/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsLONDON & SAN FRANCISCO: ScanSafe, a provider of SaaS web security, issued its 2009 predictions for the threat landscape. Not only does ScanSafe expected rate of exposure to web-delivered malware to increase, but also predicted that publicly traded companies would be targeted and Internet advertising revenues would be adversely impacted.
Mary Landesman, senior security researcher, ScanSafe, said: “2008 has proven that we are not taking enough action against online criminal activity, hence the huge surge in online attacks. I believe that 2009 will send a stern message to online criminals and we will see a push for tighter enforcement over domain registrations and hosting.”
“Attackers often instigate these attacks for financial gain and given the current economy I suspect this motivation will only increase. In an ‘always on’ world and with increasingly sophisticated attacking techniques, it is only a matter of time before these criminals maximize attempts to directly access online banking accounts potentially leading to a loss in customer confidence,” adds Landesman.
ScanSafe processes more than 20 billion web requests and 200 million blocks each month for customers in over 80 countries.
Internet advertising revenues will be affected
As a direct result of continued website compromises and increased RoE, it is likely that more and more Web surfers will adopt technologies that block third party content. It is believed that this wider adoption will adversely impact Internet advertising in 2009, currently estimated as a $21.2 billion industry.
Web-enabled credit card scams may decrease, but sophistication of phishing is likely to increase
As a result of global economic financial "belt-tightening," financial institutions are likely to better enforce policies regarding online billing practices. This should translate into a reduction in (or elimination of) rogue billing agencies, thereby leading to fewer instances of credit card fraud facilitated through online transactions.
As credit card billing fraud becomes a less viable revenue stream for online attackers, attempts to directly access online banking accounts may increase. In addition to the obvious loss of revenue this presents for victims of such crimes, any trending up in this area could lead to loss of consumer confidence in the safety and integrity of online banking.
Targeted attacks on publicly traded companies prone to rise
Global economics may lead to heightened competition, particularly among publicly traded companies. Sensitive information related to patentable R&D efforts may be particularly vulnerable.
It is believed that the use of the web to facilitate these attacks will continue to increase, as will the volume of malware (exploits, rootkits, backdoors, password stealers) used to facilitate these types of attacks.
Concerted efforts to regulate website registrations/hosting
Domain registrars and hosting providers have played a pivotal role in the ongoing website compromises. A lack of controls or poor implementation of existing controls provide attackers with the ability to register and host malicious domains with ease. In some cases, hosting providers re-release suspended domains back to the attackers, thus exacerbating the problem by causing previously compromised sites which have not yet been cleaned to once again become active malware distributors.
2009 should witness a push for tighter controls over domain registrations and hosting.
Rate of Exposure (RoE) to Web-delivered malware will continue to increase
The volume of web-delivered malware is increasing at a rate of approximately six percent per month. The actual RoE is increasing at a rate of approximately 16 percent per month.
The RoE is how often a single user is exposed to malware. The higher RoE compared to volume growth is believed to be directly a result of the ongoing compromises of legitimate websites which have occurred en masse throughout 2008.
In 2009, it is likely that the growth volume of web-delivered malware will flatten but the RoE to web-delivered malware will continue to increase, possibly at an even higher rate than observed in 2008.