Mobile malware will emerge as a real time threat and targeted attacks will become more complex and public in 2012, according to security vendor, M86.
For business, the results from M86’s 2012 Security Threat Predictions report paint a sobering picture of security in 2012.
The report was compiled by M86’s security labs team which are responsible for researching and investigation of threats and detection rates.
A key discovery was the rise of malware on mobile devices and the potential for this to cause damage in businesses.
“More and more organisations are adopting a Bring-Your-Own-Device approach, so we have users bringing in unsecured iPhones and iPads to organisations,” M86 APAC engineering director, Jason Pearce, said.
“The problem is that those devices aren’t owned by either of those organisations but by the users themselves.”
What M86 is seeing is that because of the adoption of these devices and the lack of policies set on them by IT management, businesses are at risk at being exposed to mobile malware, in particular the Zeus Trojan that has been developed specifically for Android.
Pearce expects Trojan attacks to become more prevalent on the Android platform in 2012, as well on other platforms such as iOS.
“If you don’t have control of these devices, you are going to have a hard time protecting yourself,” he warned.
“A user’s device could get infected at an airport eatery or coffee shop. That would then be brought it into your corporate environment where the Trojan will inject the network without anyone knowing about it.”
Another key discovery by M86 was that major sporting events tend to draw large scale cyber attack. It predicts next year’s Olympics in London will be a potential hotbed for cyber crime.
“Big sporting events attract a lot of attention, both from people who want to know more about the results and what’s happening, as well as from hackers who want to launch an attack to steal credit card details,” Pearce said.
According to M86, large events such as the Olympic are very attractive to hackers because the social engineering aspect of the attack has been removed, as people are already in tune with the sporting event.
Not as much social engineering is required to trick someone into doing something they normally wouldn’t do.
“You see the same problem now on a daily basis with Facebook and Twitter, and those two are specifically targeted because there’s not as much social engineering required since people are going to go there anyway,” Pearce explained.
He said legitimate websites connected to major sporting events were a draw card for malicious code attacks as they attracted millions of users on a daily basis, making them an appealing platform for a large scale attack.
The report also finds that botnet disruption attempts will be short-lived and spam will rebound to distribute damaging malware.
Note: This is vendor-sponsored research and should be approached as such.