Smartphone vulnerabilities, malware-as-a-service and more sophisticated Trojans will be among the biggest cyber-security threats of 2011, a vendor predicts.

M86 Security researchers released a list Monday, Nov. 22, of eight Internet threats they believe will become more serious in 2011. The four-page report describes each one in detail and how they could endanger the digital landscape.

The list, M86 Security Labs: Threat Predictions 2011, warns the global community about the following modes of attack:

  • malware that uses stolen digital certificates to bypass whitelisting;
  • more mobile malware on smartphones;
  • spam that’s better at mimicking legitimate e-mail;
  • sophisticated data-stealing Trojans;
  • more threats on social networks;
  • HTML 5 becoming a prime target for compromise;
  • malware-as-a-service offerings increasing; and
  • botnets that come back after takedown attempts.

     

M86 Security believes these threats will pop up more frequently in the future than they do now. Bradley Anstis, M86 Security’s vice president of technology strategy thinks three of them deserve particular attention.

“The first one is around the smartphone market, and how the emerging tablets are using the smartphone operating systems, so more users going to those platforms is going to equal the cyber-criminals having a bigger base to go and attack,” he said.

While smartphones aren’t targeted nearly as often today as PCs, there are fewer security offerings for smartphones, which contributes to their vulnerability. Another contributor is that many people don’t yet think of their phones as devices that need securing.

Second, Anstis called attention to the possibility of malware-as-a-service options for criminals who may not be as savvy in the game of attack and compromise.

“We haven’t quite seen it yet, but we can certainly see in the next 12 months where you could have a cyber-crime service, and a cyber-criminal just needs to subscribe to that service, and all the different pieces that he’s going to need to perpetrate the cyber-crime are all offered through that service,” he said.

This would make it much easier for a lot more people to launch attacks on their own.

“It lowers the barrier to entry. Who would go running through the front door of a bank waving a pistol when you can sign on through a server somewhere on a laptop and a wireless connection who knows where?” Anstis said. “You’re certainly feeling a lot safer perpetrating a crime in that sort of environment than you would in the traditional sense.”

Third, Anstis highlighted the growing sophistication of Trojans. According to an M86 Security press release, hackers have caught onto the fact that Trojan-based attacks like ZeuS can reap hundreds of thousands of dollars. Now the bad guys are motivated to develop similar, more dangerous data-stealing malware to keep the trend going.

“People need to ensure that they’re running effective Internet security solutions, and today, more than ever, try and make sure they’re using the more innovative, proactive solutions in addition to the older reactive ones,” Anstis said.

Hilton Collins, Staff Writer Hilton Collins  |  GT Staff Writer

By day, Hilton Collins is a staff writer for Government Technology and Emergency Management magazines who covers sustainability, cybersecurity and disaster management issues. By night, he’s a sci-fi/fantasy fanatic, and if he had to choose between comic books, movies, TV shows and novels, he’d have a brain aneurysm. He can be reached at hcollins@govtech.com and on @hiltoncollins on Twitter.