Channels ▼
RSS

Security

Top Security Threats for 2012


The past 12 months were marked by major events in computer and network security. The Stuxnet worm demonstrated that malware could cripple an Iranian uranium enrichment plant, while managers of SCADA systems worldwide began to discover and patch unsuspected vulnerabilities. Security researchers scored success in taking the Coreflood and DNS Changer botnets offline, but the botnet threat remains high. Hackers from the Anonymous collective took major banks offline and threatened critical infrastructure installations. Mobile telephones emerged as tempting targets for intruders. Sophisticated, coordinated malware outbreaks spawned fears of government-sponsored cyber attacks.

Things couldn't get much worse, right? Well...maybe. For a preview of the year ahead, we consulted a senior analyst from FortiGuard Labs, whose research suggests that we will see eight major developments in computer and network security in 2012. Here is a quick overview of the trends:

Ransomware on mobile devices: Ransomware — an infection that takes control of a system until a ransom payment has been delivered — is a significant threat on laptops and desktop systems. The malware is poised to spread to smart phones and other mobile devices. Ransomware is typically bundled with social-engineering tricks to give hackers root access to infected devices, affording attackers more control and elevated privileges. Look for ransomware to begin infecting mobile devices this year.

Worms to target Android platform: Android systems have so far not suffered from many worms, which propagate quickly from one device to another. This is likely to change in 2012. Unlike previous malware targeting mobile devices, future outbreaks will likely come from poisoned SMS messages containing links to rogue applications, or through infected links on social networks such as Facebook and Twitter.

Polymorphic malware on Android: Malware targeting the Android platform continues to grow more sophisticated. During 2011, Android users suffered from attacks employing encryption, exploits, emulation detectors, and botnets. It is only a matter of time before this list includes polymorphic malware, which mutates over time. Polymorphic applications are extremely difficult to detect and destroy. So far, hackers have targeted only Windows-based mobile phones with polymorphic malware. As Android grows more powerful and more widely used, however, it becomes a more tempting target.

Progress against money launderers: For years, cybercriminal syndicates have conducted money laundering operations and committed fraud with relative impunity. It is very difficult, after all, to track funds that are routed through networks of mules and illegitimate payment processors. Anonymous fund-transfer services, human networks, and payment-processor safe havens have made money laundering pretty safe. That is about to change, however, as government gains access to more sophisticated technologies for tracking criminals and transactions. The recent arrest of ChronoPay CEO Pavel Vrublevsky, who is accused of hacking Aeroflot's website and preventing visitors from buying tickets, is a harbinger of prosecutions to come.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video