BlackHat Experts Predict the Hot Computer Security Topics for 2009

On the opening day of the BlackHat 2008 conference, Symantec did an anonymous survey of the attendees to discover exactly what they thought would be the hot security topics in the upcoming year.

While no one can predict the future, I found some of this fairly interesting.

The sample group consisted of IT managers, security researchers, and executives from several different industries,and of course, the government. The group surveyed could be considered International in nature, also. Experts from North America, Latin America and the Asia Pacific all voiced their opinions regarding what will become the hot security topics in the upcoming year.

Most surveyed seemed to believe that Web 2.0 and vitualization will be exploited frequently in the next year. In the post, I read about this by Zulfikar Ramzan, he mentions that Symantec has invested considerable resources in developing technology to prevent exploits in both these areas. He also mentions that Symantec is developing solutions to the increased dangers of what is known as drive-by pharming. In drive-by attacks, all a user has to do is visit a malicious site to be be infected.

Earlier this year, Zuftikar reported on one of the first sightings of drive-by pharming in the wild.

Another ongoing concern, especially with crimeservers being found in the wild with gigabytes of personal and financial information is the ongoing issue of data theft. Data theft is and will probably be the primary motive for most of the exploits out there. On a personal level, what scares me, is the increasing sophisitication of the attacks and the ever increasing amount of information compromised.

The respondents in the survey believe that most data will be stolen via insufficient access controls, laptops gone missing, data sent to third parties, and data being wrongfully posted to the Internet, intranet, and extranet.

Another new solution mentioned by the respondents is whitelisting. In simple terms, whitelisting is where a system is protected by only allowing approved sources to integrate with it. If a file or application isn't approved by the whitelist, it simply will not run.

Also mentioned in the Symantec post are what motivates researchers to examine and sometimes even develop malicious technology for research purposes. Some mentioned they need to do it to accomplish their jobs -- while others mentioned personal profit and even fame as their primary motivation. So far as developing malicious technology for research purposes, the post points out the danger that some of this research might accidentially be leaked into the wild.

A recent example of this occurred with DNS Cache Poisioning, which was covered in more detail at the conference by the person who discovered it, Dan Kaminsky. DNS Cache Poisoning allows an Internet bad guy (or gal) to redirect a user to a malicious site without their knowledge. Within days of the information being leaked, instructions (computer code) was put into a hacker tool called Metasploit. Metasploit is a controversial tool used both by researchers to work on exploits and by hackers to launch attacks.

The DNS Cache Poisoning exploit was made public prematurely. Kaminsky and a whole crew of experts had secretly been working on solutions to protect systems from the exploit before it was leaked. On Monday, the Register reported that large areas of the Internet remain at risk.

So far as platforms that are of the most concern, the respondents listed XP over Vista, which is a turn around from last year where the concerns were exactly the opposite. A speculation for this was cited as the industry being slow to adopt to the Vista platform.

With DNS Cache Poisoning and Gigabytes of personal information being found floating around the Internet, there is little doubt 2009 is going to be an interesting and challenging year for the BlackHat attendees. In my humble opinion, it all boils down to the fact that information is worth a lot of money that criminals and businesses alike see as a cash cow.

Maybe in 2009, we will take a look at what enables the problem in the first place? Until we do, I fear the problem will only continue to grow.