As Dilbert author Scott Adams once said, the great thing about predicting the future is that if you’re right you can point back to your initial prediction and proclaim your genius, if you’re wrong, most people wouldn’t remember your predictions in the first place.
So with that caveat in mind, here are some of the things I expect to see in the IT security news in the coming 12 months:
- More compromised CAs. In 2011 we saw a compromised Malaysian government CA used in a scheme to sign code as though it was signed by Adobe. At least four other CAs trusted by most of the computers in the world reported some sort of compromise in 2011. CAs are a high-value target as malware authors that compromise a trusted CA are able to make their malware look like it was signed by a trusted company like Apple, Microsoft, Adobe, or Google
- No Code-Red or Nimda type event. The days of mass panic malware events are most likely behind us. Computers are more secure out of the box and both Code-Red and Nimda involves exploits that leveraged reluctance to change the default settings.
- Vendors like Microsoft continuing to take down Botnets through “litigation decapitation”. Decapitating botnet command and control nodes by throwing lawyers at the problem is a more practical strategy than hoping that people disinfect compromised systems.
- More reports of Android Malware. Android has an increasingly massive footprint and Google seems at the moment unwilling to take a role of checking Android apps for malware prior to publication, instead taking a post-hoc approach of removing apps that have been found by people in the community to contain malicious code. Google can mitigate this somewhat by being more pro-active in screening the code it publishes in the App store. This approach seems to be working for Apple. The vibrant Android Warez scene will remain a bastion of malicious code.
- More social network malware. Sometime in 2012 Facebook will reach the 1 billion user mark. Social media is an awesome transmission medium for malware as long as the authors find the right hook. Expect attacks to get more sophisticated than “do you want to win a new iPad 2”.
- Hijacked Cloud deployments. With so many organizations moving their infrastructure to the cloud, it’s only a matter of time before a cloud deployment gets completely hijacked. When a server sitting in your server room gets remotely exploited, you can go down and physically reinstall the box. If the account with your cloud provider gets hijacked, recovery might be more challenging. The ability to rapidly spin up infrastructure at someone else’s expense makes cloud deployments a tempting target for those of nefarious intent.
- Consumerization based security problems. The “Bring Your Own” trend will hit some of the snags that IT professionals have been warning about since the trend began. People will continue to want to connect their malware infected consumer devices to corporate resources. While IT professionals have been pushing back, expect to see increasing reports critical internal infrastructure compromised because the task of maintaining personal computer hygiene devolves back to the user. That’s by no means an exhaustive list, and it doesn’t cover everything that I think might happen. We’ll still see the mundane stuff like people’s computers getting compromised by exploits because they didn’t keep their anti-malware software up to date. I expect Windows 8 to be more secure than Windows 7 and the next version of OSX to be more secure than Lion – not because Windows 7 and Lion are inherently insecure, just because Microsoft and Apple are always including new security features in their operating systems that make exploiting them more difficult.
My new book: Windows Server 2008 R2 Secrets. It is a book for experienced Windows administrators who are new to Windows Server 2008 R2 and don't need a lot of basic introductory level material: