Targeted Attacks on Rise

Thursday, November 24, 2011 @ 11:11 AM gHale

There will be an escalation in targeted attacks, growing social media threats and an increase in mobile malware, according to a new study by M86 Security.

“In 2011, we saw targeted attacks grow considerably more complex and damaging, impacting high-profile organizations which thrust the issue into the mainstream,” said Bradley Anstis, Vice President of Technical Strategy, M86 Security. “One of the most troubling trends is the rapid progression of mobile malware. Due to the ubiquity of mobile devices such as smartphones and tablets, cybercriminals see them as highly-profitable targets and are driven to develop new ways to compromise user data, and potentially breach privacy by tracking individuals’ locations.”

Malware Alert: Android up 472%
Busted: Ghost Click Nets Six
Malware Thrives, Remains Undetected
Smart Grid Security Framework Update

Cybercriminals elevated targeted attacks to a new level in 2011, refining their methods and going after well-known commercial and government organizations. Nothing was off limits. Sony and RSA are two examples of prominent companies that sustained significant, costly targeted attacks that compromised user data and impacted business continuity.

M86 Security Labs expects more of the same next year as cybercriminals exploit stolen digital certificates and use zero-day and multi-stage attacks to infiltrate organizations and access personal, corporate, and in some cases, classified government information.

In its 2010 annual report, M86 Security Labs predicted an increase in malicious spam that mimics social networking sites such as Facebook, Twitter, LinkedIn and Google +. This certainly rang true in 2011.

Another common social networking scam, called “likejacking,” tricks users into liking a malicious page that seems trustworthy, and is, in turn, shared with that user’s friends. Shortened URLs and fake surveys are other methods increasingly used in social engineering scams to encourage users to perform seemingly-legitimate actions, but instead download malware or steal data.

In 2011, malware developed for mobile platforms grew at an alarming rate. The Android platform became highly targeted as cybercriminals tried to intercept security controls deployed to protect users from banking Trojans.

Plus, growing numbers of users now network their personal mobile devices with their office computers, driving cybercriminals to escalate efforts to use these devices as bots. In fact, as users synchronize employer files, emails and other data to their unmanaged personal devices, organizations will need to prepare for the ensuing security and compliance issues.

Other threat trends anticipated in 2012 include the proliferation of malware in social media as users connect to these sites via mobile devices, and the ability for criminals to track individual user locations using mobile GPS coordinates. This is of particular concern when it comes to child safety.

“Mobile malware solutions are in their infancies, so their capabilities to protect users and networks are very limited,” Anstis said. “To help defend from an influx of mobile malware, organizations will need to extend their security policies to mobile devices. It will be critical to ensure that all personal devices that access an organization’s Wi-Fi and networks are covered.”

Leave a Reply

You must be logged in to post a comment.