The most popular smartphones with consumers appear to be in the
greatest danger of viruses and malware in the coming year,
according to the security firm McAfee.
In its 2011 Threat Predictions report, the company's list
comprises 2010's most buzzed about platforms and services,
including Google's Android, Apple's iPhone, foursquare, Google TV
and the Mac OSX platform, which are all expected to become major
targets for cybercriminals.
McAfee Labs also predicts that politically motivated attacks
will be on the rise, as more groups are expected to repeat the
WikiLeaks paradigm.
"We've seen significant advancements in device and social
network adoption, placing a bulls-eye on the platforms and services
users are embracing the most," said Vincent Weafer, senior vice
president of McAfee Labs. "These platforms and services have become
very popular in a short amount of time, and we're already seeing a
significant increase in vulnerabilities, attacks and data
loss."
URL-shortening services
Social media sites such as Twitter and Facebook have created the
movement toward an "instant" form of communication, a shift that
will completely alter the threat landscape in 2011. Of the social
media sites that will be most riddled with cybercriminal activity,
McAfee Labs expects those with URL-shortening services will be at
the forefront.
The use of abbreviated URLs on sites like Twitter makes it easy
for cybercriminals to mask and direct users to malicious websites.
With more than 3,000 shortened URLs per minute being generated,
McAfee Labs expects to see a growing number used for spam, scamming
and other malicious purposes.
Geolocation services
Locative services such as foursquare, Gowalla and Facebook
Places can easily search, track and plot the whereabouts of friends
and strangers. In just a few clicks, cybercriminals can see in real
time who is tweeting, where they are located, what they are saying,
what their interests are, and what operating systems and
applications they are using.
This wealth of personal information on individuals enables
cybercriminals to craft a targeted attack. McAfee Labs predicts
that cybercriminals will increasingly use these tactics across the
most popular social networking sites in 2011.
Mobile attacks
Threats on mobile devices have so far been few and far between,
as "jailbreaking" on the iPhone and the arrival of Zeus were the
primary mobile threats in 2010. With the widespread adoption of
mobile devices in business environments, combined with historically
fragile cellular infrastructure and slow strides toward encryption,
McAfee Labs predicts that 2011 will bring a rapid escalation of
attacks and threats to mobile devices, putting user and corporate
data at very high risk.
Creases in Apple's armor?
Historically, the Mac OS platform has remained relatively
unscathed by malicious attackers, but McAfee Labs warns that
Mac-targeted malware will continue to increase in sophistication in
2011. The popularity of iPads and iPhones in business environments,
combined with the lack of user understanding of proper security for
these devices, will increase the risk for data and identity
exposure, and will make Apple botnets and Trojans a common
occurrence.
Privacy leaks—from your TV
New Internet TV platforms were some of the most
highly-anticipated devices in 2010. Due to the growing popularity
among users and "rush to market" thinking by developers, McAfee
Labs said it expects an increasing number of suspicious and
malicious apps for the most widely deployed media platforms, such
as Google TV.
These apps will target or expose privacy and identity data, and
will allow cybercriminals to manipulate a variety of physical
devices through compromised or controlled apps, eventually raising
the effectiveness of botnets.
Disguised as a friend
Malicious content disguised as personal or legitimate emails and
files to trick unsuspecting victims will increase in sophistication
in 2011. "Signed" malware that imitates legitimate files will
become more prevalent, and "friendly fire," in which threats appear
to come from your friends but in fact are viruses such as Koobface
or VBMania, will continue to grow as an attack of choice by
cybercriminals.
McAfee Labs said it expects these attacks will go hand in hand
with the increased abuse of social networks, which will eventually
overtake email as a leading attack vector.
Botnets
Botnets continue to use a seemingly infinite supply of stolen
computing power and bandwidth around the globe. Following a number
of successful botnet takedowns, including Mariposa, Bredolab and
specific Zeus botnets, botnet controllers must adjust to the
increasing pressure cybersecurity professionals are placing on
them. McAfee Labs predicts that the recent merger of Zeus with
SpyEye will produce more sophisticated bots due to improvements in
bypassing security mechanisms and law enforcement monitoring.
Additionally, McAfee Labs said it expects to see a significant
botnet activity in the adoption of data-gathering and data-removal
functionality, rather than the common use of sending spam.
Hacktivism
Next year marks a time in which politically motivated attacks
will proliferate and new sophisticated attacks will appear. More
groups will repeat the WikiLeaks example, as hacktivism is
conducted by people claiming to be independent of any particular
government or movement, and will become more organized and
strategic by incorporating social networks in the process.
McAfee Labs said it believes hacktivism will become the new way
to demonstrate political positions in 2011 and beyond.
A whole new category
Operation Aurora gave birth to the new category of advanced
persistent threat (APT, a targeted cyberespionage or cybersabotage
attack that is carried out under the sponsorship or direction of a
nation-state for something other than pure financial/criminal gain
or political protest. McAfee Labs warns that companies of all sizes
that have any involvement in national security or major global
economic activities should expect to come under pervasive and
continuous APT attacks that go after email archives, document
stores, intellectual property repositories and other databases.
Internet security firm McAfee has issued its 2011 threat assessment....