Websense predicts the future of web security

The cloud will become dangerous, good sites will be used to hide bad data, and rich internet applications will turn on their users. These are some of the predictions from Websense Security Labs, which has compiled a security forecast for 2009.

First, Websense Country Manager for A/NZ, Phil Vasic, predicts that the cloud will increasingly be used for malicious purposes.

“Cloud-based services, such as Amazon Web Services (AWS), Microsoft Azure, and GoGrid, provide businesses and users with easy-to-use, rent-as-you-go opportunities for storage and large-scale computing at a low cost,” said Vasic.

These services provided an attractive target for cybercrimnials and spammers to leverage for misuse, said Vasic.

“The cloud may be used simply to send spam or to launch more sophisticated attacks including hosting malicious code for downloads, uploading stats, and testing malicious code.”

Second, Websense predicts an increased use of Rich Internet Applications (RIAs) like Flash and Google Gears for malicious use.

“Creating a rich Internet experience through a browser-based application is created with technology called Rich Internet Applications (RIA). With the explosion of demand for these applications, for developers who use RIA technologies such as Google Gears, Air, Flash and Silverlight to build large Web 2.0 Internet applications, security is an afterthought, opening up the door for cybercriminal abuse,” said Vasic.

“With RIA popularity exploding, Websense predicts that in 2009 we will see some large scale attacks using both exploits found within the core RIA components as well as the user-created services that allow attackers to remotely execute code on user's machines.”

Third, 2009 will see a rise in attackers taking advantage of the programmable Web.

“The Web 2.0 world is one in which open Web APIs, mashups, gadgets etc, allow Web sites to share and use functionality from other Web sites. Web API’s are being released at a record rate leaving little time for testing, and requiring a level of trust between users. Websense believes that in 2009 there will be a rise in the malicious use of some Web service API’s to exploit trust and steal user credentials and confidential information.”

A significant rise in Web spam and malicious posting of content into blogs, user-forums and social networks is also predicted for 2009.

“The rise in the number and popularity of Web sites that allow user-generated content will lead to a significant rise in Web spam and malicious posting of content into blogs, user-forums, and social networks sites for search engine poisoning, spreading malicious lures, and duping users into fraud,” said Vasic.

“Additionally, this threat will be augmented by several new Web attack toolkits that have emerged that allow attackers to discover sites that allow posts and/or have vulnerabilities. Additionally more BOT’s will add HTTP post functionality into their capabilities.”

Fifth, attackers will move to a distributed model of controlling botnets and hosting malcode, said Vasic.

“This year we saw two California-based hosting companies McColo and Intercage/Atrivo shut down by upstream providers for hosting botnet command and control (C&C) servers as well as malicious code. Shutting down McColo had the effect of a 50 percent drop in all spam on the day it was shuttered. Shutting down Intercage/Atrivo had a similar effect plus substantially mitigated the “Storm” botnet from spreading.

“We predict that because these botnet groups have thus far depended on only a few providers to host their C&C servers, they will distribute their servers as well as move to foreign hosting providers, making it harder for upstream providers, the Internet community and law enforcement to find and shut them down.”

Finally, the siege against websites with good reputations would continue.

“In 2009, we will see more than 80 percent of all malicious content hosted on sites with “good” reputations. We will see more big name Web site compromises and more compromises of Web sites in the Alexa top 100,000 most visited. This includes regional attacks on popular Web sites in select properties, popular sporting sites, news sites, and continued placement of IFRAME’s and other malicious redirection code within them.”