McAfee: Cyber Threats in 2011

Tuesday, January 4, 2011 @ 04:01 PM gHale

A new year always brings with it the possibilities of great things, however it also brings predictions on what the new cyber threats will be for the year. Stuxnet ended up being the blockbuster cyber threat of the year, but will there be more of the same in 2011?

The biggest cyber threats for this year will include malicious applications on mobile devices and attacks aimed at stealing government secrets and sabotaging business operations, according to a report from security software company, McAfee.

Every year, the computer security firm issues a list predicting what will be the biggest cyber scares during the coming year. New for 2011 is the projection that perpetrators will target social media communications on mobile devices, a means of interaction that businesses, including agencies, increasingly depend on for work.

The societal shift from desk-based email communications to mobile instant messaging and Twitter insta-blogging has transformed the threat landscape, according to the report.

The authors, all specialists employed by McAfee Labs, the firm’s research arm, expect to see apps expose privacy and identity data.

“These tools have historically weak coding and security practices, and will allow cybercriminals to manipulate a variety of physical devices through compromised or controlled apps,” the researchers wrote.

According to the threat list, “friendly fire” malware, which appears to come from contacts on social networks, will grow.

“Social media connections will eventually replace email as the primary vector for distributing malicious code and links,” the authors wrote. “The massive amount of personal information online coupled with the lack of user knowledge of how to secure this data will make it far easier for cybercriminals to engage in identity theft and user profiling than ever before.”

For example, phishing will move to Twitter because email is no longer vulnerable.

The transition to mobile communications also creates an easy opportunity for fraud purveyors to pinpoint the location of potential victims. More Internet users are logging on to the Web via portable devices with Global Positioning System satellite technology. Many GPS tools essentially broadcast people’s coordinates to friends and colleagues so they can see where they are.

“You can easily search, track and plot the whereabouts of friends and strangers,” the report stated. “In just a few clicks cybercriminals can see in real time who is Tweeting and where, what they are saying, what their interests are, and the operating systems and applications they are using.”

In 2011, shortened Web addresses, which are perfect for inserting website locations in word-constrained mobile messages and Tweets, will become ideal for masking fake websites, the researchers said.

“The trouble — and abuse — follows because users do not know where these shortened links actually lead until they click them,” the researchers said.

Malware distributors and phishers will start using these abbreviated Web addresses, or short URLs, to bypass the Web-filtering tools in offices.

Attackers’ motivation is also changing, according to the study. Instead of carrying out attacks to steal money or to send a political message, some groups, including nation-states and corporations, increasingly are interested in stealing intelligence.

McAfee defines these advanced persistent threats as government or organization-sponsored attempts at cyberespionage or cybersabotage for something other than political protest, or financial gain.

Other 2011 predictions detailed in the report: Cybercriminals will target more Apple-manufactured technologies; botnets, compromised computers that hackers hijack all at once to send viruses, will steal data from breached computers instead of sending spam; and “hacktivism” attacks, intended to discredit political opponents, will intensify.