In recent post on this blog, I mentioned MsAfee security predictions for 2007. IBM X-Force also announced its prediction of top security trends for 2007. Among the host of threats on the security horizon for 2007, X-Force foresees broader and more targeted identity theft attacks on consumers as well as an increase in critical and high-risk vulnerabilities in enterprise and government agency networks. The increase in targeted hacking incidents and ID thefts will be coupled with a decrease in widespread Internet-spanning events such as worms and viruses.
Additionally, although 2006 saw a year-over-year percentage reduction of critical and high-risk vulnerabilities, that trend is expected to reverse itself in 2007 with the release of Microsoft Vista, which X-Force predicts will lead to more critical vulnerabilities.
The X-Force research team also expects and is preparing for the following:
• “Spear phishing” (targeted attacks on online consumers) will evolve beyond simply targeting online banking users, aiming at several other sources including pension sites, investment portfolios and healthcare benefit sites. The next generation of these types of ID theft malware will continue to get smarter and build user profiles for hacked accounts in an attempt to automatically log in to multiple sites with the same stolen credentials.
• Enterprises will start to see that multi-factor authentication is cumbersome and ineffective against threats that are present before and during secure transactions to online banking, and will take an active role in securing employee Web transactions.
• With the growth of behavioural engines, desktop antivirus engines will no longer be categorised as standalone devices, but rather as part of a larger complementary security system.
• The frequency of exploits through Web browsers will increase, driven by commercial malware distributors such as SpyWare.