Gartner Blog Network


Top Ten 2011 Threats and Trends

by Avivah Litan  |  December 15, 2010  |  4 Comments

It’s coming to the end of 2010, and I’m often asked by our clients what to expect in terms of new threats and related trends in 2011.

I have to say I don’t see total revolutions in the threats – just continuing evolutions of the same threats we have seen for years (and more or less for centuries).

So here’s my top of mind list:

a)      More Zeus like attacks – where sessions are hijacked. In 2011, expect to see PC device identification and credentials stolen and copied so that criminals look just like the good guy/owner of the PC. This has already started but will increase substantially in 2011, so that PC fingerprinting or tagging on its own will be circumvented.

b)      More Proxying of phone services, so that the criminals can fake the caller id to make it look legitimate. This is already an attack method but it will pick up in 2011.

c)       Government agencies (e.g. FTC in the U.S.) will require that the browser companies institute features that consumers can use to turn off tracking by web sites and services. (For example Microsoft just announced such a feature in IE9). However, these are impractical for consumers to manage and won’t be very useful.

d) Likewise, new government regulations in response to privacy concerns will move online advertising companies and networks to start relying on ‘clientless’ device fingerprinting technology instead of tagging PCs with files. See our research on this if you are interested.  For example “Privacy Concerns Collide with Flash Cookies”).

e)      Mobile devices will increasingly be used for fraud detection, so that payment services and banks can correlate mobile location information with other transaction information before making an authorization decision. (See recent Visa announcement with Validsoft).

f)      More flash attacks that fly under the radar of bank fraud detection systems, forcing U.S. banks to move to stronger cardholder authentication (e.g. OTP or chip cards or using the phone as a chip card).

g)       More skimming at POS systems and unattended self-service terminals (e.g. gas pumps),  sending the card companies and PCI Council into a tizzy over what to do about it.

h)      Hijacking of workstation sessions that are used to apply for loans or credit cards at distributed user workstations.

i)      More merchant account takeover – and initiation of refunds from them to criminal accounts.  Also setting up fake merchant accounts and using stolen cards to charge fake goods and services to, in order to launder money through these fake merchant accounts.

j) and of course more targeted attacks against employee and internal accounts going after sensitive information and systems (e.g. control systems), as much as data.

I’m sure we will see a lot more than just these but these are the ones that I’m expecting to see pick up in 2011.

Of course, all of this is good news for the innovative security firms that have good defenses to sell…

Category: 

Avivah Litan
VP Distinguished Analyst
19 years at Gartner
34 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Ms. Litan's areas of expertise include endpoint security, security analytics for cybersecurity and fraud, user and entity behavioral analytics, and insider threat detection. Read Full Bio


Thoughts on Top Ten 2011 Threats and Trends


  1. […] This post was mentioned on Twitter by Uptime Devices and Suvish Viswanathan, Avivah. Avivah said: 2011 Threats and Trends http://bit.ly/gK6RmP […]

  2. Avivah Litan says:

    Thank to you! If you think of any I’ve missed, please let me know.

  3. […] Litan at Gartner has released her top ten fraud predictions for 2011. She’s much smarter than I, and I’m not a security expert either so I wouldn’t […]

  4. Tom Mahoney says:

    This is an excellent list but there are two things that I think we’ll be seeing a lot more of.

    I think “Friendly fraud” against e-Commerce is going to be a big one and it will start soon and I’m very concerned about the proliferation of contactless cards and their vulnerabilities.

    I wrote about it at http://www.merchant911.org/blog/index.php/2010/12/27/top-ten-things-to-watch-in-2011/
    and I’d be very interested in hearing what the real experts have to say.



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.