Kaspersky Lab has released its forecast for the IT threat landscape for this decade (2011 – 2020). Kaspersky bases this forecast on an analysis of the main changes and issues in the sphere of IT security over the past decade, as well as emerging trends in the development of personal computers, mobile phones and operating systems.
According to the company's analysts, the most significant trends of the last ten years (2001-2010) were:
- Mobility and miniaturisation. Smaller and smaller devices can now access the Internet from virtually any point on the globe; making wireless networks the most popular method of connecting to the web.
- The transformation of virus writing into cybercrime (Crime committed using a computer and the internet to steal a person's identity, sell contraband, stalk victims or disrupt organisations with malevolent programs).
- Windows maintaining its leading position as a vendor of operating systems for personal computers.
- Intense competition in the mobile platform market with no clear-cut leader.
- Social networks and search engines – the primary services of today's Internet.
- Internet shopping – this sector already generates revenues that dwarf the annual budgets of some countries.
The defining feature of the next decade will be the end of Windows' domination of user operating systems. Though Microsoft's brainchild will remain the primary business platform, every day users will have access to an ever-expanding variety of alternative operating systems. Notably, even now the number of devices accessing the Internet via Windows and non-Windows platforms are almost the same, with the latter even occasionally exceeding their Microsoft counterparts.
The growing number of new operating systems will affect the process of threat creation – cybercriminals will not be able to create malicious code for large numbers of platforms. This leaves them with two options: either target multiple operating systems and have many individual devices under their control, or specialise in Windows-based attacks on corporations. The second variant will probably appeal to them more – by 2020, targeting individual users will become much more complex as the emerging trend of making payments electronically and using online banking will continue, however biometric user identification and payment protection systems will become the norm.
The coming changes in operating systems and their specifications will affect virus writing techniques as these new systems evolve. Many cybercriminals who used to target Windows devices will have to become adept at exploiting the new-generation operating systems. To retain their 'place in the sun', today's cybercriminal will need to enlist the help of members of the younger generation who are capable of writing malicious code for the new platforms. However, this state of affairs cannot prevail forever and we may well see 'turf wars' between different hackers and hacker groups.
Cybercrime in 2020 will almost assuredly divide into two groups. One group will specialise in attacks on businesses, sometimes to-order. Commercial espionage, database theft and corporate reputation-smearing attacks will be much in demand on the black market. Hackers and corporate IT specialists will confront each other on the virtual battlefield. State anti-cybercrime agencies will probably be involved in the process too and will have to deal predominantly with Windows platforms, in addition to the latest versions of traditional *nix systems.
The second group of cybercriminals will target those things that influence our everyday lives, such as transport systems and other services. Hacking such systems and stealing from them, making free use of them and the removal and changing of personal data about customers' activities will be the main focus of attention of the new generation of hackers, who will make a living this way.
The trend that has seen the Internet become both a popular resource for communication, entertainment and news, and a specially designed tool for Internet commerce and online payments, etc. will continue. The 'online user-base' will expand to include many mobile and smart devices capable of using the web to exchange or transfer information without the need for human intervention.
Botnets, one of today's most potent IT threats, will evolve dramatically. They will incorporate more and more mobile and Internet-enabled devices, and zombie computers as we know them will become a thing of the past.
The tools and technologies used in the field of communications will undergo massive change. These changes will see greatly increased data transfer rates and enhancements that will make the virtual communication experience much closer to that of real-life – by 2020, communication via the Internet with the help of a keyboard will be the stuff of old movies, meaning spammers will need to seek out new ways of delivering their unwanted correspondence to addressees across the globe. The first step the spammers will take is to change from targeting desktops to mobile devices. The volume of mobile spam will grow exponentially, while the cost of Internet-based communications will shrink due to the intensive development of cellular communication systems. As a result, users will be less likely to worry about unwanted advertising material.
The old adage 'Knowledge is power' will be more relevant than ever before. The struggle for the means to collect, manage, store and use information, about everything and everybody, will define the nature of threats for the next decade. Therefore the problem of privacy protection will be one of the key issues of the decade.