Posts

2012 Threats: Are You Ready?

History is said to be a good indicator of what might come in the future. If you follow trends in how things are done and what tends to gain momentum then you can get a pretty good idea of what’s ahead.

McAfee Labs™ is made up of security professionals who spend all their waking hours observing and combating threats to our digital identifies. If anyone is in a position to give us a window into the future on information technology threats, it’s these guys and gals. Here’s what they are predicting we should watch out for in 2012:

–   Attacks on critical infrastructure and utilities— Attackers from all over the world have set their focus on critical life supporting utilities such as water and power to hold those utilities hostage for payment or to disable them to cause terror. This is the kind of industrial threat that many consumers fear. Unfortunately, many industrial and national infrastructure networks were not designed for modern connectivity, making them vulnerable.

–   Political hacktivism—Hactivism is the use of computers or computer networks to protest or promote political change. “Anonymous” is the group which was active last year doing high profile activities such as briefly taking down New York Stock Exchange’s website in support of the Occupy Wall Street protests.

–   Spam, spam, and more spam—Spam is getting easier and cheaper based on the U.S.’ CAN-SPAM Act. Shady, for profit, advertisers are making a mint selling lists to spammers, as advertisers are not required to receive consent before sending advertising.

–   Mobile malware—PCs are still the low hanging fruit. But as more mobiles are used for mobile commerce (mCommerce), virus makers are creating malware designed take over your phone or to deliver a variety of ads or even send expensive text messages from your phone.

–   Hacked cars, GPS and any wireless equipment—Cybercriminals are now targeting embedded operating systems or even hardware to gain control of everything from cars to global positioning system (GPS) trackers and medical equipment.

–   Cyberwar—Not trying to create fear here, just from observation, McAfee Labs has seen an increase in high-tech spying and other “cyber” techniques to gain intelligence.

As technology evolves and our use of the Internet and mobile devices becomes more complex, cybercriminals are also evolving and honing their skills with new types of attacks. But although some of the threats may seem scary, the reality is many offer new takes on old forms of attack and with a little bit of foresight and preparedness we can guard against them.

Robert Siciliano is a McAfee Online Security Evangelist. See him discussing attacks on our critical infrastructure on Fox News (Disclosures)

Top Targets for Emerging Threats in 2011

This McAfee Labs list comprises 2010’s most buzzed about platforms and services, all of which are expected to be major targets for cybercriminals in the coming year.

Exploiting Social Media: URL-shortening services
With more than 3,000 shortened URLs being generated per minute, McAfee Labs expects to see a growing number used for spam, scamming, and other malicious purposes.

Exploiting Social Media: Geolocation services
Locative services can easily search, track, and plot the whereabouts of friends and strangers. Cybercriminals can see what users are saying and where they are located in real time, as well as their interests and which operating systems and applications they are using.

Mobile: Usage is rising in the workplace, and so will attacks
2011 will bring a rapid escalation of attacks and threats to mobile devices, putting user and corporate data at very high risk.

Apple: No longer flying under the radar
The popularity of iPads and iPhones in business environments, combined with the lack of user understanding of proper security for these devices, will increase the risk for data and identity exposure.

Applications: Privacy leaks—from your TV
New Internet TV platforms were “rushed to market” by developers, and some lack security. These apps will target or expose privacy and identity data, and will allow cybercriminals to manipulate a variety of physical devices through compromised or controlled apps.

Sophistication Mimics Legitimacy: Your next computer virus could be from a friend
Malicious content disguised as personal or legitimate emails and files to trick unsuspecting victims will increase in sophistication. “Signed” malware that imitates legitimate files will become more prevalent, and “friendly fire,” in which threats appear to come from your friends, will grow.

Botnets: The new face of Mergers & Acquisitions
Botnets continue to use a seemingly infinite supply of stolen computing power and bandwidth. McAfee Labs predicts that the recent merger of Zeus and SpyEye will produce more sophisticated bots.

Hacktivism: Following the WikiLeaks path
Politically motivated hacks will proliferate and new, more sophisticated attacks will occur. More groups, consisting of individuals claiming to be independent of any particular government or movement, will follow WikiLeaks’ lead.

Advanced Persistent Threats: A whole new category
Operation Aurora gave birth to the new category of advanced persistent threat (APT)— a targeted cyber espionage or cyber sabotage attack carried out under the sponsorship or direction of a nation-state for something other than pure financial/criminal gain or political protest.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses credit and debit card fraud on CNBC. Disclosures