Malware campaigns targeting mobile devices and critical infrastructure will become more prevalent in 2011, forcing consumers and enterprises to step up their vigilance to keep pace with these ever-evolving security threats.
According to security software vendor Symantec (NASDAQ: SYMC), 2011 will usher in a new era of specialized malware threats directed less at PCs and servers and more at specific people, organizations, devices and computer systems.
Social media sites, such as Facebook and Twitter and public-facing corporate websites and blogs provide plenty of data for hackers to construct more specific and sophisticated campaigns designed to get more valuable -- and damaging-- information in assembly line-like fashion.
"In 2011, criminal enterprises will increasingly automate this research to create a heavier volume of more powerful and convincing attacks that appear particularly relevant, interesting and/or newsworthy to the intended victims," Daren Lewis, a security analyst at Symantec, wrote in blog post detailing the some of the new threats and tactics hackers will employ in the new year.
The very features that attract consumers and businesses to social media -- immediacy, relevance, personalization and interaction -- are also the same qualities that make these websites and applications so appealing to malware purveyors.
With more than 60,000 new malware pieces identified each day, the challenge for security software vendors and their customers is to implement universal security policies and applications that safeguards data without strangling their access to cloud-based apps and services from their mobile devices.
"We expect IT managers will be forced by business necessity to implement more granular and refined Web security policies," Symantec researchers said. "The number of custom policy rules will increase from approximately 30 to more than 50 per organization to achieve a more granular response to Web filtering. Also, default policies will become more nuanced, industry-specific and business-role-specific to ease the burden on IT managers."
The high-profile Stuxnet worm attack on an Iranian nuclear power plant in September has most security experts convinced that similar attacks will be launched next year against specific systems controlling key infrastructure, such as power grids, electronic voting systems and transportation systems.
"Any technology that can be exploited for financial gain or influence will become a potential target," Symantec officials warned.
While the overall volume of spam retreated significantly in the second half of 2010, Symantec is predicting a marked increase in language-targeted spam, particularly in Europe and Asia. In 2010, roughly 95 percent of all spam was in English, but that figure is expected to slip to around 90 percent in 2011 while Portuguese and Spanish spam will increase significantly.
Symantec will release a comprehensive 2010 malware review next week, as well as some more detailed predictions and recommendations for 2011 next week.
Keep up-to-date on malware predictions; follow eSecurityPlanet on Twitter @eSecurityP.