Over the years I’ve found the Symantec group has had a pretty solid “future vision” and their prior years’ predictions have been eerily accurate. This year --- well, we’ll see. I’m particularly interested in # 2 and # 3.
Enjoy.
gll
1. Global Spam: In 2011, the use of English spam will drop from approximately 95% of all spam to below 90%. Portuguese and Spanish will top the list as some of the most popular languages used in spam, European countries will increase spam output to account for 40-45% of all spam, and local markets such as China and Germany will see a significant increase in language-targeted spam.
2. Distributed Workforce Drives Security Policies: In 2011, businesses will become more aware of the issues associated with managing remote workers and recognize the need to apply consistent policy controls and safeguard Internet access from malware such as that from unsecured USB storage devices, and drive-by attacks on compromised websites.
3. Security and Services Continue Migrate to the Cloud: In 2011 businesses will increasingly begin to reap the benefits of adopting a hybrid infrastructure that is premise-based, private cloud based and public cloud based and will seek to deliver a seamless user experience regardless of device or access location.
4. Making Web Security Work in an Era of Pervasive Threats: In 2011, we expect IT managers will be forced by business necessity to implement more granular and refined web security policies. The number of custom policy rules will increase from approximately 30 to more than 50 per organization to achieve a more granular response to web filtering. Also, default policies will become more nuanced, industry specific and business role specific to ease the burden on IT managers.
5. Stuxnet Strikes Up Malware Specialization: One of the most threatening advances in malware during 2010 broadened the range of targets beyond PCs and servers when the Stuxnet Trojan attacked programmable logic controllers. This specialized malware written to exploit physical infrastructures will continue in 2011 driven by the huge sums of money available to criminal enterprises at low risk of prosecution, with attacks ranging from smartphones to less obvious targets such as power grid controls or electronic voting systems
6. Trending Topics Fashioned to Follow the News: In 2011, the criminals will proactively identify websites likely to see higher than normal levels of traffic based on current events or hot topics on the internet. They will use multiple methods, including monitoring of micro-blogging site topics and search engine hot topic feeds, to track these trending topics.
7. Automation Advances Targeted Attacks: In 2011 criminal enterprises will increasingly automate the research behind their targeted attacks to create a heavier volume of more powerful and convincing attacks that appear particularly relevant, interesting and/or newsworthy to the intended victims.
8. Targeted Attacks Diversify: In 2011, we expect the range of organizations being targeted in targeted attacks to become more diverse. This means that attackers will also seek indirect entry into specific industries by exploiting contractors and suppliers, rather than targeting only the executives in each industry sector directly.
9. Botnets Evolve with Steganography: In 2011, we expect that botnet controllers will resort to employing steganography techniques to control their computers. This means hiding their commands in plain view – perhaps within images or music files distributed through file sharing or social networking websites. This approach will allow criminals to surreptitiously issue instructions to their botnets without relying on an ISP to host their infrastructure and minimizing the chances of discovery.
10. Rogue Marketplace Vendors Exploit Online Digital Currencies: As social networking sites and online marketplaces continue to roll-out their own in-house digital currencies, cyber criminals will exploit these currencies for financial fraud, with the potential for these vulnerabilities to result in a mainstream malware attack or phishing scam in 2011.