There’s been a significant uptick in Web-based malware, with
infections nearly double those from this time last year, and predictions are that Web based attacks will get worse before
they get better.
In their Q3 Malware Update, security firm Dasient estimated there were
over 1.5 million malicious advertisements a day dished out to unsuspecting users. The
length of these campaigns spanned 11.1 days on average, suggesting attackers have
been fairly successful with this medium.
Internet threat protection company M86 reached similar conclusions in their 2011 predictions, (.PDF) warning of refined attacks around HTML5 and the surging
battlefield revolving mobile attacks. Though the HTML5 specification is still a work in progress, adoption is picking up speed, driven by firms like Google who see the update to the Web’s lingua franca as an open and standards-based alternative to proprietary technologies like Adobe Flash and Microsoft’s Air. But HTML5 brings new security concerns along with its new features.
Both firms cautioned against the continued use of stolen digital
certificates to bypass security measures as well, citing the nefarious Stuxnet
worm which targeted industrial systems in July. Dasient also predicts a shift
to more fully-realized cyber warfare, with a focus on government web sites:
“While Stuxnet propagated via USB sticks, one can imagine
that an efficient way to infect critical, government-run infrastructure would
be to infect government web sites, which government employees access more often
than casual visitors,” the company said in its report.
Drive-by-downloads and scareware will
continue ravaging sites like Facebook and Twitter, the companies agreed. The firms referenced Koobface’s
recent proliferation across Facebook and
September’s Twitter XSS attacks.
While websites are likely to ensnare the crux of attacks in
2011, attackers will continue to find new ways to propagate their malware,
ensuring some of these trends will carry on.