Related Results Future directions in Internet... TechBiz Connection to Host... Internet car sales still stuck... Norton Internet Security 2007 Most Popular Articles in Technology The Best Laptop Bags Playboy's New Porn ... SATA vs. PATA: the ... Top Tip: How do I ... Sexy and smart: one ... Two themes discussed throughout the report speak volumes about the current Internet security landscape and may provide a glimpse of what will emerge on the horizon. First of all, the discovery rate for new IT product vulnerabilities accelerated substantially over the past year. In fact, the total number of new, documented vulnerabilities in 2002 was 81.5% higher than in 2001. Second, blended threats have intensified and continue to evolve in many ways, posing the greatest risk to the Internet community.

 Three blended threats (namely Klez, Bugbear, and Opaserv) were the source of 80 percent of malicious code submissions to Symantec Security Response over the previous six months. Advertisement These blended threats are a problem now, and will certainly become a bigger problem in the future. Blended threats utilize multiple methods and techniques to spread rapidly across the Internet and cause widespread damage (denial-of-service attacks, hacking attacks, etc.) A review of the major blended threats from the past several years reveals an interesting trend: all of them targeted known vulnerabilities. And some of these had been well documented for six months or more before the threat was created. Today numerous known vulnerabilities present targets for the next generation of major blended threat attacks. 

Evidence suggests that the future of Internet security will present itself on four fronts: attackers threats platforms solutions Turn the page, and we'll look at each of these in turn. New Attackers In the future, there will be a greater dependence on the Internet than ever before, and not just for e-commerce, but also for control of critical infrastructure (power generation, communications, transportation, etc.). While this will bring great efficiency, it also means that the downside of a severe attack on the Internet will be greater than ever. Until now, "amateurs" - young people with no particular motivation or target in mind - have undertaken most of the highest-profile attacks on the Internet. However, I expect that over the coming year and beyond, we will see a rise in more professional types of attackers, targeting specific crucial online systems. 

This will potentially endanger not only the Internet, but also our national security, and ultimately our entire way of life. New Threats In July 2001, Code Red spread to 250,000 systems within six hours and the worldwide economic impact of the worm was estimated to be $2.62 billion. Code Red's spread was fast enough to foil immediate human intervention and the ramifications were huge. And just think, the Slammer SQL worm a couple of months ago was even faster. As attacks grow more professional in nature, I suspect we'll see an even greater increase in the speed and destructive capabilities of threats. For instance, we may see threats emerge that use advanced scanning techniques to infect all vulnerable servers on the Internet in a matter of minutes or even seconds.

 Examples of this include Nick Weaver's Warhol worm scenario or Silicon Defense's Flash worm theory: Warhol Worms: Through advanced scanning, Warhol worms would first start an infection using a list of about 50,000 sites, and then use coordinated scanning techniques to infect the rest of the Internet. In theory, these worms could spread across the Internet and infect all vulnerable servers in less than 15 minutes of "fame". The recent Slammer SQL worm showed the first potential glimpses of a Warhol-type threat with its infection rate doubling every 8.5 seconds in the initial stages. Flash Worms: Flash worms would operate similar to Warhol worms, but in this case a determined attacker would begin the infection using a list of not 50,000, but all or almost all the servers open to the Internet. Rather than 15 minutes, such an attack could infect all vulnerable Internet servers in less than 30 seconds. 

It is very likely that we will continue to see polymorphic and metamorphic worms, but on a much more complex level. These worms will use stronger techniques for encrypting themselves and because they change their pattern every time they run, it could take days or even weeks for researchers to analyze and create cures. We will also see an increasing number of threats specifically targeted at disabling security software. An example would be retro viruses that attack antivirus software by deleting virus definition tables or memory resident scanners.