Mobile devices, Cisco routers, Oracle software, VoIP: businesses can expect all these and more to become hacker targets in the next year and beyond, according to Symantec. Oh, and don't forget Windows Vista, Microsoft's next-generation operating system. They're all places that the financially-motivated new generation of hackers might look to exploit.
Frequent Microsoft security patches, SANS Institute studies and worm attacks suggest the next generation of Windows should be prime meat, yet on this topic Symantec treads lightly. "We'll see an intense amount of focus when those things come out," says Dave Cole, director of Symantec Security Response. "But the amount of continual focus on them will depend on the amount of blood in the water."
Meanwhile, Symantec thinks one of the biggest developments will be attacks and attempts on alternative devices and platforms. As networked and user devices gain more intelligence and more computing power, they may become targets. "We're seeing a shift in emphasis over to non-PCs: your router, your switch, your back-up device," Cole says. "It's like whack-a-mole. You hit one and another pops up. We've now got to make sure the entire infrastructure is protected."
Although there haven't been any widespread attacks, cell phones and mobile devices will become more ripe for hacking as software becomes interoperable and financial data climbs onto their hard drives and networks. However, even though voice-over-IP is expected to boom in the coming year, it isn't an easy target, Cole says. Still, Symantec has seen "a heavy amount of scrutiny" on endpoint applications associated with VoIP.
Hackers also will continue their shift toward targeted attacks, Cole says. Symantec labs are seeing a shift toward financial motivation and an acceleration of bot attacks that turn systems into agents for malware. And new laws and regulations may make adware and spyware much less pervasive.
But even in more traditional, non-targeted attacks, Symantec thinks malicious code will increasingly find new paths of attack such as Websites – whose entry fields are already subject to code insertion – and instant messaging programs. Look out too for the year of the rootkit, a pickle that's sent Sony flailing in the last month. Wherever the money is, that's where attackers will play, Cole says. "They're going to go after the easiest way possible to gain a buck."