Botnets Will Dominate Cyberattacks Through 2013: Gartner
While not sophisticated, botnets are a resilient method for launching attacks against government and business, says Gartner.
NATIONAL HARBOR, Md. -- The past year has been replete with dramatic headlines documenting cyberattacks against high-profile targets, including Google and the Defense Department, but the basic method of delivering those exploits has held to a familiar pattern, a senior analyst at Gartner said Monday at the research firm's annual Security and Risk Management Summit.
It's not so much that the attacks are becoming hopelessly sophisticated, Gartner's John Pescatore argued. Instead, the botnet style of attack has proven remarkably resilient as an entry point into corporate systems as enterprises embrace new technologies, such as the cloud, virtualization and social networks.
"We're widening the openings at the same time that they've got these new delivery mechanisms -- botnet delivery mechanisms -- working pretty well," Pescatore said.
The resilience of the botnet style of attack has put other, more sophisticated threats on hold, such as exploits targeting hypervisors or service-oriented architecture (SOA) technologies, according to Gartner.
"What we've seen is that attacks like social networks and the botnet-type things have sort of been so fruitful that we haven't seen many of these advanced attacks make much of an impact on the enterprise," he said.
"I think for at least the next two years," Pescatore added, "we will continue to see the bot delivery mechanism be the delivery mechanism for the most damaging attacks."
Gartner is projecting that will change by the end of 2013 when it expects to see a new crop of delivery mechanisms for attacks targeting hybrid cloud environments where virtualized data centers link to public cloud environments, such as those offered by Google (NASDAQ: GOOG) and Amazon (NASDAQ: AMZN).
But even with the emergence of new attack vectors, Gartner still isn't looking ahead to a torrent of innovation from the black hats. Throughout the next five years, the firm is projecting that 90 percent of the successful cyberattacks will either exploit vulnerabilities that are already known to researchers or ones they "should know about," Pescatore said.
Peering into his crystal ball -- the analyst's prerogative -- Pescatore expects financially motivated cybercrime to account for about 90 percent of the new and damaging threats through 2015.
"This is where we invariably see the first examples of the sophisticated [new] threats," he said.
That comes despite the increasing warnings from government officials about politically motivated cyberwarfare or "hacktivism." But Pescatore noted that there was a mercenary element even in incidents, such as the attack against Google last year that was traced to China, and ultimately resulted in the company shuttering its search operations on the mainland after a standoff over Web censorship.
Aside from targeting the Gmail accounts of Chinese human rights advocates, the authors were after intellectual property housed in Google's California headquarters.
Pescatore is also not convinced that the periodic and often dire warnings about a wave of malware targeting smartphones will come to pass.
"By far the biggest threat and the biggest damage caused on those devices to data is physical loss," he said. "The threat is not malware getting on those devices. The threat is those devices getting lost or stolen."
Gartner has a multipronged security checklist for enterprises evaluating mobile devices, recommending that IT buyers choose devices that have enforceable password policies, a timeout timer, content encryption and a kill switch that can be activated remotely.
By those criteria, Pescatore considers RIM's BlackBerry the "high-water mark" for smartphone security, though he acknowledged that Apple's (NASDAQ: AAPL) iPhone took a significant step forward with the addition of encryption.
Pescatore estimates that a major smartphone security breach of a magnitude that seriously disrupts the operations of an enterprise won't occur before 2013.