Prediction #1: The Stuxnet sequels are coming, stay tuned for “When State-sponsored Malware Attacks!”
- Stuxnet targeted critical industrial infrastructure, but it was only a preview. Based on how long it takes to develop complicated attacks like Stuxnet, we predict similar exploits will be carried out once or twice in 2011. These state-sponsored offenses will test national infrastructure systems to determine what is effective for future attacks.
Prediction #2: Only the strong survive blended threats. Companies will struggle to stay secure while covering more ground.
- Blended threats like Zeus and SpyEye will continue to evolve and use a variety of delivery methods. Today’s threats are no longer binary files delivered in attachments; they are script-based or are embedded within rich media. Many spread rapidly through social media.
- Strained IT departments will need to defend more territory and allow more access, despite these increasingly sophisticated threats.
Prediction #3: Status update: More corporate data breaches will occur over social media channels.
- Search poisoning won’t be limited to Google, it will migrate to Facebook. Hackers will manipulate Facebook search algorithms to trick users into visiting fake brand and celebrity pages and increase exposure to malware.
- Employees will post confidential corporate data to public pages.
- Social media users will also be vulnerable to spam and malicious data-stealing content.
Prediction #4: You down with DLP? Malware exploit kits will add zero-day vulnerabilities faster, increasing their use in drive-by download attacks.
- As more targeted attacks are researched, more zero-day vulnerabilities will be discovered.
- Data loss prevention and up-to-the-minute threat protection will become increasingly more important as organizations work to keep malicious content out and corporate information in.
Prediction #5: Is there an app for that? The iPad, iPhone and other smartphones will be prime targets for cybercriminals.
- Mobile devices are a gold mine of personal and confidential data. Cybercriminals will successfully use mobile drive-by download attacks to steal confidential data and expose users to malicious content.
- Many of next year’s mobile attacks will exploit the mobile Web browsers in the iPhone, iPad and Android-based devices. Rogue applications will also increase in number and sophistication.