2011 will be much like 2010 when it comes to IT security threats, only more so.
“We are seeing an escalating threat landscape in 2011,” says Dmitri Alperovitch, threat research vice president at McAfee Labs, which Tuesday issued its annual threat predictions for the coming year.
In an interview with Information Security Media Group, Alperovitch explains the challenges these threat present and how individuals and organizations can address them. The threats McAfee Labs identifies for 2011 are:
- Exploiting social media. Social media is replacing e-mail as the primary distributor of malware as well as identity theft. Similarly, McAfee Labs also sees increased abuse through short URL and locative services.
- Mobile. The increased adoption of mobile devices, and instance by employees to be allowed to use them in the workplace, will see increased threats not only to individuals but to their employers as well.
- Apple. Historically, Apple’s operating systems haven’t been targeted for abuse, but the popularity of iPads and iPhones in business and the easy portability of malicious code could place many users and businesses at risk next year and beyond.
- Applications. Whether at home or the workplace, applications on devices such as iPhones and Androids are becoming increasingly popular and will increasingly become targets. With historically weak coding and security practices, cybercriminals will try to manipulate a variety of physical devices through compromised or controlled apps, raising the effectiveness of botnets to a new level.
- Sophistication mimics legitimacy. 2010 we saw an increase in the sophistication of some threats such as signed malware that mirrors legitimate files. As this trend intensifies in 2011, look out for an increase in stolen keys and techniques and tools to forge fake keys.
- Botnet survival. In the coming year, McAfee Labs expects a greater focus on botnets that remove data from targeted systems rather than sending spam. Botnets will engage in advanced data gathering as exploit social networks.
- Hacktivism. As the WikiLeaks episode demonstrates, hacktivists will increase its use of crowdsourcing to recruit an army of motivated hackers to pursue a political agenda. Alperovitch says these attacks are not sophisticated, and organization should be able to successfully defend against them if they take appropriate action.
- Advanced persistent threats. These attacks, conducted either by nation states or backed directly or indirectly by foreign governments, haven’t been highly sophisticated, but as the name says, they’re persistent. And, they should intensify in the coming year, targeting e-mail archives, document databases and intellectual property repositories.
Alperovitch, interviewed by ISMG’s Eric Chabrow, leads McAfee’s Internet threat intelligence analysis as well as the development of real-time, in-the-cloud global threat intelligence services. He’s an inventor of numerous patent-pending technologies and has conducted extensive research on reputation systems, spam detection, public-key and identity-based cryptography and network intrusion detection and prevention.
Georgia Institute of Technology awarded Alperovitch a master degree in information security and a bachelor degree in computer science.
Original Source: http://www.govinfosecurity.com/