M86 Security Labs starts the 2012 security prediction deluge

M86 Security Labs has released its 10 predictions for 2012. Nothing new or surprising here, but it is a decent summary of what we continue to be up against.

The full report is available here. What follows is an excerpt:

1. TARGETED ATTACKS GROW MORE DAMAGING AND COMPLEX

The past two years have marked a breakthrough in incidents of targeted attacks that were made public.

This is most likely due to hacktivist groups such as Anonymous and LulzSec as well as the rise of Advanced Persistent Threats (APTs) being used against commercial organizations. In the past year we’ve seen these kinds of attacks go to the next level, as large, global organizations and government agencies were attacked for commercial, political or military reasons.

2. ILLICIT SOCIAL MEDIA SCAMS ESCALATE

Social media has emerged as one of the primary ways for consumers and businesses to communicate, interact and share on the Web.

Unfortunately these services are also magnets for cyber criminals.

The big social networking providers like Facebook and Twitter have hundreds of millions of users and are now joined by a newcomer: Google+. Despite improvements in security measures by the social media companies, this concentration of users and data in just a few platforms is irresistible for cybercriminals, so expect more nefarious social media tricks to appear in 2012.

3. MOBILE MALWARE MENACES USERS AND ORGANIZATIONS

In 2012, we will see significantly more mobile malware with increasing complexity and impact. With social media being an attacker’s utopia, we predict that much of the malware targeting social media will spread even faster as mobile devices are increasingly used to access and update social media.

Expect to see malware that targets not only user data, but that could also potentially track GEO location information, which could be a big concern for child safety. Child pornographers and kidnappers could be interested in personal photos on a device, each stamped with the GPS coordinates of where it was taken, even on parents’ devices.

4. THIRD-PARTY SOFTWARE EXPLOITS GAIN TRACTION

Some third-party browser software such as Java, Flash Player and Acrobat Reader have huge worldwide install bases. Because numerous vulnerabilities in these products are found and often exploited, and because it is difficult for IT administrators to promptly update these products throughout their organizations, these software products have become an increasingly viable vector for attacks. Consumers face similar challenges.

Sometimes the functionality that the browser software provides, or some parts of it, is unnecessary for many customers, and in those cases, disabling that functionality can effectively reduce the risk of exploits. In addition to growth in magnitude, these attacks are also growing increasingly more complex as technologies are combined to create more sophisticated attacks such as embedding malicious files within other files to avoid detection.

Attacks that use malicious Flash files embedded within various document files and similar combinations are more frequently observed in the wild, and are likely to become even more common.

The variety that these technologies and file formats offer also allows use of such exploits both in widespread attacks, such as

malvertisements and compromised websites as well as in targeted attacks.

This flexibility makes them even more dangerous when used as part of targeted attack campaigns because traditional security solutions, such as URL blacklists or signaturedriven security protection, will not be adequate. Detection will require actual analysis of the embedded malicious files, which few security solutions currently perform.

5. EXPLOIT KITS AND MALWARE REUSE PROLIFERATE

Given the recent malware evolutions, we expect to see more variants of Zeus that will probably force anti-virus vendors to pay more attention to its mutations. Moreover, we expect to see additional sophisticated Zeus variants, such as Zitmo, that will try to bypass banking security checks.

Exploit kits have also become one of the most important tools for spreading malware among cybercriminals. Many attacks often use an iFrame tag with a redirection to an exploit kit.

6. COMPROMISED WEBSITES SERVING MALICIOUS CONTENT ACCELERATES

The mass-hacking of websites is widespread and automated and is only going to worsen in 2012 as cyber criminals continue to use legitimate websites, bypassing the issue of URL reputation, to distribute their malicious campaigns.

7. BOTNET DISRUPTION ATTEMPTS SHORT-LIVED

Even if you disable a botnet, today it is easier than ever to get a botnet going again, thanks to pay-per-install programs, which are services that install malware on already-compromised machines for a fee. Pay-per-install is a commodity—an established part of the underground marketplace.

Pay-per-install programs have networks of affiliates that compromise computers and sell them to the program. This means it is easy to recover from a botnet takedown. Rebuild new control servers, pay someone to distribute your malware out to a network of compromised computers and away you go.

Pay-per-install programs is one area researchers should focus on, so at least building botnets will be a more difficult feat for

cybercriminals.

8. SPAM REBOUNDS TO DISTRIBUTE DAMAGING MALWARE

Email remains an important communications tool, and the message comes to you as opposed to you pursuing it. These facts are not lost on malware authors, who have returned to distributing malware through these big spamming botnets like never before.

In mid-2011 there were days where the percentage of malicious spam, which includes both attachments and malicious links, reached 25% of total spam. Most of the malware was Trojan downloaders, like Chepvil, whose purpose is to fetch and install other malware such as Fake AV, data stealers like Spyeye, or spambots like Cutwail or Asprox.

Expect this trend to continue in 2012, as email-borne malware distribution is not going away any time soon.

9. MAJOR SPORTING EVENTS DRAW MAJOR CYBER ATTACKS

The FIFA World Cup attracted much attention in 2010, with many victims falling for various scams, including counterfeit ticketing, fake merchandise and rogue travel agents. To counter these scams, we hope organizers of perhaps the biggest event in 2012, the London Olympic Games, are prepared and will be vigilant in the lead-up to the event.

10. ATTACKS ON CLOUD SERVICES INEVITABLE

Cloud service providers are huge targets, and their profiles are high. The data is concentrated, and the systems are standardized; however, a successful breach could yield a lot of valuable data for a cybercriminal. For these reasons, we predict more high-profile attacks on cloud service providers to come in 2012.

--Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO's Daily Dashboard gives you a

Get your morning news fix with the daily Salted Hash e-newsletter!

Copyright © 2011 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022