Web 2.0 is undoubtedly the platform for gateway of next generation web based computing. Author has discussed here major challenges and trends, likely to be in near future.

Today, cybercrime has overtaken illegal drug trafficking as a criminal money maker. Between July 2007 and June 2008, it is estimated that the potential worth of all stolen credit cards advertised was US$5.3 billion. And every three seconds, an identity is stolen online—that’s nearly 10,512,000 identities each year.
As cybercriminals’ methods get more devious and sophisticated, the security landscape on Web 2.0 continues to evolve. Every click matters: one wrong move is all it takes for cybercriminals to steal your private information and sell it to the highest bidder on the Internet black market. Here are some of the emerging Web 2.0 security threats and trends that industry is witnessing:

Explosion of new malware variants. Each month, security researchers block an average of more than 245 million attempted malicious code attacks across the globe, most of which have never been seen before. A combination of new distribution strategies, new media and Internet channels and increasingly advanced hacker techniques all add up to more malware. While attackers previously used to distribute a few threats to a large number of people, they are now micro distributing millions of distinct threats to smaller, unique groups of people.

Advanced web threats. In addition to the threats being new, they are becoming increasingly sneaky and complex. New scams, such as drive-by downloads, or exploits that come from seemingly legitimate sites, can be almost impossible for the average user to detect. Before the user knows it, malicious content has been downloaded onto their computer, marking the beginning of a often expensive and time consuming recovery process.

Social networks. Threats can come from all sorts of avenues within a social networking site. Games, links and notifications are easy starting points for phishers to use as they lead people into trouble.

More spam. We may not want it, but it still keeps coming. In October 2009, about 90 percent of all email messages were spam. The overall amount does fluctuate, but on average, the levels of spam have primarily risen rather than fallen. Big headlines almost always lead to more spam, and major headlines from 2009, such as the death of Michael Jackson, the H1N1 flu outbreak and the Diwali festival are examples of this. Furthermore, spam and phishing information was the 2nd most requested item on the cyber mafia’s underground economy.

Rogue security software. Examples of this include malicious advertisements or “malvertisments,” which redirect people to malicious sites, or “scareware,” which parade as antivirus scanners and scare people into thinking that their computer is infected when that’s not the case. To encourage users to install rogue software, cybercriminals place website ads that prey on users’ fears of security threats. These ads typically include false claims such as “If this ad is flashing, your computer may be at risk or infected,” urging the user to follow a link to scan their computer or get software to remove the threat.

Some throwbacks make comebacks. While much has changed on the threat landscape, some older trends have remained or made a comeback. Many cybercriminals have begun sending multiple distinct threats to smaller numbers of people, but there remain examples of cybercriminals distributing a few threats to a massive number of people. Whether the motivation for either method is financial or to wreak havoc, these threats are prompting the need for a multi-layered defense that combines traditional detection with complementary detection such as reputation-based security models.

Cross-industry cooperation to tackle cybersecurity. The Conficker worm in February 2009 prompted a collaboration of groups that combined to solve one of the most complexes and widely spread threats to hit the Web in several years. The group was comprised of industry leaders and people from academia and as they worked together, the combined efforts of the Conficker Working Group proved successful. Security researchers, Internet Corporation for Assigned Names and Numbers (ICANN) and operators in the domain name system were able to work with several industry vendors to coordinate a response that disabled domains targeted by Conficker. This example represents the type of collaboration that will likely increase in the industry in order to successfully address today’s security threats.

Looking Ahead…

Advanced Internet security protection is a necessity, not a luxury, to address these ever-evolving threats and trends. To capitalize on Web 2.0—an important tool to our lives and economies—we need to keep abreast of threats and trends in the online security landscape and deploy the necessary solutions in order to enjoy an online experience where trust is the norm, not the exception.

—By: Gaurav Kanwal, Country Sales Manager, India, Consumer Products and Solutions, Symantec