Welcome!

Industrial IoT Authors: Elizabeth White, Stackify Blog, Yeshim Deniz, SmartBear Blog, Liz McMillan

Related Topics: Weblogic, Industrial IoT, Microservices Expo, @CloudExpo, Cloud Security, Government Cloud

Weblogic: News Item

Security Report Predicts Cloud Computing Attacks in 2010

M83 releases Predictions 2010, a report on its expectations for Web and messaging-based threats for the coming year

Cloud Expo on Ulitzer

M86 Security, a leading global provider of Web and messaging security products, released Predictions 2010, a report on its expectations for Web and messaging-based threats for the coming year. The report is based on M86 Security Lab’s extensive research into the current trends in threats over the past year and its views on the major vulnerabilities facing organizations. The report highlights the increasing sophistication of traditional threats such as botnets, scareware, compromised legitimate Web sites and blended threats. However, it also projects what the company sees are new threat vectors coming from open API’s in Web 2.0 applications, the increased use of shortened URLs and the advent of non-Latin based domain names.

On the heels of a year filled with widespread exploits, including PushDo and Zbot trojans that have been reported on by M86 Security Labs, security professionals should apply lessons learned and brace themselves to combat an increase in the volume of attacks and new innovations in 2010. Specific 2010 security predictions from M86 Labs are as follows:

  • Botnets Grow in Sophistication: Botnets continue to be a major problem, driving the majority of spam output and mass Web site attacks. Botnets have moved away from traditional IRC-based command and control, in favor of HTTP or other custom protocols, utilizing Twitter, Google and Facebook.
  • Continued Rise of Scareware: Scareware is a traditional tactic that grew popular in the second half of 2009 because of its effectiveness. Consumers are prompted to download malicious software through convincingly crafted anti-malware landing pages. In 2010, these attacks should escalate, as the look and feel of scareware pages get updated and criminals find new ways to reach users.
  • Poisoning Search Engine Results: A growing trend is the use of Search Engine Optimization (SEO) techniques to drive users to Web pages hosting malicious code. Also known as SEO poisoning, the technique aims to elevate malicious landing pages in search engine results rankings to ensure a steady supply of victims. The technique is commonly paired with scareware to capitalize on users' trust in search engines.
  • Evolution of Web Site Infections: The standard attack vector for cybercriminals is to compromise legitimate Web sites to spread malware. In 2010, the majority of malicious behavior will reside on legitimate Web sites that have been compromised by various scripts and worms.
  • Setting Sights on SaaS and Cloud Services: Cloud computing and SaaS have exploded in popularity during 2009, leading to a vast increase in service offerings. As a result, more and more corporate data is being stored outside of the network, making it difficult for IT administrators to have direct control over the data. In 2010, cybercriminals will target the larger cloud-based providers and attacks will increase.
  • Exploiting Third Party Applications: Cybercriminals commonly exploit highly deployed third party applications, such as Adobe Flash and Acrobat Reader. The ability to embed one file type in another will result in more complex attacks gaining popularity in 2010, due to the ability to evade detection mechanisms.
  • International Domain Name Abuse: In 2009, ICANN approved the registration of Internationalized Domain Names, enabling the use of non-Latin characters in domain names. As a result, phishing attacks should rise, as cybercriminals can register phony Web sites with URLs that are nearly indistinguishable from legitimate ones.
  • Attacking Application Programming Interfaces: Social networks such as Twitter and Facebook are extending their services for third party development through the use of application programming interfaces (APIs). There is an implicit level of trust provided through the use of APIs, granting access to user profiles and data, so the threats that target them are likely to increase in 2010.
  • URL Shortening Services Hide Nefarious Means: The popularity of Twitter and link sharing has given rise to URL shortening services that reduce the number of characters needed to parse a link. However, these services enable cybercriminals to spread spam and malware by obfuscating the destination of posted links.

“Looking back at some successes in 2009, the security industry was successful in disabling the Mega-D botnet and eliminating significant spam hosting and service providers,” said Bradley Anstis, vice president of technical strategy, M86 Security. “However, the volume of spam and Web requests continues to grow and eclipses the levels seen before these takedowns. The first step in preventing serious Web abuse and widespread infection through the Web and other means is awareness of the threats. That is why M86 Security Labs is proud to share insight culled from our ongoing research in the Predictions 2010 report.”

More Stories By Pat Romanski

News Desk compiles and publishes breaking news stories, press releases and latest news articles as they happen.

IoT & Smart Cities Stories
"Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, and Brandon Crowfeather, Product Manager, at Vivint Smart Home, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and G...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
DXWorldEXPO LLC announced today that ICC-USA, a computer systems integrator and server manufacturing company focused on developing products and product appliances, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City. ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of ...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...