One of my colleagues and I were talking about emerging threats. He mentioned checking the SANS Internet Storm Center ( http://isc.sans.org/diary.php ) a couple of times a day for security news updates and threats coming in and up. There is even an entry today about emerging threats (woo - scary as we had been talking about that), here is the information they posted there:

Emerging Threats
As many of you know, worms, viruses, web defacements and even botnets are what we might call "last century" threats. What are we going to be facing in the coming years? The SANS ISC is interested in your ideas, so if you have time today drop us a brief note with your thoughts. Please don't send us a book, just a few lines will do. We'll include the best ones in the diary today.

Here's a few that have arrived:

David says, "Instead of hijacking a system to use the disk space and setup detectable FTP servers, [attackers] may end up harvesting all of the documents from the system in hopes of gaining financial or personal information for identity theft."

John suggests, "As direct electronic invoicing becomes more popular, criminals will try to leverage poor implementations of Web Services to submit fraudulent invoices for payment. Agencies that have done away with support staff necessary for manual invoice processing will pay dearly."

Greg offers, "With the developing trends in botnets and denial of service with them, I'm willing to bet that we'll see more frequent use of ddos for hire and malware distribution by zombie pcs. It also would be a shock to see an adaptive botnet..that can change and adapt to discovery on the fly..shutting down discovered nodes and such."

Steve tells us, "I believe that the real threat that's only beginning to surface is internet extortion. What means by which it will happen is hard to say, but it's an increasing threat. I think we're on the brink of seeing widespread extortion happening where files will be "kidnapped", and a ransom note will be left in their places for the user to follow if they want their precious files back." (note from the HOD - this is already happening!)

Tom thinks that these are possible emerging threats: "VoIP hacks (with social engineering and Caller ID spoofing people will give up a lot of data), Hacker "Mafias" (not just small scale people writing viruses because they can - distributed networks of hackers organizing criminal actions like stealing credit information, etc.), attacks on mobile devices (security just really is not a concern for many mobile companies)."

Alex scares us with, "My thought is that we'll see new types of Malware that are able to correlate personal data about a selected individual that it promiscuously finds on the web. The implications of this ranging from the obvious identity theft to much more sophisticated phishing scams and even password comprimise by building very specific custom dictionaries for attack. A 50k+ botnet is great for DDoS, but it has other uses for its massive computing power and connectivity; namely a huge web spidering and correlational tool for this type of attack."

Damian believes that, "one of the emerging trends could be cryptovirology. I believe it could have a huge impact if a nasty crypto worm is developed and it could exploit some new vulnerabilities. In fact I try not to think about it very often ... otherwise I couldn't sleep."

CE's crystal ball says, "Two things come to mind regarding emerging threats: 1) Infection, or at least increased attempts at infecting, of popular sites (like the recent MSN News Korea story) will increase due to the lure of large amounts of victims who trust well-known sites. 2) False information that is presented in ways that a majority of readers, and possibly many experts, wouldn't doubt. This can be used for fraud, social engineering, etc. It will move beyond phishing email and stock scams into possibly more mainstream mediums."

Gary says he is "concerned at the potential for targeted malware. Whereas today's viruses and worms are fairly indiscriminate, I forsee the emergence of malware that specifically targets a given individual, organization or some other distinctive target."

Christian muses that, "one threat will remain for ever .. that's osi layer 8. There will always be suboptimally trained users, administrators, coders or manager that copy /etc/shadow to webserver root." (note from the HOD - I like to call this the "carbon layer" of the OSI model.)

Matt predicts three major trends in the coming year: "The death spiral of signature-based virus detection ... a major increase in wireless network attacks, particularly man-in-the-middle spoofing/theft ... [and] a concentrated, coordinated effort to improve public understanding of basic security issues by both private and government agencies."

Eric is concerned about "completely 'blended' and adaptive threats funded by money that is coerced/stolen electronically. Threats that morph from one form to another depending on how a system is setup to counteract attacks is a real possibilitiy. With more 'holes' being discovered I think it is wise to believe that the development of adaptive threats with blended capabilities is going to be a huge problem."

Chip has a fatalistic outlook, telling us that, "Aside from 'individual' system administrator and 'real' security consultants, I see no cluefulness at all in the IT world, nor in oversight agencies, none." He goes on to say that, "the folks who have been wishing for a really stable platform such as BSD to host malicious applications on, have been handed a goldmine in the form of the new MacIntel platform."

Phil predicts "a worm that actually exploits a vulnerability for which we haven't had a patch for months or even years. It's been a while..."

Well, this is interesting. Most of today's submissions have been oriented on technologies. This afternoon we've seen quite a shift in the thinking of the evil minds. Here's what the mailbag brought us...

An anonymous person looked into the future connected world and prognosticated, "what about crackers breaking into an automated household and manipulating all sorts of automated devices, like the fridge, locks, dishwashers, coffemakers and so on ... another one could be break-ins to car computers to ground you or worse cause an accident on purpose ... and still another one could be (or maybe already is...) hijacking devices (such as sealing harddisks with passwords and then ask for money to reopen the disk) - you could do this with all sorts of networked equipment ... a completely different approach is identity manipulation: changing information on the web about other people to create a wrong impression about them...."

AJ steps up the heat with, "I think that the next attack could be a mobile virus that spreads between smart mobile phones. At a designated time the payload could have all the mobile phones dial a specified number DDOSing the cellular network and the target phone network."

Jim was thinking out of the box when he wrote, "Funny you haven't mentioned terrorism yet. Why blow up a building when you can destroy a nation's economy?"

Not to be outdone, Rick fired away with, "Nations or groups dedicated to the downfall of any given government could be compiling botnet lists and lists of the most effective malware for a coordinated distributed attack to undermine and collapse economic stability, maybe as part of other physical attacks."

Wayne believes that, "the newer threat will be online extortion. Download a malware, encrypt your important info, and ask for money.."

Mike was maintaining a positive outlook when he wrote, "For years, organizations have been spending a lot of money on poorly-implemented or half-baked security solutions so they can check a box on an audit finding. At the same time, auditors have been providing findings of such poor quality that the information is nearly useless to their customers. I believe some of the recent high-profile identity theft cases will bring this to light, and hopefully improve auditing practices and force the hand of large organizations to *properly* implement security technologies."

Mark is convinced that, "a cyberattack on our electronic infrastructure is in the cards." He thinks it could happen by creating a "Coordinated attack on a predetermined time and date launched from many platforms, including zombified PCs, social engineering attacks, and insiders that were 'planted' for D-Day; [or] Indirect attack from the EMP blast from a nuclear warhead on a missile. Could be launched from offshore somewhere, or even from inside the US, with the materials having been smuggled in and assembled on location; [or] Create a crisis of such proportions (some kind of attack) that the much-increased use of the electronic infrastructure because of everyone trying to contact family, friends, etc., crashes everything." (wow, Mark, you should be a screen writer!)
The above is speculation at this point, (in Homer's voice "Or is it?"), based or not on facts or history. I was curious if the SANS ISC is THE source for frequently updated security news and threats, or is there another good source or two, or three? I was thinking of a couple:

1. http://www.cert.org/
2. http://www.securityfocus.com/
3. http://www.security-update.com/security-news/

Any others worth mentioning? Besides AO - already have dat one! What about the ones I have mentioned above? Oooh - what about finding out information on what the other side is doing - or is that even possible without becoming a Black Hat?

In advance -