Threat Level: green Handler on Duty: Russ McRee

SANS ISC: What will 2006 have in store? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
What will 2006 have in store?
Well, 2005 is soon to come to a close.  What a tremendous year this has been!  We have had lots of exciting discussions about everything from "soup to nuts".  Looking back we have seen new exploits, new holes in the Internet and the usual round of viruses and worms.  I was the Handler On Duty - New Years Eve 2004 and asked our readers who checked in with us to tell us what they thought 2005 was going to bring. Here is a recap of some of the responses that were received:

From Greg:
   With the developing trends in botnets and denial of service with them, I'm willing to bet that we'll see more    
    frequent use of ddos for hire and malware distribution by zombie pcs. It also would be a shock to see an
    adaptive botnet..that can change and adapt to discovery on the fly..shutting down discovered nodes and such.

From John:
    As direct electronic invoicing becomes more popular, crimals will try to leverage poor implementations of
    Web Services to submit fraudulent invoices for payment. Agencies that have done away with support staff
     necessary for manual invoice processing will pay dearly.

From David:
    I can't think of a new 'technical' threat but the existing technology joy-ride hackers are using could end up
    being more dangerous in the near future. Currently when we find a hacked system it is normally being used to 
    share copyrighted music, movies or applications.  They mainly want to use our disk space and bandwidth and
    have no dangerous agenda.  This could change in the future, however.  As financial institutions tighten up
    security the money motivated hackers may turn to using BotNets to harvest documents.  Instead of hijacking a
    system to use the disk space and setup detectable FTP servers they may end up harvesting all of the documents
    from the system in hopes of gaining financial or personal information for identity theft. Pretty scary to even think
    about it.

From Jack:
    DNS Poisoning/Hijacking

From Anonymous:
    Just thought I'd add some of the potential issues that we might start seeing in 2005. First, is the spread of bots
    to IP enabled devices. Once more as devices reach that "on-line all the time" state, the vulnerabilities will be 
    exploited more. This could include a range of devices from cellular phones, to even the next generation console
    systems. (Note: viruses and exploits for console systems may deserve to be its own potential issue). Second, an
    increase of malware for alternative operating systems (non-Windows), primarily for the Tiger OS. Third, IPv6
    will become wider spread, and while it will be a partial remedy for some sercurity issues; improper
    implementation will create added security risks and issues -- primarily in the areas of content
    management/filtering, simpler facilitation of cryptographic malware, and brand new vulnerabilities for IPv6
    enabled products.

So what do you think?  How did our predictors do for 2005?  What do you think were the biggest issues for 2005? I will be the Handler On Duty on News Years Eve and will print some of the responses we receive.

What are your predictions for 2006?  Let us know. Your response could be used in a Diary next year.




Deborah

278 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!