network to protect sensitive data.”

On the topic of cloud related issues, he cited research from DEFCON where attendees predicted more attacks on cloud-based infrastructure.

“According to Gartner forecasts, worldwide revenue from cloud services will increase 17% this year to $68.3 billion only to increase to $150 billion in 2014. Unfortunately, cybercriminals have already taken notice and begun targeting the vulnerabilities of the cloud.”

As a side note, he also predicts that organizations that are required to follow PCI will “truly recognize and act upon the intention and spirit of PCI, which boils down to preventing breaches.”

“With this better understanding, we will see a better effort on the part of merchants and payments providers to be PCI compliant, and more organizations and legislators will use the standards set by PCI as the foundation for their overall data security programs.”


For their 2011 predictions, Fortinet offers a light at the end of the tunnel.


In 2011, we predict authorities will consolidate global collaborative efforts and partner with security task forces to shut down cyber criminal operations that are growing in number. The Zeus takedown that occurred in 2010, leading to charges by authorities in both the US and United Kingdom, is a great example, and we believe foreshadows things to come.

Cybercriminals Hang Out the “Help Wanted” Sign:

As money mules are taken off line in the coming year, there will be a need for immediate replacements. Additional jobs we see growing in demand include developers for custom packers and platforms, hosting services for data and drop-zones, CAPTCHA breakers, quality assurance (anti-detection) and distributors (affiliates) to spread malicious code. As demand grows for these resources in 2011, criminal operations will effectively expand head count.

New affiliate programs will likely create the most head count by hiring people who sign up to distribute malicious code. Botnet operators have typically grown their botnets themselves, but, we believe more operators will begin delegating this task to affiliates (commissioned middle-men) in 2011.

The Alureon and Hiloti botnets are two examples that have already grasped this concept by establishing affiliate programs for their own botnets; paying anyone who can help infect systems on the operator's behalf. By using an army of distributors, botnets will continue to thrive.

Cybercrime goes green:

In 2011, we predict more cyber criminals will enter the game by attempting to make money using recycled existing source code. This trend will create more threat names/variants as they begin to circulate in the wild, which, in turn, will only create further confusion and dilute the meaning of these names.

While public source code will continue to create problems on the security landscape, private source code will increase in value as will jobs for adept developers. We also expect to see new cases of leaked private source that are employed by new up-and-comers, thus continuing the vicious cycle.


Patrik Runald, the Senior Security Research Manager for Websense offered the following:

- Search poisoning will hit Facebook, where hackers will manipulate Facebook search algorithms to trick users into visiting fake brand and celebrity pages riddled with malware.

- Mobile drive-by download attacks will actually “succeed” – stealing confidential data and exposing users to malicious content. The iPad, iPhone and Android-based devices provide a gold mine of corporate data for cyber criminals.

- State-sponsored malware attacks will continue – targeting critical infrastructure around the globe. One to two new attacks will likely occur.


McAfee offers several interesting predictions this year, including a great one about privacy leaks form your TV of all places. In addition, they also single out social media.

Exploiting Social Media: URL-shortening services

Social media sites such as Twitter and Facebook have created the movement toward an “instant” form of communication, a shift that will completely alter the threat landscape in 2011. Of the social media sites that will be most riddled with cybercriminal activity, McAfee Labs expects those with URL-shortening services will be at the forefront. The use of abbreviated URLs on sites like Twitter makes it easy for cybercriminals to mask and direct users to malicious websites. With more than 3,000 shortened URLs per minute being generated, McAfee Labs expects to see a growing number used for spam, scamming and other malicious purposes.

Exploiting Social Media: Geolocation services

Locative services such as foursquare, Gowalla and Facebook Places can easily search, track and plot the whereabouts of friends and strangers. In just a few clicks, cybercriminals can see in real time who is tweeting, where they are located, what they are saying, what their interests are, and what operating systems and applications they are using. This wealth of personal information on individuals enables cybercriminals to craft a targeted attack. McAfee Labs predicts that cybercriminals will increasingly use these tactics across the most popular social networking sites in 2011.

Mobile: Usage is rising in the workplace, and so will attacks

Threats on mobile devices have so far been few and far between, as “jailbreaking” on the iPhone and the arrival of Zeus were the primary mobile threats in 2010. With the widespread adoption of mobile devices in business environments, combined with historically fragile cellular infrastructure and slow strides toward encryption, McAfee Labs predicts that 2011 will bring a rapid escalation of attacks and threats to mobile devices, putting user and corporate data at very high risk.

Apple: No longer flying under the radar

Historically, the Mac OS platform has remained relatively unscathed by malicious attackers, but McAfee Labs warns that Mac-targeted malware will continue to increase in sophistication in 2011. The popularity of iPads and iPhones in business environments, combined with the lack of user understanding of proper security for these devices, will increase the risk for data and identity exposure, and will make Apple botnets and Trojans a common occurrence.

Applications: Privacy leaks - from your TV

New Internet TV platforms were some of the most highly-anticipated devices in 2010.  Due to the growing popularity among users and “rush to market” thinking by developers, McAfee Labs expects an increasing number of suspicious and malicious apps for the most widely deployed media platforms, such as Google TV. These apps will target or expose privacy and identity data, and will allow cybercriminals to manipulate a variety of physical devices through compromised or controlled apps, eventually raising the effectiveness of botnets.


Adam Powers, the CTO of Lancope, sent over some insight of his own on what to expect in 2011.

IT Consumerization and the Internal Threat

The arrival of consumer devices in the corporate network environment is changing the way we think about security the corporate backbone. Perimeter-based defenses such as firewalls and inline intrusion prevention (IPS) aren't enough anymore. Corporations must think about how they will deal with smartphones, MiFi devices, and other consumer-oriented mobile devices.

"HTTP is the new TCP"

Web 2.0 technologies are changing the way application developers bring their products to the market. Almost all new applications are making use of sophisticated HTTP-based communication channels all of which run of TCP port 80 or 443. The movement of most apps to HTTP has created a significant issue for traditional technologies (such as firewalls) that rely on port numbers to apply policy.

Smartphones and Other Advanced Mobile Devices

In addition to the existing operating systems running on desktops and laptops, IT staff must now also deal with the increasingly sophisticated operating systems found in smartphones (Windows Phone 7, Android OS, iOS, BlackBerry OS, etc)

To Cloud or Not to Cloud

Virtualization and the notion of moving critical business processes into a cloud-based platform remains one of the bigger issues facing the modern CIO/CISO.

Like this article? Please share on Facebook and give The Tech Herald a Like too!