Organizations and Internet users will see an increase in mobile malware next year, in addition to an escalation of targeted attacks and growing social media threats.
According to a new report released today by M86 Security Labs, mobile threats grew at an alarming rate this year with Android emerging as a highly targeted platform of cybercriminals attempting to intercept security controls deployed to protect users from banking Trojans. A growing number of users now network their personal mobile devices with their officer computers, driving cybercriminals to escalate efforts in using these devices as bots.
The rapid progression of mobile malware is "one of the most troubling trends" due to the ubiquity of mobile devices such as smartphones and tablets, Brandley Anstis, vice president of technical strategy at M86 security, noted in the report.
Cybercriminals will, hence, see mobile users as highly profitable targets and will be driven to develop new ways to compromise user data, and potentially breach privacy by tracking individual locations, Anstis explained.
"Mobile [anti]malware solutions are in their infancy so their capabilities to protect users and networks are very limited," he said. "To help defend an influx of mobile malware, organizations will need to extend their security policies to mobile devices. It will be critical to ensure that all personal devices that access an organization's Wi-Fi and networks are covered."
The M86 report was based on the security vendor's culmination of research over the past year to study threats and attacks from 2011 as well as predict 10 "noteworthy" cybersecurity trends to help organizations prepare for the year ahead.
Other predictions included third-party software exploits gaining traction, the proliferation of exploit kits and malware reissue, acceleration of compromised Web sites serving malicious content, short-lived attempts of botnet-disruption, spam rebounding to distribute damaging malware, cyberattacks targeting major sporting events such as the Olympics, and the inevitability of cloud services attacks.
Complexity of targeted attacks
Targeted attacks also grew considerably and more complex and damaging this year, impacting high-profile organizations which pushed the issue into the public, Anstis noted.
The report also found that cybercriminals elevated targeted attacks to a new level in 2011, refining their methods and going after well-known commercial and government organizations. It cited Sony and RSA as two examples that sustained significant and costly damage from targeted attacks which compromised user data and impacted business continuity.
More of the such attacks should be expected in 2012, M86 said, as cybercriminals would continue to exploit stolen digital certificates and use zero-day and multi-stage attacks to inflitrate organizations and access personal and corporate, and in some cases, classified government information.
Leveraging popularity of social networks
The security vendor's 2010 report had predicted an increase in malicious spam that mimicked social networking sites such as Facebook, Twitter, LinkedIn and Google+, and this rang true this year as these campaigns ramped up efforts to dupe unsuspecting users.
Another common social-networking scam, called "likejacking", also emerged this year, tricking users into liking a malicious page which seems trustworthy and sharing the page with their friends. Shortened URLs and fake surveys were also ncreasingly used in social-engineering scams to encourage users to perform seemingly legitimate actions which instead downloaded malware that stole their personal data.