2011 was an attention-grabbing year in the information security industry. We saw some interesting things such as mobile apps become a talking point as well as some Mac OS X malware. Furthermore, the issues pertaining insider threat, hacktivism, Stuxnet’s sibling Duqu, social networking site vulnerabilities as well as our share of zero-day attacks to name a few. So, what is in store for 2012 you ask?
10. Windows 7
Windows 7 has been out and in all since of the word a success as users are migrating away from Windows XP which is scheduled to reach end-of-life in April of 2014. We usually see an 18 to 24 months operational period before malware infections start to really come out. Data released by Microsoft showed that Windows 7’s malware infection rate climbed by more than 30% during the second half of 2010. We predict this trend will continue as the Windows 7 market share increases in 2012.
9. Apple Products
Talking about market share, apple has gains a substantial amount with the latest offering of their products that include the iPad, iPhone, iPod and computer based-systems. Hackers began targeting them in 2011 and will surely continue in 2012. For example, in 2011, Apple released an anti-virus application on its computer based operating to prepare due to trojan horses such as “OSX/Leap-A” and “Trojan-Downloader:OSX/Flashback.C” which debuted in 2011
8. Legacy and Unpatched Systems/Applications
Unfortunately, we have observed a high amount of legacy systems such as Windows XP with SP 1 and SP2, Windows 2000, 2003 SP1 and Mac OS X version 10.4 and below as well as older versions of adobe reader, flash and MS Office applications still in operation. As we know, hackers will continue to check and exploit old vulnerabilities.
We ask that you be aware of these issues and as always, make sure you have security controls such as host-based firewalls, anti-virus and anti-spyware applications installed, make sure they are updated at all times and use common sense to help protect your information and privacy.
7. (Spear) Phishing Attacks
Phishing is defined as the practice of using fraudulent e-mails and fake duplications of legitimate websites to extract financial data from computer users for purposes of identity theft, while Spear Phishing is define as an e-mail spoofing fraud attempt that targets a specific organization or user, seeking unauthorized access to confidential data. With the amount of information from social networking sites, people search sites, location based apps and the risk of stolen/lost devices. Cybercrooks will have a treasure chest of information to conduct sophisticated and targeted attacks on individuals.
6. Embedded Network Products (Cars, TVs and Refrigerators)
Cars aren’t just cars and TVs aren’t just TVs anymore. These devices as well as many home appliances are being fitted with network and Internet based access. Unsecured or poorly wireless access points as well as vulnerabilities in these devices themselves will act as another vector for cyber-crooks in 2012.
Hacktivism is a combination of Hacker and Activism, and it is a form of online protest over political, religious or social ideas a group may not agree with. In the past, financial gain served as the primary motivation behind cybercrime, but we’re seeing a change from recent activities in 2011 from groups such as Anonymous and LulzSec. SecurityOrb.com predict with the upcoming US election, censorship bills such as SOPA and IP Protect, The Occuppy movement and more, These activities will increase as well as spawn copy groups with special interest to also become a factor. This will make consumer personal data be at risk since many times the information stolen is posted in a public forum.
4. Digital Wallet Systems
Google Wallet and other digital wallet systems will become more visible and gain greater acceptance in 2012 as vendors push the idea to consumers. In concept, the technology is very similar to current near-field communication architectures that are in play with one difference, the mobile device. Hackers will be able to access the same data as the legitimate apps to conduct fraud.
3. Social Media
social media platforms such as Twitter, Facebook and Goggle+ will continue to be a focal communication and expression medium for people and businesses in 2012 as it was in 2011. Cybercrooks will look to take advantage of the “Trust” factor associated with social media relationships to pursue their agenda of fraud and cybercrimes by stealing login credentials and conducting advance data mining for sophisticated attacks on individuals as well as companies.
Furthermore, in 2011, the security field observed numerous poisoned links to hot news topics such as “Osama Bin Laden Death Pictures”, “Amy Winehouse” to the “Royal Wedding” on Facebook and Twitter. SecurityOrb.com predicts these issues will increase and become more sophisticated and automated in some cases such as the Twitter mouse over incident or the Guy Fawke on Facebook. In fact, in 2012, we forecast Facebook-based attacks will increase and Facebook will be forced to sit up and take notice. Specifically, Facebook will implement new security solutions on their site to avoid losing disgruntled users. This has already begun as Facebook has partnered with WebSense for URL scanning.
2. Mobile Devices
This is #1 on most lists. 2012 will see an increase in malware distribution on smart phones and tablets with the Android-based devices carrying the load.
1. The Human Element
All too often, we find the weakest link in security is not technology, but the people who use it. It maybe from a disregard of good technology practices to honest mistakes. Through security awareness and information sharing, we hope to reduce this threat.