Privacy violations and data theft will be the top security issues organizations need to focus on in the coming year. Cyber-espionage and social networking attacks will be the trends to watch, together with other, more traditional threats.
Cyber-espionage aimed at companies and government agencies will be as predominant as this year. From New Zealand to Canada, from Japan to the European Parliament, there have been countless attacks aimed at stealing secret or classified information.
We live in a world where all the information is in digital form, so modern-day spies no longer need to infiltrate a building to steal information. As long as they have the necessary computer skills, they can wreak havoc and access the best-kept secrets of organizations without ever leaving their living-rooms.
In the case of home users, cyber-criminals will continue to target social media sites to steal personal data. Social engineering techniques exploiting users’ weaknesses have become the leading attack method for hackers.
Social networking sites provide a space where users feel safe as they interact with friends and family. The problem is that attackers are creating worms that take advantage of that false sense of security to spread their creations, and it is really easy for them to trick users with generic messages like “Look, you’re on this video” for example. Sometimes, curiosity can be our own worst enemy.
Following is a summary of what I predict as the major security trends of 2012:
- Mobile malware
Over ten years ago, antivirus companies started making dire predictions of a mobile malware epidemic. Years later, as the situation was not as apocalyptic as predicted, they started claiming that the installation of antivirus software on mobile phones had prevented the catastrophe. Well, they were wrong again. If having an antivirus solution were enough to solve all types of malware problems, the world would be a happier place.
Unfortunately though, both users and security vendors alike are in the hands of cyber-crooks, who are the ones who decide which platform to target. In this context, last year I predicted a surge in cyber attacks on mobile phones, and the fact that Android has become the number one mobile target for cyber-crooks in 2011 confirms that prediction.
In 2012 there will be new attacks on Android, but it will not be on a massive scale. New mobile payment methods –via NFC for example– could become the next big target for Trojans but, as always, this will largely depend on their popularity.
- Malware for tablets
The fact that tablets share the same operating system as smartphones means that they will be soon targeted by the same malware as those platforms. In addition, tablets might draw a special interest from cyber-crooks as people are using them for an increasing number of activities and they are more likely to store sensitive data than, say, a smartphone.
- Mac malware
As the market share of Mac users continues to grow, the number of threats will grow. Fortunately enough, it seems that Mac users are now more aware that Mac is not immune to malware attacks and they are increasingly using antivirus programs, hindering cyber-crooks. The number of malware specimens for Mac will continue to grow in 2012, although much less than for PCs.
- PC malware
In the past few years, the number of malware threats has grown exponentially, and everything seems to indicate that the trend will continue in 2012. Trojans are cyber-crooks’ weapon of choice for their attacks, as shown by the fact that three out of every four new malware strains created in 2011 were Trojans, designed to sit silently on users’ computers and steal their information.
- Cyber-crooks targeting small to medium-sized companies
Why do cyber-criminals target online banking customers instead of directly attacking banking institutions to steal money? The answer to this question has to do with the cost-benefit ratio of the attack: Financial entities are usually very well protected, and the chance of launching a successful attack is remote and very costly.
However, attacking their customers to steal their identity and impersonate them is much simpler. The security of small to medium-sized companies is not that strong, and this makes them very attractive for cyber-thieves, who can steal data from hundreds or thousands of users in one go. On many occasions, small to medium-sized companies do not have dedicated security teams, which makes them much more vulnerable.
- Windows 8
The next version of Microsoft’s popular operating system is scheduled for November 2012, so even though it is not supposed to have much on an impact on the malware landscape in the coming year, it will surely offer cyber-crooks new opportunities to create malicious software. Windows 8 will allow users to develop applications for virtually any device (PCs, tablets and smartphones) running Windows 8, so it will be possible to develop malicious applications like those for Android. This, in any event, will probably not take place until 2013.
The overall picture is not improving. As new technologies advance, cyber-crooks develop new modes of attack sometimes by simply adapting old techniques to the new platforms. In the end, users’ false sense of security is cyber-crooks’ best friend.