Security: The year ahead

2003 started with the Slammer Internet worm and went downhill from there. It has been labeled the Year of the Worm and called “the worst year ever” by more than one security expert. Will 2004 bring more of the same, or will it be remembered as the year in which Internet users “took back the streets” from virus writers, malicious hackers, and spammers?

A little bit of both, say corporate security experts and computer virus specialists.

Internet users will not see virus outbreaks curtail in 2004, despite high-profile prosecutions of some virus authors and a Microsoft bounty on the original authors of the Blaster and Sobig viruses, according to Chris Belthoff, senior security analyst at Sophos.

Prosecutions and bounties do not prevent crime in the physical world, and should not be expected to work any better online, Belthoff said.

The threat of a so-called “zero day attack,” in which a virus or worm exploits an unknown and unpatched software vulnerability, also looms as a worst-case scenario, Belthoff said. In pursuit of that elusive goal, hackers are exploring internal vulnerabilities in Microsoft’s .Net Web services framework, IIS Web server, and Windows 2003 Server, according to an exploit writer who uses the online handle “wirepair.”

The wealth of new, unexplored code for .Net is fertile ground for hackers, agreed Mikko Hyppönen, director of anti-virus research at F-Secure. 

“One thing that’s interesting about attacks in an environment like .Net is that a successful worm will hit multiple platforms: desktop, laptops, as well as mobile phones and PDAs,” Hyppönen said.

Incidents of online identity theft will also increase in 2004, security experts said. Organized criminal groups in Russia and South Korea are using malicious hacking and so-called “phishing” Web sites to harvest information about thousands of online users, according to Richard Stiennon, a Gartner analyst.

The 2004 presidential election will focus attention on the security of embedded operating systems in electronic voting kiosks, ATMs, and SCADA (supervisory control and data acquisition) systems that run critical infrastructure, experts said. Security flaws, the increasing use of embedded versions of Windows, and the near-total dominance of the TCP/IP networking protocol make it likely that virus and worm outbreaks will affect private networks used by ATMs, utilities, and other critical systems, F-Secure’s Hyppönen said.

Security in 2004, however, will not be all bad. Enterprises will deploy more security technologies, and they will do it more precisely and with fewer problems, Stiennon said. He added that changes to Microsoft software will close a number of well-worn avenues traveled by hackers and virus writers.

“It’s getting to the point where we know what we need to do, and there are good solutions out there — but now we have to execute,” Stiennon said.