10 Happenings Shaping Gov IT Security Infosec in 2010
Government IT security in 2010 didn't always progress the way many had expected. Lawmakers busily held hearings and drafted legislation to get a better ...
by Robert Westervelt
Attackers are likely to target smartphones and tablets in the coming year.
Attackers will target Apple devices in 2011 as well as the growing list of smartphones and tablets being introduced to the workplace, according to a new report from McAfee.
The Santa Clara, Calif-based security firm issued its 2011 Threat Predictions report today, outlining the top threats its researchers identified for the coming year. The security vendor said Apple will no longer fly under the radar. The growing popularity of iPads and iPhones has increased Apple’s marketshare and made the Mac OS platform and Apple’s mobile iOS software a growing target.
“The popularity of iPads and iPhones in business environments, combined with the lack of user understanding of proper security for these devices, will increase the risk for data and identity exposure, and will make Apple botnets and Trojans a common occurrence.”
Apple devices won’t be the only targets. The rising popularity of smartphones and tablet devices in the workplace will prompt attackers to target the devices to gain access to corporate data. Despite mobile malware being virtually non-existent, security researchers have seen malware target devices that have been jailbroken. McAfee said slow adoption of encryption on mobile devices and a fragile cellular infrastructure could put corporate data at a higher level of risk.
Social networking attacks will also become more extreme, according to McAfee researchers. URL-shortening services, which are used on Twitter and Facebook, combined with the high trust factor those social networks have, are making it easy for attackers to quickly spread phishing attacks and gain control of user accounts to spread malware and harvest sensitive data.
“The use of abbreviated URLs on sites like Twitter makes it easy for cybercriminals to mask and direct users to malicious websites. With more than 3,000 shortened URLs per minute being generated, McAfee Labs expects to see a growing number used for spam, scamming and other malicious purposes.”
In addition, the rising popularity of geolocation services used by social networks and mobile applications could make it easier for attackers to generate a highly targeted social engineering attack. The location services, which include Foursquare, Gowalla, Facebook Places and others can be used to track and plot a the location of users.
Geolocation certainly makes it easier to target individuals, but the growing use of Twitter has put some people at risk. At McAfee Focus 2010, Dave Marcus, director of security research and communications demonstrated several free, browser-based search platforms that can help an attacker chart a person’s location based on their Twitter posts. In a few short minutes, Marcus demonstrated how easy it was to identify several users and chart their route to work each morning, based on their Tweets.
“In just a few clicks, cybercriminals can see in real time who is tweeting, where they are located, what they are saying, what their interests are, and what operating systems and applications they are using.”
Other predictions include a growing number of malicious applications used in widely deployed media platforms, such as Google TV. While the applications may not be designed to steal data, they could leak personal information, including privacy and identity data, McAfee said. Like many smartphone applications, applications on media devices are not likely vetted for security and privacy. McAfee also said it expects botnet sophistication to increase with functionality to bypass security mechanisms and law enforcement monitoring.