Security Forecast for 2011
Copycat attacks based on Stuxnet
Stuxnet may be the most significant malware development of the last decade.
"Stuxnet can attack factory systems and alter automation processes, therefore making cyber sabotage a reality by causing actual real-world damage,” says Mikko Hypponen, Chief Research Officer at F-Secure.
The financial and R&D investment required combined with the fact that there's no obvious money-making mechanism suggests only a terror group or a nation-state could have created Stuxnet. And it’s not likely that a terror group would have such resources.
But now that the proverbial cat is out of the bag, similar attacks can be engineered with less effort. “And unfortunately it's likely that we will see Stuxnet copycats in the future," says Hypponen.
More mobile malware targeting the Android platform and jailbroken iPhones
Android apps do not go through an approval process like those required by the iPhone App Store or the Signed by Symbian programs.
In 2010, we saw Android apps that posed as games while spying on users, apps posed as banking apps with no official connection to the banks, and apps that attempted to steal users banking credentials. In 2011, the assault on Android phones by individuals with an excellent understanding of mobile applications and social engineering will only get worse.
Jailbroken iPhones also present a unique opportunity for malware writers.
In summer of 2010, two vulnerabilities in the iPhone made it possible for users to “jailbreak” their phone by simply visiting a website. Jailbroken phones can perform functions that were not intended by manufacturer—such as using the still camera on older iPhone models as a video camera. However, the exploit that made easy jailbreaking possible could have easily been modified for malicious purposes.
“If a worm had infected your iPhone, it could do anything you can do on your phone, and more. So it could destroy or steal all of your data. Track your location. Spam your friends. Listen to your phone calls. Dial the presidents of every country in the world. Anything. And you would pay for all the charges it would create, too,” says Hypponen.
Luckily, Apple patched the vulnerabilities before such a crisis occurred.
A large number of iPhone users have purposely jailbroken their phones and are opening themselves to increasingly complex threats. F-Secure does not recommend jailbreaking any device for any reason. The only iPhone worms we've seen so far only affect infected jailbroken devices and we expect that trend to continue or get worse in 2011.
Facebook spam goes global
Amidst news that global email spam levels have fallen suddenly, there has been an explosion of spam on social networks. Spam has become so prevalent that many Facebook users in the United States and United Kingdom have begun to ignore it.
“As English speakers become increasingly desensitized towards Facebook spam, the spammers are using language localization as a way to reach new audiences,” says Hypponen.
F-Secure Labs has already seen Facebook spam runs localized into Finnish along with runs that were popular in Sweden and Malaysia. A recent F-Secure survey found that as many as 78% of Facebook users think that spam is a problem on the site. And as Facebook increases its anti-spam efforts, expect to see the spammers change their tactics and targets.
For more about the unique scourge of social spam, visit the F-Secure Labs blog: