Wednesday, December 29, 2010

Apple rises on list of malware writers' targets: McAfee

Apple has achieved enough critical mass to become a viable target for malware writers, McAfee has written in its 2011 Threat Predictions report. In addition, the security company notes a number of other venues for attack, including mobile, as tide of smartphone use continues to rise.

Among the highlights of the report, the full text of which is available at McAfee's site, are:
Apple: No longer flying under the radar
Historically, the Mac OS platform has remained relatively unscathed by malicious attackers, but McAfee Labs warns that Mac-targeted malware will continue to increase in sophistication in 2011. The popularity of iPads and iPhones in business environments, combined with the lack of user understanding of proper security for these devices, will increase the risk for data and identity exposure, and will make Apple botnets and Trojans a common occurrence.
We've been saying it for some time: there are two reasons that Apple's Mac OS X has not been targeted by malware, at least to any great extent. One is the lower cost of Windows PCs, meaning that malware writers have easy access to them, and two is the fact that Windows dominates, meaning that if a malware writer wanted a larger number of targets, Windows was the way to go. With Apple's increased prominence, times have changed.
Mobile: Usage is rising in the workplace, and so will attacks
Threats on mobile devices have so far been few and far between, as “jailbreaking” on the iPhone and the arrival of Zeus were the primary mobile threats in 2010. With the widespread adoption of mobile devices in business environments, combined with historically fragile cellular infrastructure and slow strides toward encryption, McAfee Labs predicts that 2011 will bring a rapid escalation of attacks and threats to mobile devices, putting user and corporate data at very high risk.
Strange that jailbreaking would categorized as a threat. Jailbreaking on iOS does open the platform to more threats, but in and of itself it is not malware.
Exploiting Social Media: URL-shortening services
Social media sites such as Twitter and Facebook have created the movement toward an “instant” form of communication, a shift that will completely alter the threat landscape in 2011. Of the social media sites that will be most riddled with cybercriminal activity, McAfee Labs expects those with URL-shortening services will be at the forefront. The use of abbreviated URLs on sites like Twitter makes it easy for cybercriminals to mask and direct users to malicious websites. With more than 3,000 shortened URLs per minute being generated, McAfee Labs expects to see a growing number used for spam, scamming and other malicious purposes.
There are a few ways to check shortened URLs, but one of them is Securi, which offers an URL checker.
Exploiting Social Media: Geolocation services
Locative services such as foursquare, Gowalla and Facebook Places can easily search, track and plot the whereabouts of friends and strangers. In just a few clicks, cybercriminals can see in real time who is tweeting, where they are located, what they are saying, what their interests are, and what operating systems and applications they are using. This wealth of personal information on individuals enables cybercriminals to craft a targeted attack. McAfee Labs predicts that cybercriminals will increasingly use these tactics across the most popular social networking sites in 2011.
McAfee doesn't mention other ways that criminals are using your check-ins. Some are using Facebook and other check-ins to time burglaries.
Applications: Privacy leaks—from your TV
New Internet TV platforms were some of the most highly-anticipated devices in 2010. Due to the growing popularity among users and “rush to market” thinking by developers, McAfee Labs expects an increasing number of suspicious and malicious apps for the most widely deployed media platforms, such as Google TV. These apps will target or expose privacy and identity data, and will allow cybercriminals to manipulate a variety of physical devices through compromised or controlled apps, eventually raising the effectiveness of botnets.
Makes 100 percent sense, since Google TV, for example, is an Android-powered device. Of course, once Google TV gets access to the Android Market, it will also get access to antivirus software.
Hacktivism: Following the WikiLeaks path
Next year marks a time in which politically motivated attacks will proliferate and new sophisticated attacks will appear. More groups will repeat the WikiLeaks example, as hacktivism is conducted by people claiming to be independent of any particular government or movement, and will become more organized and strategic by incorporating social networks in the process. McAfee Labs believes hacktivism will become the new way to demonstrate political positions in 2011 and beyond.
It's interesting, but we expect most of this hacktivism to come via DDoS attacks, and not leaks.
Sophistication Mimics Legitimacy: Your next computer virus could be from a friend
Malicious content disguised as personal or legitimate emails and files to trick unsuspecting victims will increase in sophistication in 2011. “Signed” malware that imitates legitimate files will become more prevalent, and “friendly fire,” in which threats appear to come from your friends but in fact are viruses such as Koobface or VBMania, will continue to grow as an attack of choice by cybercriminals. McAfee Labs expects these attacks will go hand in hand with the increased abuse of social networks, which will eventually overtake email as a leading attack vector.

Botnets: The new face of Mergers & Acquisitions
Botnets continue to use a seemingly infinite supply of stolen computing power and bandwidth around the globe. Following a number of successful botnet takedowns, including Mariposa, Bredolab and specific Zeus botnets, botnet controllers must adjust to the increasing pressure cybersecurity professionals are placing on them. McAfee Labs predicts that the recent merger of Zeus with SpyEye will produce more sophisticated bots due to improvements in bypassing security mechanisms and law enforcement monitoring. Additionally, McAfee Labs expects to see a significant botnet activity in the adoption of data-gathering and data-removal functionality, rather than the common use of sending spam.

Advanced Persistent Threats: A whole new category
Operation Aurora gave birth to the new category of advanced persistent threat (APT)— a targeted cyberespionage or cybersabotage attack that is carried out under the sponsorship or direction of a nation-state for something other than pure financial/criminal gain or political protest. McAfee Labs warns that companies of all sizes that have any involvement in national security or major global economic activities should expect to come under pervasive and continuous APT attacks that go after email archives, document stores, intellectual property repositories and other databases.
What is McAfee speaking about in terms of Advanced Persistent Threat? They're talking about something like Stuxnet, which seems to have been written by a foreign power to take down Iran's nuclear agenda.

It's a back and forth between security experts and malware writers.  The key thing to remember is nothing is unhackable, no matter what anyone says. Even Mac users should be using an antivirus product.

Oh, and one more thing: use strong passwords.

No comments: