Hacktivism, Mobile Scams Top 2011 Security Threats
Security software vendor Panda Security forecasts the top security threats to watch out for in the New Year.
Hackers motivated by money, country and ideology will pose ne, and more complex security challenges for consumers and enterprise IT administrators in 2011, according to a new report from security software vendor Panda Security.
Even though total malware production soared to an all-time high in 2010 with more than 60,000 new pieces being identified each day, Panda and other leading security software firms believe the worst is yet to come.
The combination of a lousy economy throughout most of the world, the convenience of relatively cheap do-it-yourself malware kits, and the outmanned and often overmatched enforcement agencies charged with policing cyberspace, create an appealing environment for hackers looking to line their pockets, make an ideological point or both.
"The overall picture is not improving," Luis Corrons, PandaLabs' technical director, said in the report. "Even though we saw several major arrests that hit hard in the world of cybercrime in 2010, it is still, sadly, insufficient when considering the scale of what the current malware landscape is."
Besides old scams like scareware and garden-variety SQL injection attacks, Panda Security expects to see a surge in so-called hacktivism attacks like the ones perpetrated in recent weeks against MasterCard, Visa and other sites in support of WikiLeaks founder Julian Assange. These attacks aren't necessarily designed at least not yet for financial gain, but rather to punish a particular person or organization or dissuade visitors to individual websites.
Panda also predicts a substantial increase in cyberwarfare and cyberterrorism campaigns using sophisticated malware like the Stuxnet worm to infiltrate networks operated by specific governments and organizations.
"Even users with limited technical knowhow can join in the distributed denial of service attacks (DDoS) or spam campaigns," the report said.
Socially engineered malware scams birthed on popular social media sites like Facebook and Twitter will continue to proliferate and become more targeted and distributed in nature, Corrons said. Whether it's truncated URLs to malicious websites or benign-appearing online surveys designed solely to steal login and password information, social networking sites figure to be a fertile field for hackers in 2011 and beyond.
Smartphones will be heavily targeted by malware authors and cybercrooks looking to exploit the devices' popularity and users' relative naivety to steal banking and credit card information, access proprietary enterprise networks and spread malware quickly.
Panda security researchers said Nokia's Symbian mobile operating system is currently attracting the most malware but that will start to change in 2011 with Android-based smartphones and tablets becoming "the number one target" for cybercriminals. Threats to Microsoft's Windows Phone 7 devices figure to be minimal for now until the devices start making significant inroads in both consumer and business markets.
Finally, Panda predicts more encrypted, stealth threats to emerge in 2011, connecting to servers and updating themselves repeatedly before security software firms can detect them. Also, these rapidly mutating attacks will target individuals, organizations and companies with greater selectivity, making successful malware campaigns more lucrative for the perpetrators.
"Profits from this black market amount to millions of dollars, and many criminals operate with impunity thanks to the anonymity of the Internet and numerous legal loopholes," Corrons added. "The economic climate has contributed to the seriousness of the situation: as unemployment grows in numerous countries, many people see this as a low risk opportunity to earn money."
Keep up with security news Follow eSecurityPlanet on Twitter: @eSecurityP.