McAffee, one of the several av providers, predicted that more attacks are expected on 2011. The opportunities provided by the popularity of social networking sites and smart phones can’t be ignored by cyber perpetuators.
[you can also read Symantec’s 2011 Security Predictions]
Below is the summary of the report written by Dmitri Alperovitch, Toralv Dirro, Paula Greve, Rahul Kashyap, David Marcus, Sam Masiello, François Paget, and Craig Schmugar of McAfee Labs:
- Exploiting Social Media:
- URL-shortening services – The use of abbreviated URLs on sites on micro blogging sites makes it easy for cybercriminals to mask and direct users to malicious websites. With more than 3,000 shortened URLs per minute being generated, McAfee Labs expects to see a growing number used for spam, scamming and other malicious purposes.
- Geo location services – such services can easily search, track and plot the whereabouts of friends and strangers, making it easier for cyber criminals to monitor and target their victims. McAfee Labs predicts that cybercriminals will increasingly use these tactics across the most popular social networking sites in 2011.
- Mobile: With the popularity of smart phones, a whole new arena of opportunities are presented to cyber criminals to diversify their efforts.
- Apple: The popularity of iPads and iPhones in business environments, add to that is the misconception that apple devices are secured, will increase the risk for data and identity exposure, and will make Apple botnets and Trojans a common occurrence.
- Applications: Regardless of our choices of platform or device, we live in an application-centric world. The drawback to that world lies in the portability of our apps among mobile devices and the coming Internet TV platforms, which combined will make threats from vulnerable and malicious apps a major concern for 2011. In addition to malicious code, McAfee Labs expects to see apps that target or expose privacy and identity data. This danger will eventually lead to data exposure and threats through new media platforms such as Google TV.
- Sophistication Mimics Legitimacy: “Friendly fire”—in which threats appear to come from your friends—from social media such as Koobface and VBMania will continue to grow. This will go hand-in-hand with the increased abuse of social networks, which will eventually overtake email as a leading attack vector. Personalized attacks are about to get a whole lot more personal.
- Botnets: Botnets that employ FaceBook and Twitter will expand their scope to include popular social networking sites such as foursquare, Xing, Bebo, Friendster, and others. The growing populations and business use of these sites is something that cybercriminals simply cannot ignore.
- Hacktivism: Inspired by “wikileaks” new groups will emerge to follow their example
- Advanced Persistent Threats: The generally accepted definition of an APT is one that describes a targeted cyberespionage or cybersabotage attack that is carried out under the sponsorship or direction of a nation-state for something other than a pure financial/criminal reason or political protest. Not all APT attacks are highly advanced and sophisticated, just as not every highly complex and well-executed targeted attack is an APT. The motive of the adversary, not the level of sophistication or impact, is the primary differentiator of an APT attack from a cybercriminal or hacktivist one.
For a full copy of the 2011 Threat Predictions report, go here