2007 predictions

I’m not one for predictions, mostly because everyone else does them and I’m not necessarily an analyst. But I thought I would spit out what’s on my mind. And no, I’ll refrain from the obvious and take some more ballsy moves.

1. Efficiency is the name of the game with technology, not only in business but in criminality as well. Think of all the scams and attacks that have been performed for decades (plagiarism, fraud, identity theft, data theft, credit card skimming, phone phreaking, spam/junk mail, music/movie bootlegging/copying…). If there are some out there still untapped as a technological attack, they will start getting tapped. As phones and VoIP converge and cross international lines, so to will we start to feel the return of phone scams and telemarketers as call prices plummet and laws are unable to cross borders.

2. Several people made headlines this year, and maybe you could say they broke out. HDM, LMH, Jeremiah Grossman, and RSnake are the memorable names. The first two are pushing fuzzing; the latter two are abusing web attacks. That foursome and their lesser-known buddies and pals are the nucleus of active white hat hacking and disclosure. None of them are done yet, and I think 2007 will see a lot more activity and revelations from all four. What ports do people open on firewalls? BitTorrent and P2P. Fuzz those apps and we might find another worm for home systems.

3. With the widespread dismissal at how potentially dangerous wireless driver attacks can be, I still expect to see this minorly erupt. Granted, we won’t see huge wormable activity, but damn is it nice that drivers are rarely updated and they are insecure still. I expect more news here and maybe a few landmark incidents in the wild. I wouldn’t be surprised if governments and corporations are not already abusing this front in more targeted attacks.

4. You can’t predict something in 2007 without thinking about botnets. Nothing scales better right now in the threat landscape than botnets. From DDoS to extrortion to DNS attacks to just taking your 20,000 infected hosts and stealing host information; It’s going to be worth money to someone. I expect these to get more sophisticated as botherders realize the true power they have. I wouldn’t be surprised to see some of the compromised systems get special attention as a stepping-stone into behind-the-firewall recon and attacks. A .gov bot? Cha-ching! We have no real counter to botnets right now, and this war can only escalate. How about that SNMP worm that people think won’t come? Release that via the bots and you can have a lot of fucked up networks despite strong firewalls.

5. Regulations and standards will start to be questioned as data disclosures and high-profile attacks won’t go away. Just like government report cards being useless, so too will standards compliance checkmarks. Just like “Hacker Safe” meant nothing to some websites that were still full of holes, so too will “XYC 21300 compliant” mean nothing. Organizations are too different and complex and the threats too different for standards to really be effective. Mgmt won’t understand that for a few years yet. (On a similar note, as security moves into unified super-applications that try to do everything from one mgmt console, the skills of admins to understand the underlying technology and do things with free lower-level tools will become dangerously low in many organizations…maybe not in 2007, but ongoing.)

6. Lastly, da bears will finally win another Super Bowl.