Threat & Spamscape Forecast 2010

Email messaging and Web security solution provider AppRiver released its year-end spam and virus repot, highlighting trends from 2009 as well as some predictions for the coming year. 

- Phishing remained a consistent threat with several campaigns targeting social networking sites and mimicking major banks, as well as the Internal Revenue Service, to dupe consumers at tax time

- Spammers exploited major current events such as the H1N1 flu outbreak and Michael Jackson's death

- Data breaches rocked Heartland and Countrywide

- Botnets like Conficker and Waledac made frequent headlines

"2009 brought the return of Conficker, which turned out to be the biggest un-used botnet of the year," says AppRiver Senior Security Analyst Fred Touchette. "It resurged quickly and spread fast, but its threat level paled in comparison to the lesser-discussed ZeuS Trojan, often from the Pushdo bot, which goes right for victims' banking credentials. The profit potential is huge for cybercriminals as do-it-yourself ZeuS Trojan kits are widely available on the black market for as little at $400." 

Touchette believes that mobile, cloud and sero-day attacks will continue to increase. Here are a few highlights from the threat forecast:

- Personal data is very lucrative in the underground economy, and just as it was in 2009, it will continue to be a target for cybercriminals in 2010. Expect to see more custom malware designed for very specific purposes, such as intercepting credit card purchase transactions and cardholder information.

- The cloud will continue to be a target. Malware authors have already begun to host malicious code on major cloud based servers (e.g. Amazon's EC2). Expect to see more of this, as well as attacks against the cloud itself, namely Google Wave this year.

- Although still a niche market, anti-virus products for smart phones often offer full data back-up in case of loss or damage as a part of their service. This info is stored on the cloud. These companies may see targeted attacks against stored personal information.