By Cara Garretson

Symantec’s MessageLabs on Tuesday released its 2010 Annual Security Report that summarized the most significant cyberthreats of the year, including spam, botnets, viruses, phishing, targeted email attacks, and other menaces to corporate IT security. Looking ahead, the MessageLabs report also includes predictions for what some of the major security issues in 2011 will be. Read on to learn what the threat landscape might look like in the new year.

The 2010 Report

The MessageLabs Intelligence 2010 Annual Security Report, which can be downloaded from here, is produced annually. MessageLabs, Symantec’s hosted security services division, compiles its reports based on the millions of messages that the MessageLabs service processes every day as part of its real-time detection threat and analysis capabilities, according to the company. MessageLabs receives and scans live email feeds from customers around the world, and from that data it gleans trends and statistics on Internet threats.

Highlights of the 2010 Annual Security Report include the increase by 100 fold of email-borne malware this year, a year-end total number of botnets at between 3.5 million and 5.4 million, and a peak spam level of 92.2 percent - meaning that the percentage of all email sent at that time was spam - in August of this year.

Spam Predictions

The MessageLabs report predicts that spam will become more diverse in culture and language in the new year. Currently 95 percent of all spam is written in English, the report predicts that level to fall below 90 percent because of economic growth in other parts of the world and the widespread adoption of broadband connections. Another reason why MessageLabs predicts that spam will become more linguistically diverse is because spammers will send more spam in native languages next year; i.e. spam sent to Brazilian email users will be written in Portuguese in 2011 more than it has been in the past. After English, Portuguese and Spanish are expected to be among the most popular languages for spam, says the report.

The report also expects a shift in the countries from which spam originates, with Europe expected to send between 40 and 45 percent of all spam, due largely to an increase in unwanted email being sent from Eastern Europe. The amount of spam sent from North America will remain flat at 10 percent and from Asia at 35 percent, with South America’s share growing to 10 to 15 percent of all spam sent, according to the report.

Mobility and Cloud Security

With more and more employees working remotely - IDC predicts that by the end of 2011 approximately one billion workers will be mobile or remote at least part of the time - the potential for security threats grows, says the report. This is due to the diverse nature of devices remote and mobile users are accessing the network with and the growing percentage of access done from personal devices that the IT department can’t necessarily control. IT management will become more aware of the need to apply consistent policy controls for remote access and to protect endpoints from malware via the Internet as well as from removable storage such as thumb drives, it says.

This move toward a distributed workforce is also hastening the adoption of cloud-based security offerings that work across the diverse endpoint platforms leveraged by users to access the corporate network, according to MessageLabs.

“In 2011 businesses will increasingly begin to reap the benefits of adopting a hybrid infrastructure that is premise-based, private cloud-based and public cloud-based and will seek to deliver a seamless user experience regardless of device or access location,” reads the report.

Enhanced Web Security Policies

The MessageLabs report says that in 2010, more than 80 percent of malicious threats discovered were found on legitimate web sites that had been compromised by third-party content. That trend, combined with the growing interest in social media Web sites by corporate departments for business use, will lead IT managers to craft more granular and specific Web security policies in 2011, the report says. For example, IT will have to specify which departments, or even users within departments, can be granted access to certain Web sites.

The report estimates that custom IT policy rules will increase from 30 to 50 per organization on average in order to clearly lay out who in the organization is authorized to access which Web sites. In addition, default policies will also become more granular in 2011 in order to help IT managers maintain security.

A New Era in Malware

The Stuxnet Trojan that emerged in 2010 has ushered in a new era of malware that represents much greater focus on specific targets than has been seen in the past, the report says. Stuxnet, which infiltrated programmable logic controllers at utility companies, was a well-funded, well planned attack to not only gain access to these controllers, but to actually slow operations at these types of critical infrastructures.

“This specialized malware written to exploit physical infrastructures will continue in 2011 driven by the huge sums of money available to criminal enterprises at low risk of prosecution,” reads the report. “These attacks will range from the obvious targets, like smart phones, to any number of less obvious yet critical systems like power grid controls or electronic voting systems. Any technology that can be exploited for financial gain or influence will become a potential target.”

2011 will also see malware that not only infects search-engine results to lead people to malicious Web sites -- as was seen in 2010 -- but to also identify Web sites that are likely to experience high levels of traffic due to current events or news, therefore maximizing the number of systems that could be infected. Such identifying will be done by monitoring micro-blogging sites and hot-topic feeds to determine which sites should be targeted, combined with information about such sites’ potential technical vulnerabilities that makes them easier to infect, says the report.

What’s New: Steganography, Digital Virtual Currencies

Looking to provide some business continuity to their botnet operations, cyber criminals are expected to employ new and different techniques for keeping their servers up, says the report. One such technique expected to be employed is steganography, where criminals hide botnet commands in plain sight, such as within image or music files. This technique would allow criminals to send commands to bots on a botnet with minimal chance of discovery, says the report, while removing the need to rely on an ISP to keep their networks up.

Also in 2011, MessageLabs expects more social networks and online marketplaces to begin offering their own currency, such as credits that can be accumulated and carry value. With that trend will come exploits, says the report, in the form of malware, rogue applications, and phishing attacks.

“...these systems will come under prolonged attack where a weakness in one will be identified as the target in a mainstream malware attack or phishing scam in 2011,” the report says. “These currencies will also be exploited as a means of transferring ill gotten gains outside of national and international banking regulatory and anti-laundering regimes.”

Exploiting Router, URL Shortening Vulnerabilities

Router vulnerabilities give attackers with malicious intent a way to re-route network traffic, says the report. In 2011, MessageLabs expects to see new variants of malware that can search for vulnerabilities in networking hardware and exploit them, which is possible because of the infrequency with which networking equipment software and firmware is typically upgraded.

2010 saw exploits in URL shortening services - Web sites that shorten lengthy URLs that are typically used in social networking posts - leading to compromised sites. MessageLabs expects these exploits to become more sophisticated in 2011, with cyber criminals either taking over these sites completely or setting up their own sites that appear legitimate but return to users URLs pointing to malicious sites, says the report.

The Diversification of Targeted Attacks

2010 also saw attackers focusing their efforts on industries that hadn’t been targets in the past; for example the report says that at one point this year 25 percent of attacks were targeted at the retail sector, which hadn’t experienced targeted attacks in the past. MessageLabs expects this trend to continue in 2011, and for the range of industries under attack to spread.

“This means that attackers will also seek indirect entry into specific industries by exploiting contractors and suppliers, rather than directly targeting only the executives in each industry sector,” says the report.