2010 was quite a year! Don’t expect 2011 to slow down.
First, expect Stuxnet sequels. Because it takes a substantial amount of time to develop advanced persistent threats like Stuxnet, we predict similar exploits will be carried out once or twice in 2011.
Second, companies will struggle to stay secure while covering more ground. Today’s threats continue to morph based on where/how companies do business. Blended threats (like Zeus and SpyEye) will continue to evolve and use a variety of delivery methods. Malicious content is no longer binary files delivered in attachments; it is script-based or embedded within rich media. As our previous Insights post referenced, many threats spread rapidly through social media. This is going to continue be a challenge as 13 percent of all Web traffic is going to Facebook and this number continues to increase as more businesses use social media.
While many cybercriminals are nearly 100 percent focused on stealing corporate data to make money – most IT professionals don’t have the bandwidth to personally secure every Web page and email employees use. 52 percent of data-stealing attacks were conducted over the Web and another nine percent happened over email last year.
In 2011, strained IT departments will need to defend more territory and allow more Web access, despite increasingly sophisticated threats. Cybercriminals know that legacy technology simply looks for the signature or reputation of threats that are known, which is why they are so successful at exploitation.
And finally, we anticipate malware exploit kits will add zero-day vulnerabilities faster, increasing their use in drive-by download attacks. As more targeted attacks are researched, more zero-day vulnerabilities will be discovered. Blended threats are ever-evolving and tested by cybercriminals on anti-virus before they are released. Our research also showed the prevalence of the threats currently out there. Users of the top 1,000 sites are only two clicks away from malware at any given time. And, we saw a 111.4% increase in the number of malicious websites from 2009 to 2010.
The reality is security needs to be designed for the way we do business. Data loss prevention and up-to-the-minute threat protection will become increasingly more important as organizations work to keep malicious content out and corporate information in.
To see our Websense Security Labs recap of 2010, please visit http://www.websense.com/content/threat-report-2010-introduction.aspx