Top Ten Threats for 2007

Top Ten Threats for 2007

Summary:    I had some time last week to think ahead a bit. I was on a twelve hour round trip flight to Maui just to get frequent flier points with Northwest.

TOPICS: Security



I had some time last week to think ahead a bit. I was on a twelve hour round trip flight to Maui just to get frequent flier points with Northwest.  I know it sounds like a horrible waste but you do crazy things when you are facing a year of commuting from Detroit to California in coach class. One miserable evening will help me avoid a year of shooting pains in my knees..


So, thinking ahead to next year I created my predictions for the Top Ten Threats of 2007.


1. 100% growth in revenue for cyber crime.  There are lots of estimates for just how big the cyber crime economy is. I peg it at over $1 bllion and under $10 billion.  Whatever it is today I predict that the quest for financial gain will spur cyber criminals to a banner year, at least doubling their overall take.


Most of my predictions are in support of this first one.


First up are the possible uses of massive denial of service attacks. DDoS is the brute force of network based attacks. Defending against them are expensive and sometimes not even possible.


2. DDoS in support of phishing attacks. A combined effort between the phishers and the DDoSers: an attack against a banking or ecommerce site along with a barrage of emails that claim the site is “down for maintenance, please log in here to access your account”, or some such social engineering attempt.


3. Successful DDoS attack against a financial services firm. While I believe this is already going on, these types of organizations are not to quick to admit when they have had to pay extortion fees. 2007 will be the year of the first high profile attack against a large US or UK bank or trading desk.


4. Attacks against DNS are the threat of the year. DNS servers are part of the critical infrastructure of the Internet. They are also an easy target for DDoS attacks. Unfortunately the collateral damage could be devastating if an attack took our one of the root domain name servers.



5. No abatement in identity theft.  As long as banks continue to essentially pay off cyber criminals, by covering their customers losses as a primary means of defense, identity theft will remain a threat.  Markets are developing that make it easier to monetize stolen identities thus increasing the value of stolen IDs while decreasing the cost of “moving” them. 


6. More attacks against wireless networks. 2006 saw the birth of new attacks against cell phones. These include a text message urging you to call a particular premium phone number (vishing), and malware that infects phones, particularly Symbian phones, and spreads via Bluetooth and even by MMS.  And finally, MMS messages that generate calls to premium numbers; a short lived but lucrative exploit.



7. MySpace grows up and gets secure.  MySpace is riddled with opportunities for the entrepreneurial criminal. In 2007 the number of attacks from  predators, criminals and hackers will get to the point that MySpace will tighten up its controls and monitoring. That will make it less appealing to its teenage audience will grow up and move on.


8. YouTube abuse threatens site.  Like network news, email, and IM before it, the new popular service, video sharing, will succumb to spammers who post ads, ad backed videos, and stealth marketing exploits, ruining the experience for everybody.



9. Network infrastructure shows signs of overloading.  The backbone providers have been resting on the excess bandwidth they invested in during the dot com bubble. But now that voice and video are really here their infrastructure is showing signs of weakness. That will manifest itself in outages, slowdowns, and a mad scramble to lay more fiber in 2007.


10. Spread of Windows Vista will have zero impact on the overall threatscape. It is too late. The cat is out of the bag. Pandora’s box is open. Adding basic security to Windows is not enough to mitigate the rising tide of cybercrime. It may be several years before Vista represents more than 50% of all machines but by then the attackers will have matured and refined their tools to the point were Microsoft cannot keep up. Reportedly you can already purchase Vista zero day exploits on the web.


This is a sad list. I will have to think of some more upbeat predictions as well. Where should I fly next?





Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE:Top Ten Threats for 2007

    I would include...
    Privacy, Proxy caching, Ajax valnarabilities, Securing RSS feeds
  • Top threat for 2K7... (dramatic pause...)


    The recent FCC approval allowing AT&T to assimilate BellSouth brings the reality of Mutha Bell being handed control of the Internet one step closer, with the government being allowed to listen openly on our calls, monitor where we go on the net, and rifle through our personal data like homeless derelicts searching for their next meal. Not to mention one-sided AT&T and affiliate propaganda.
    Mr. Roboto
    • The REAL threat!!!

      I see the real threat as being people WILLING to BELIEVE what
      the printed press to hand down to them! Lets take a step back in time...I borrowed Mr Peabody's Time Machine, Sherman won't be in on this adventure....The YEAR 1984...Apple was running their Super Bowl ad, introducing the user-friendly Macintosh personal computer.
      The year is 1984; the scene is London, largest population center of Airstrip One.
      Airstrip One is part of the vast political entity Oceania, which is eternally at war with one of two other vast entities, Eurasia and Eastasia. At any moment, depending upon current alignments, all existing records show either that Oceania has always been at war with Eurasia and allied with Eastasia, or that it has always been at war with Eastasia and allied with Eurasia. Winston Smith knows this, because his work at the Ministry of Truth involves the constant "correction" of such records. "'Who controls the past,' ran the Party slogan, 'controls the future: who controls the present controls the past.'" In a grim city and a terrifying country, where Big Brother is always Watching You and the Thought Police can practically read your mind, Winston is a man in grave danger for the simple reason that his memory still functions. He knows the Party's official image of the world is a fluid fiction. He knows the Party controls the people by feeding them lies and narrowing their imaginations through a process of bewilderment and brutalization that alienates each individual from his fellows and deprives him of every liberating human pursuit from reasoned inquiry to sexual passion. Drawn into a forbidden love affair, Winston finds the courage to join a secret revolutionary organization called The Brotherhood, dedicated to the destruction of the Party. Together with his beloved Julia, he hazards his life in a deadly match against the powers that be.Newspeak, doublethink, thoughtcrime--in 1984, George Orwell created a whole vocabulary of words concerning totalitarian control that have since passed into our common vocabulary. More importantly, he has portrayed a chillingly credible dystopia. In our deeply anxious world, the seeds of unthinking conformity are everywhere in evidence; and Big Brother is always looking for his chance.

      Now after you finished reading through that little tidbit do you REALLY believe that the AT&T controls anything whatsoever in the computer realm? Outside of using them for getting a TCP/IP connection through your ISP. Remember Russia is no more!!!!!
      • Take Two Alka-Seltzer

        Four Aspirin, go to bed, and call your doctor in the morning.

        I'm with Chicken Little. "THE SKY IS FALLING!, THE SKY IS FALLING!"
        Ole Man
  • no aching knees, please

    Fly United. Economy Plus Access for $300 a year. Cheaper than a round trip to Maui for sure.
    In December I did a round trip to Phoenix just to keep Elite status for 2007 (25k miles required). Elite status means boarding in Group 1 where there's always room in the overhead for my rollerboard. Shorter lines at check-in and through security. And Economy Plus seating is part of the deal.
    The things we'll do for a little nicer travel...
    • consumption madness

      i honestly cannot believe what i'm reading.

      the airlines create these arbitrary thresholds for membership in level-X of frequent-flyer-scheme-Y, thus encouraging customers to fly thousands of miles on totally unnecessary meaningless trips, unconscionably consuming energy for no purpose except to save a few bucks?

      your unflinching compliance to consumerism infuriates me - you are just as much the 'enemy' as the corporations who set the scene for such madness.
      • Um yeah

        I am a consumer, so I guess accusing me of consumerism does not really hurt too much. But listen up man, cheap air transportation is good for the world and the airlines are struggling just to stay alive. I can complain about their service but I do not begrudge them a system that encourages more people to fill empty seats on their flights.

        We live in a vast world populated with many diverse peoples and amazing places to see and experience. The airlines bring all that together with an efficiency and safety record that is hard to find a match for in any other industry. If you want to tilt at windmills rail against governments that take money from millions of struggling individuals to enrich and empower a few meglomaniacs. Leave the airlines alone.
  • new top story

    The first hackers and/or scam companys are counter-attacked by victims who have tracked them down.
  • Completing the sentence.

    This section should read:

    "In 2007 the number of attacks from predators, criminals and hackers will get to the point that MySpace will tighten up its controls and monitoring. That will make it less appealing to its teenage audience, which will grow up and move on to other sites without elaborate rules, restrictions, or protections."

    The sites for those older than much of the MySpace population may well be less... restrained. And for the younger, there are always new sites with less to discourage the customers.

    Different worlds.

    What some people look for in a social site would aggrieve others.

    Another example: Airline fares are expensive to me. Never bought one myself. Companies and organizations can find them affordable, though that has been limited.

    At any rate, what seems odd to some people can be ordinary and expected by others.
    Anton Philidor
  • One more thought

    I?ve been hearing a lot of 2007 predictions around security, but very few seem to be considering mobile threats including malware, DDoS and fraud. From what I?ve seen mobile malware has matured more rapidly compared to traditional malware. It can spread across multiple platforms, and do so more quickly because of higher speed mobile networks and because many mobile devices are always on. It?s one thing for people to be unable to use their computers, but millions of people not being able to use their phones as well could have devastating consequences.

    Consider this simple propagation scenario.

    1. Malware propagates across the Internet and infects a PC.
    2. The infected PC infects a smartphone - IR, Bluetooth, Sync, etc.
    3. The infected smartphone sends the malware through wireless LANs to other smartphones.
    4. The malware cross-infects different phones using MMS.
    5. Those phones infect others through GPRS.
    6. Computer systems and mobile devices are simultaneously impacted in the millions.

    I suppose only 2008 will tell if the mobile threats in 2007 will escalate in par with what the experts are claiming.

    Brian T. Contos, CISSP
    CSO ArcSight Inc.
  • Top Security Threats for 2007

    With the emgergence of high capacity mobile storage devices, MP3 players and cell phones, I foresee the threat of data loss resulting from employee access to sensitive corporate or organizational information to be a key issue for this coming year. Companies with technology that prevents data loss, from vendors such as SecureWave, Safend and Promisec seems like a good place to start. As an integrator of these technologies, I am seeing an increase in the interest in data loss prevention - an area I see as an emerging trend in security.

    Paul Harris
    Harris Consulting
  • Agree, almost completely

    The most frightening and feasible prediction is combination of DDoS (against root DNS servers or financial companies) and phishing or pharming (against final users), relying on ever growing botnets.

    I would explicitly mention the ever growing of malware for identity theft; in other words: antivirus / anti malware product can NOT track the bad guys development cycle of trojans, keyloggers, ... Just upload malware samples to multiple antivirus engines for weeks, and see how many of them recognize them... and when.

    More and more legitimate websites will be infected, just to spread out infection to final users (exploiting the unpatched PC's).

    Regarding Bandwidth, there is a lot of transport infraestructure (SDH, DWDM), i.e. fiber-optics. OK, some ISP's would need more resources, but there are companies with bandwidth to sell.