Security technology company McAfee released its 2011 Threat Predictions report this month, outlining the top online threats for this year.
Some of the most popular gadgets and services from 2010, like Google’s Android and Google TV, and Apple’s iPhone and Mac OS X platform, are predicted to be major targets for cyberattacks this year.
McAfee and its researchers also predict acts of “hacktivism” to be more common, as more groups commit politically motivated cyberattacks like those of Wikileaks.
“With more users adopting social networking for both personal and business activities, they have quickly become a highly vulnerable target for cybercriminals to exploit,” said Michael Sentonas, McAfee CTO for APAC.
“The popularity of social platforms and mobile devices will lead to a rapid increase in attacks putting user and corporate data at risk.”
So, what are likely to be the most common online threats in 2011?
1. URL-shortening services: easy target for cybercriminals?
Social media sites such as Twitter and Facebook have created the movement toward an “instant” form of communication, a shift that will completely alter the threat landscape in 2011.
Of the social media sites that will be most riddled with cybercriminal activity, McAfee Labs expects those with URL-shortening services will be at the forefront.
The use of abbreviated URLs on sites like Twitter makes it easy for cybercriminals to mask and direct users to malicious websites.
With more than 3,000 shortened URLs per minute being generated, McAfee Labs expects to see a growing number used for spam, scamming and other malicious purposes.
2. Social Media exploitation with location, location, location
Locative services such as foursquare, Gowalla and Facebook Places can easily search, track and plot the whereabouts of friends and strangers.
In just a few clicks, cybercriminals can see in real time who is tweeting, where they are located, what they are saying, what their interests are, and what operating systems and applications they are using.
This wealth of personal information on individuals enables cybercriminals to craft a targeted attack. McAfee Labs predicts that cybercriminals will increasingly use these tactics across the most popular social networking sites in 2011.
3. Are smart phones outsmarting us?
Threats on mobile devices have so far been few and far between, with “jailbreaking” on the iPhone and the arrival of Zeus were the primary mobile threats in 2010.
With the widespread adoption of mobile devices in business environments (73 million iPhones have been sold since their initial release in 2003), combined with historically fragile cellular infrastructure and slow strides toward encryption, McAfee Labs predicts that 2011 will bring a rapid escalation of attacks and threats to mobile devices, putting user and corporate data at very high risk.
4. Apple: No longer flying under the radar
Historically, the Mac OS platform has remained relatively unscathed by malicious attackers, but McAfee Labs warns that Mac-targeted malware will continue to increase in sophistication in 2011.
The popularity of iPads and iPhones in business environments, combined with the lack of user understanding of proper security for these devices, will increase the risk for data and identity exposure, and will make Apple botnets and Trojans a common occurrence.
5. Applications: Privacy leaks—from your TV
New Internet TV platforms were among the most highly-anticipated devices in 2010.
Due to the growing popularity among users and “rush to market” thinking by developers, McAfee Labs expects an increasing number of suspicious and malicious apps for the most widely deployed media platforms, such as Google TV.
These apps will target or expose privacy and identity data, and will allow cybercriminals to manipulate a variety of physical devices through compromised or controlled apps, eventually raising the effectiveness of botnets.
6. Sophistication Mimics Legitimacy: Attacks from ‘friends’
Malicious content disguised as personal or legitimate emails and files to trick unsuspecting victims will increase in sophistication in 2011.
“Signed” malware that imitates legitimate files will become more prevalent, and “friendly fire,” in which threats appear to come from your friends but in fact are viruses such as Koobface or VBMania, will continue to grow as an attack of choice by cybercriminals.
McAfee Labs expects these attacks will go hand in hand with the increased abuse of social networks, which will eventually overtake email as a leading attack vector.
7. Botnets: The new face of Mergers & Acquisitions
Botnets continue to use a seemingly infinite supply of stolen computing power and bandwidth around the globe.
Following a number of successful botnet takedowns, including Mariposa, Bredolab and specific Zeus botnets, botnet controllers must adjust to the increasing pressure cybersecurity professionals are placing on them.
McAfee Labs predicts that the recent merger of Zeus with SpyEye will produce more sophisticated bots due to improvements in bypassing security mechanisms and law enforcement monitoring.
Additionally, McAfee Labs expects to see a significant botnet activity in the adoption of data-gathering and data-removal functionality, rather than the common use of sending spam.
8. Hacktivism: Following the WikiLeaks path
2011 marks a time in which politically motivated attacks will proliferate and new sophisticated attacks will appear.
More groups will repeat the WikiLeaks example, as hacktivism is conducted by people claiming to be independent of any particular government or movement, and will become more organised and strategic by incorporating social networks in the process.
McAfee Labs believes hacktivism will become the new way to demonstrate political positions in 2011 and beyond.
9. Advanced Persistent Threats: A whole new category
Operation Aurora gave birth to the new category of advanced persistent threat (APT)— a targeted cyberespionage or cybersabotage attack that is carried out under the sponsorship or direction of a nation-state for something other than pure financial/criminal gain or political protest.
In October 2010, the Australian military found a 230 percent increase in cyber attacks against its networks.
McAfee Labs warns that companies of all sizes that have any involvement in national security or major global economic activities should expect to come under pervasive and continuous APT attacks that go after email archives, document stores, intellectual property repositories and other databases.
For a full copy of the report, visit 2011 Threat Predictions.