Organisations and Internet users can expect an escalation in targetted attacks, growing social-media threats and an increase in mobile malware, according to the M86 Security Labs Threat Predictions Report released today, which lists the top 10 cyber concerns for 2012.
Presented annually by M86 Security, the global expert in real-time Web and email-threat protection, the report is based on the culmination of comprehensive research conducted by M86 Security Labs over the past year. It studies threats and attacks from 2011 and predicts noteworthy cyber-security trends to help organisations prepare for the year ahead.
"In 2011, we saw targetted attacks grow considerably more complex and damaging, impacting high-profile organisations which thrust the issue into the public mainstream," says Bradley Anstis, Vice President of Technical Strategy, M86 Security. "One of the most troubling trends is the rapid progression of mobile malware. Due to the ubiquity of mobile devices such as smartphones and tablets, cybercriminals see them as highly profitable targets and are driven to develop new ways to compromise user data, and potentially breach privacy by tracking individuals’ locations."
Out of the top 10 security predictions for 2012, three dominate the threat landscape:
Targetted Attacks Will Become More Complex and Public
Cybercriminals have elevated targetted attacks to a new level in 2011, refining their methods and going after well-known commercial and government organisations. Sony and RSA are just two examples of prominent companies that sustained significant, costly targetted attacks that compromised user data and impacted business continuity. M86 Security Labs expects more of the same next year, as cybercriminals exploit stolen digital certificates and use zero-day and multi-stage attacks to infiltrate organisations and access personal, corporate, and in some cases, classified government information.
Cybercriminals Will Continue to Capitalise on the Popularity of Social Networking
In its 2010 annual report, M86 Security Labs predicted an increase in malicious spam that mimics social-networking sites such as Facebook, Twitter, LinkedIn and Google +. This certainly rang true in 2011, as these campaigns ramped up their efforts to dupe unsuspecting users. Another common social-networking scam, called “likejacking,” tricks users into liking a malicious page that seems trustworthy, and is, in turn, shared with that user’s friends. Shortened URLs and fake surveys are other methods increasingly used in social-engineering scams to encourage users to perform seemingly legitimate actions, but instead download malware or steal data.
Mobile Malware Will Emerge as a Real Threat
In 2011, malware developed for mobile platforms grew at an alarming rate. The Android platform became highly targetted as cybercriminals tried to intercept security controls deployed to protect users from banking Trojans. Plus, growing numbers of users now network their personal mobile devices with their office computers, driving cybercriminals to escalate efforts to use these devices as bots. In fact, as users sync employer files, emails and other data to their unmanaged personal devices, organisations will need to prepare for the ensuing security and compliance issues.
Other threat trends anticipated in 2012 include the proliferation of malware in social media as users connect to these sites via mobile devices, and the ability for criminals to track individual user locations using mobile GPS coordinates. This is of particular concern when it comes to child safety.
“Mobile malware solutions are in their infancies, so their capabilities to protect users and networks are very limited,” explains Anstis. “To help defend from an influx of mobile malware, organisations will need to extend their security policies to mobile devices. It will be critical to ensure that all personal devices that access an organisation’s wifi and networks are covered.”
Further predictions outlined in the report include: an increase in cyber attacks that correlate with major sporting events such as the Olympics; attacks on cloud services; a rebound in spam for malware distribution; and the continued refinement and use of third-party exploit kits.
About M86 Security Labs
M86 Security Labs is a group of security analysts specialising in email and Web threats, from spam to malware. They continuously monitor and respond to Internet security threats. The Security Labs' primary purpose is to provide a value-added service to M86 customers as part of product maintenance and support. This service includes frequent updates to M86's unique, proprietary anti-spam technology, SpamCensor, as well as Web threat and vulnerability updates to the M86 Secure Web Gateway products. The updates allow M86 customers to proactively detect and block new and emerging exploits, threats and malware. Twitter at twitter.com/m86labs
About M86 Security
M86 Security (m86security.com) is the global expert in real-time threat protection and the industry's leading Secure Web Gateway provider. The company’s appliance, software, and Software as a Service (SaaS) solutions for Web and email security protect more than 25,000 customers and 26 million users worldwide. M86 products use patented real-time code analysis and behaviour-based malware detection technologies, as well as threat intelligence from M86 Security Labs, to protect networks against new and advanced threats, secure confidential information, and ensure regulatory compliance. The company is based in Irvine, California with international headquarters in London and development centres in California, Israel, and New Zealand.