Trend Micro senior threat researcher Paul Ferguson recently gave a report from the front lines of threat detection. Here are the top 10 threats we are currently working against—and what we anticipate in the near future:
Exploit Kits : These are, essentially, malware in a box: a bundle of code that lets hackers exploit the most prevalent security flaws in the general user base. It lets hackers cast a wide net so they don't have to be choosy about their victims.
Traffic Direction Systems (TDS) : These are used to send victims to specific locations on the web where they can be exploited. The criminals behind the TDS make money by sending or redirecting traffic to these locations.
Smaller Botnets : Not so long ago, botnets consisted of millions of "zombie" computers that cybercriminals controlled unbeknownst to the computer users. The problem for botnet operators was that once their monolithic botnets were discovered and shut down, their game was over. With smaller botnets, authorities have a lot more ground to cover giving cybercriminals more time to run their operations.
Modularisation : Illicit plug-ins... they're not just for legitimate software developers anymore! Now hackers can get special-purpose plug-ins for screen-grabbers, back-connects, web injects, and other nasty tricks.
Mobile Threats : These can be scary simply because there are so many of them. But to date we haven't seen evidence of significant, concerted efforts to target e-commerce or banking applications through mobile devices. We expect that to change once near field communications (NFC) reach a larger percentage of the consumer market.
Social Networks : As long as people post too much personal information on social networking sites, blunder into obvious and avoidable scams, and click on booby-trapped links... which is to say, as long as humans continue to behave like humans... cybercriminals will continue to troll social networks for victims.
Critical Infrastructure Attacks : Around the world, attackers have already penetrated several critical utilities. Networks that could be considered "critical infrastructure" are sometimes run by private companies that simply aren't equipped to fend off attacks.
HTML5 Exploitation : On the plus side, HTML5 brings together a whole collection of previously disjointed web technologies; however, now any of them can be exploited under the general HTML5 umbrella. And your browser can now be exploited regardless of the underlying operating system.
Targeted Attacks : Like whale phishing (going after executives) targeted attacks are aimed at a specific organisation or industry. They don't need to be very sophisticated to work really well, because they rely more on human fallibility than on technical brilliance.
Unregulated Markets : Smart cybercriminals know how to fly under the radar by selecting domain registrars and hosted services providers that won't notice their activities (or will ignore reports of abuse). In emerging markets outside of North America and Western Europe—where oversight and remediation organisations may not even exist—cybercriminals, like pirates, are more likely to practice their trade unhampered by regulations.