2011 Security Preview: Apple, Facebook Beware


Security software firms are gearing up for what's expected to be another year of unprecedented growth in complex malware as hackers zero in on the most popular and least secure devices and applications to rip off consumers and infiltrate enterprise data networks.

Unlike years past when pesky spam missives and the occasionally worm or virus outbreak accounted for the bulk of security threats, 2011 figures to be long on threats that take advantage of the very attributes that make smartphones, social media and cloud computing applications so compelling to users.

More to the point, hacking tactics have evolved as the explosion in mobile devices and distributed computing systems has expanded beyond mostly consumer-centric applications and services to a virtual necessity in the workplace. Not only will the next generation of phishing and malware scams be more targeted -- right down to specific employee email accounts and devices -- but they will be much more difficult to detect and eradicate before too much damage is done.

Security software vendor McAfee (NYSE: MFE) is one of several firms predicting a dramatic surge in attacks on Apple (NASDAQ: AAPL) devices like the iPhone and the iPad. For year, the Mac operating system was largely ignored by malware authors in favor of Windows applications and devices, which had a much larger user base and, comparatively, far more coding flaws to exploit.

But the popularity of the iPhone and iPad and the millions of applications written specifically for these mobile devices has created a new fertile field for those inclined to write malicious code to take advantage of users' relative naiveté regarding their smartphones.

"We’ve seen significant advancements in device and social network adoption, placing a bulls-eye on the platforms and services users are embracing the most," said Vincent Weafer, senior vice president of McAfee Labs. "These platforms and services have become very popular in a short amount of time, and we’re already seeing a significant increase in vulnerabilities, attacks and data loss."

McAfee security researchers said bringing the iPhone and the iPad into the enterprise creates a serious dilemma for IT administrators charged with integrating these devices and applications into the network even though many users lack the understanding and appreciation for the security risks inherent in these nascent mobile devices.

Mobile devices and social media are birds of a feather. Smartphone operating systems and hardware designs are increasingly catered to the Facebook frenzy, giving users instant access and functionality to keep pace with instantaneous updates from the social media world.

Hackers know all too well that most smartphone users let down their guard while checking their Facebook page or checking account balance in ways they otherwise wouldn't if they were using a desktop PC at the office. The convenience of clicking on an abbreviated URL on Twitter to stay abreast of the latest work or entertainment data they crave has given hackers abundant opportunities to steal data and guide users to malicious sites and content.

At one point in July, McAfee recorded more than 23.4 billion pieces URL-shortened spam in a 24-hour period, a sign of both the prevalence of Twitter-induced exploits and the willingness of many users to throw caution to the wind to get the latest news or updates from friends.

"With more than 500 million active users, Facebook's popularity will continue to be an appealing target for cyber attackers," security software firm AppRiver warned in its 2011 data security preview (PDF format). "Twitter will also continue to be a source of worms and spam campaigns targeting its users."

"More and more companies are offering mobile support with the massive proliferation of smartphones," it added. "This constant quest for convenience will bring malware authors and scammers to where the people are."

Expect a surge in so-called hackitivsm threats from rogue organizations, disgruntled employees and even nation states and organizations looking to either block people from visiting particular sites or to penalize supporters who visit them on a regular basis.

And because most mobile devices included geolocation features that make it convenient for retailers to offer discounts and other promotions to customers in their vicinity, hackers are already using this data to identity exactly where potential targets are -- or are not -- to steal identities and confidential login and password data.

"In just a few clicks, cybercriminals can see in real time who is tweeting, where they are located, what they are saying, what their interests are, and what operating systems and applications they are using," McAfee researchers said. "This wealth of personal information on individuals enables cybercriminals to craft a targeted attack."

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Follow eSecurityPlanet on Twitter: @eSecurityP.