We take a look ahead to what threats await us in 2011.
In 2010 many of the security predictions made in the previous year came true, from increasing attacks on social networks to more mobile malware.
Clear trends emerge each year and 2011 looks likely to be no exception to the rule.
Whilst it is extremely challenging to predict the exact nature of future threats, it is certainly viable to map out possible occurrences.
With this in mind, we look at what some of the industry’s more prescient security experts expect to see next year.
War, what is it good for?
So much talk this year focused on Stuxnet. Whilst Microsoft has patched up all the holes Stuxnet was exploiting and the incredibly sophisticated piece of kit has been outed, what it made clear was that nation states are getting serious about cyber warfare.
Now Stuxnet has made its mark, it would not be a huge surprise if a country’s critical infrastructure was impacted in a major way in 2011. Indeed, Websense said similar exploits will be carried out once or twice in 2011.
Whilst copycats will not be hugely prevalent next year, they could certainly be trickier to detect.
“Compared to the number of more traditional cyber criminal attacks that will occur, those with Stuxnet’s level of sophistication will be few and far between,” said Alexander Gostev, chief security expert at Kaspersky Lab.
“However, when they do, they will be potentially far harder to detect and as they are unlikely to affect the average user, the majority of victims are unlikely to ever know they have been targeted.”
Nevertheless, nations will be busy shoring up their security across departments next year and preparing their armies to make strikes against hostile nations.
Tech portmanteaus are often irritating beasts but there is something rather cool about ‘hacktivism’ – it just seems to fit.
Anyone involved in the Anonymous hacktivist group was no doubt clinking champagne glasses when New Year’s Eve rolled around after a 2010 in which they made headline news for their pro-WikiLeaks DDoS attacks.
Anonymous hackers were also involved in attacks on anti-piracy sites, so expect their work to continue in any left-wing agenda that goes under their radar. No doubt as the WikiLeaks saga runs on, other firms who pull the plug from Julian Assange’s operation will be on the wrong end of a DDoS strike.
“Despite hasty attempts in many countries to pass legislation to counter this type of activity, effectively by criminalising it, we believe that in 2011 there will be yet more cyber protests, organised by this group or others that will begin to emerge,” Panda said.
More social silliness
Many predicted social networks would become virtual playgrounds for hackers in 2010 and they were right. Disconcertingly, 2011 looks likely to get even worse, according to a wide range of security experts.
Joona Airamo, chief information security officer at Stonesoft, warned one attack could affect millions of users.
”Hackers will use malware that copies a user’s address book and sends out malicious emails/files to all their friends,” he said.
“Just like the old email scams, the malicious file will look like it has been sent from the initial target so recipients will trust the source.“
Given the introduction of Facebook Messages, an attack like the one Airamo outlined could become even more widespread. With some hope, Zuckerberg and Co will be on their security game to protect users.
Social engineering will continue to be big in 2011 in general, with Trend Micro claiming cyber criminals will launch malware campaigns by bombarding unwitting users with emails that “drop downloaders” containing malware.
In 2010, zero-day threats were disturbingly common, affecting various pieces of much-used technology, including Adobe Reader, Windows and Internet Explorer.
This year, expect to see plenty more such sudden dangers and vendors scrambling to issue fixes.
“Zero-day vulnerabilities are widely considered something of a common occurrence. Sadly, that trend is set to continue in 2011, with zero-day threats becoming even more prevalent,” said Kaspersky’s Gostev.
“The rise in malicious exploits that seize on programming errors won’t just be down to new vulnerabilities they will also occur because of the speed at which cyber criminals react to such loopholes.”
More Mac attacks
Whilst Windows will remain the chief target for hackers, in terms of operating systems, cyber criminals will look to spread their net further as Microsoft’s market share is eaten away by the likes of Apple’s different offerings.
Already this year there has been a significant rise in malware targeting Apple users and a specialist version of the notorious Koobface worm was spotted.
“As the Apple OS becomes more commonly used, there will be a nasty worm or virus which is going to target it specifically,” said Stonesoft’s Airamo.
Of course, Windows will remain the central target for hackers given the dominance it has over competitors, but there will be a change in tactics amongst cyber criminals, explained David Harley, senior research fellow at ESET.
”While there won’t be a big shift towards specific targeting of other operating systems, as more people start using them, there will be increased interest in finding weaknesses.” Harley said.
Mobile and consumerisation
As workers get increasingly mobile and as they use the same device for personal and business use, the more threats IT administrators are likely to face.
The fact is, with manufacturers like Apple, Google and Microsoft trying to cater to both businesses and consumers, and with the move to the cloud, people are entering the workspace expecting to be able to use a range of devices for work and pleasure.
“With the blurring of the lines between business and personal use, the increased sophistication of the devices and the consolidation of mobile platforms, it is inevitable that attackers will key in on mobile devices in 2011 and mobile devices will become a leading source of confidential data loss,” Symantec said in a blog post.
In a Symantec survey, over half of respondents said they will install security software on their mobile device in the future, so at least some are realising the threat facing smartphones and tablets.
Hopefully, 2011 will also be the year when everyone begins to understand the importance of securing their companies’ and their own data.