According to McAfee, predicting future threats can be a hit-or-miss exercise for a security research organization. The past 12 months were a transformative year in many ways as we saw great changes in mobile threats, hacktivism, client-side exploitation, social-media exploitation, and targeted attacks. Many of these changes and trends will continue to influence the threats landscape for years to come.
McAfee lists below what they consider the top 10 security threats in 2012.
10. Increased industrial attacks as some corporate computer systems are not prepared for cyber attacks, and attackers may engage in blackmail or extortion in 2012.
9. Traditional spam will go “legit,” while spearphishing will evolve into the targeted messaging attack. This occurs as legitimate advertisers will purchase email lists of consumers who have authorized receipt of online ads.
8. Hacktivism and Anonymous will evolve. Online activists will join forces with physical demonstrators, targeting public figures, industry leaders, and other entities.
7. Cyberwar Showcasing. Some countries are expected to demonstrate their cyber-war capabilities to demonstrate that they are not vulnerable to cyber attacks against their infrastructures.
6. Rogue certificates and rogue certificate authorities will undermine users’ confidence. Production of fake digitally signed certificates (SSLs), which are typcially used to alert consumers and their security software that the website they are viewing is legitimate, will increase.
5. DNS Upgrade and Management Issues. Recent legislation is based on an understanding of the current state of how today’s DNS works and not how the future DNSSEC will work. This gap may create additional legal requirements for managing current DNS infrastructure, which may not be compatible with DNSSEC infrastructure. If such requirements are implemented, then the process of upgrading the security of our DNS infrastructure may be put on hold while committees seek a technical middle ground between the law and DNSSEC.
4. Advances in operating systems and security will drive next-generation botnets and rootkits. New security features included in the operating system will force hackers to find alternative entry points into a computer.
3. Virtual currency systems will experience broader and more frequent attacks. Some hackers will increasingly target the growing use of cyber currency to steal money and spread malware.
2. Embedded hardware attacks will increase. Devices that use embedded systems designed to control specific functions. If an embedded systems is hacked, an attacker can have complete control over the hardware.
1. Mobile botnets and rootkits will mature. On PCs, rootkits and botnets deliver ads and make money off of their victims. On mobiles, we’ve seen these types of malware used in the same manner. Rootkits allow the installation of additional software or spyware, and botnets can cause ad clicks or send premium-rate text messages.
For the full McAfee report please visit here.