Kaspersky Lab: Cyber threats in 2012... Targeted attacks, cyber warfare, mobile threats

According to Costin Raiu, director of Kaspersky Lab's Global Research & Analysis Team, the most significant stories of the last year were:
1. The Rise of 'Hacktivism' - one of the major trends of 2011, and no doubt it will continue into 2012.
2. The HBGary Federal Hack - how weak passwords, old software systems plus use of the cloud created a security nightmare.
3. The Advanced Persistent Threat - these attacks confirm the emergence of cyber-espionage as common practice among powerful state actors.
4. The attacks against Comodo and DigiNotar - trust in certificate authorities (CA) is under threat. In the future CA compromises may become more widespread. Besides, it is likely that more digitally-signed malware will appear.
5. Duqu and Stuxnet - state-of-the-art cyber warfare. Is this the start of a cyber Cold War?
6. The Sony PlayStation Network Hack - the new perils hidden in the cloud. Personally Identifiable Information is conveniently available in one place, accessed over fast Internet links; ready to be stolen in case of any misconfigurations or security issues.
7. Botnet Takedowns and the battle against Cybercrime - serving notice to the cyber gangs that their scams are no longer risk-free. However, every battle shows up the vast limitations of today's legal systems when it comes to a coordinated and effective approach to cybercrime.
8. The Rise of Android Malware - several factors make Android vulnerable to cybercrime: rapid growth; freely available documentation about the platform; and weak screening at Google Market, making it easy to upload malicious programs.
9. The CarrierIQ Incident - do you know exactly what is running on your mobile device? A single incident highlighted how little we know about who is in control of our hardware.
10. Mac OS Malware - the crossover of PC threats (rogue AV programs are one of the most popular malware categories for PCs) to Macs was another important trend of 2011.

2011's major actors to be a force in 2012

"We selected these stories because they point to the major actors of 2011 who will no doubt continue to play a major role in the cyber-security blockbuster which is just around the corner," Raiu says. "These are the hacktivist groups, the security companies, the advanced persistent threat in the form of superpowers fighting each other through cyber-espionage, the major software and gaming developers such as Adobe, Microsoft, Oracle and Sony, law enforcement agencies, traditional cybercriminals, Google - via the Android operating system, and Apple - thanks to its Mac OS X platform. And these same stars will be playing in all the major 2012 security blockbuster movies."

With the above in mind, governments and large corporations all over the world should be wary of a growing cyber menace in 2012, according to experts at Kaspersky Lab. Not only will there be a dramatic increase in the number of targeted attacks on state institutions and large companies, it is also likely that a wider range of organisations will bear the brunt of the expected onslaught.

"At the moment, the majority of incidents affect companies and state organisations involved in arms manufacturing, financial operations, or hi-tech and scientific research activities. In 2012 companies in the natural resource extraction, energy, transport, food and pharmaceutical industries will be affected, as well as Internet services and information security companies," warns Alexander Gostev, the author of the report Cyberthreat Forecast for 2012. Attacks will range over more of the world than ever before, spreading beyond Western Europe and the US and affecting Eastern Europe, the Middle East and South-East Asia.

Beware of attackers' new methods

Kaspersky Lab experts predict that attackers will have to change their methods in response to the growing competition among the IT security companies that investigate and protect against targeted attacks. Increased public attention to security lapses will also force the attackers to search for new instruments. The conventional method of attacks that involve email attachments with vulnerability exploits will gradually become less effective, while browser attacks will gain in popularity.

The Kaspersky Lab forecast goes on state that hacktivist attacks on state organisations and businesses will continue in 2012 and will have a predominantly political agenda. Gostev believes this will be an important trend when compared to similar attacks in 2011. However, hacktivism could well be used as a diversionary tactic to conceal other types of attacks.

State support for hi-tech malicious programmes

Hi-tech malicious programmes such as Stuxnet and Duqu created with state support will remain unique phenomena. Their emergence will be dictated by international tensions between specific countries. In Gostev's view, the cyber conflicts in 2012 will revolve around traditional confrontations - the US and Israel versus Iran, and the US and Western Europe versus China. More basic weapons designed to destroy data at a given time, such as kill switches, logic bombs etc. will become more popular as they are easier to manufacture. The creation of these programs can be outsourced to private contractors used by the military or other government agencies. In many cases the contractor may not be aware of the customer's aims.

In terms of mobile threats in 2012, Kaspersky Lab expects to see Google Android continue to be the target of choice for the mobile malware market as well as an increase in the numbers of attacks that exploit vulnerabilities. The emergence of the first mobile drive-by attacks and mobile botnets are also forecast. Mobile espionage will become widespread and will most probably include data theft from mobile phones and the tracking of people using their telephones and geolocation services.

Download the Kaspersky cyber threat forecast for 2012.

For the latest on antivirus, anti-spyware, anti-spam and other IT security issues and trends, go to www.viruslist.com.