Cyber-criminals will target Apple products, Google TV, geo-location services such as Foursquare and Gowalla, and other social media sites in 2011, far more than traditional e-mail methods, said McAfee Labs researchers.
Researchers at McAfee Labs predicted on Dec. 28 that
cyber-criminals will target the latest and talked about online platforms,
including Google TV, Apple's iPhone, and foursquare, in 2011.
Noting that the threats landscape has "changed
considerably" in 2010, McAfee Labs' 2011 Threat Predictions report said
criminals will exploit geo-location services, social networking tools, mobile
devices and other online platforms in 2011. The "marked" increase in malware
sophistication is also expected to continue, according to the report.
The report painted a particularly bleak picture for
Apple, which had long flown under the malware radar. Cyber-criminals had ignored
the smaller Mac market in favor of the larger Windows user base, but security
experts had predicted it was just a matter of time.
"Mac users must remember that less targeted is not
the same as invulnerable," said Richard Wang, manager of SophosLabs.
will "continue to increase in
sophistication" in 2011, according to McAfee Labs, as criminals take aim at Mac
OS X, iPads and iPhones. The popularity
of these products, especially in the business environment, combined with the
"lack of user understanding
" about securing them, will make "Apple botnets and
Trojans" a "common occurrence" rather than a "rare encounter," predicted the
The threat is not limited to just the iPhone, but for all
. "We expect attacks to erupt at any time, yet they never quite
seem to happen," but 2011 will be a "turning point," the researchers wrote. Several
new mobile threats in 2010, such as rootkits for Android and the Zeus banking
Trojan/botnet, hint at newer attacks and the "long-anticipated" explosion up
ahead, the report said.
Cyber-criminals will respond to the intense buzz around
platforms, such as the growing demand for Internet TV and the shift towards a
more application-centric environment. McAfee Labs expects to see malicious apps
that target or expose privacy data on new platforms such as Google TV
may be used to manipulate physical devices through compromised home-, work-
and device-controlling applications. Applications that have been poorly
developed with weak security protection because of the "rush to market"
mentality will provide inviting avenues for app-centric privacy and data
, the researchers wrote.
According to the report, 2010 is ending with "some of the
lowest" global spam levels in years, driven mainly in part because users are
moving away from "slower" e-mail communications to more "immediate" methods
such as instant messaging and Twitter. Malware will look more legitimate,
whether it's because the messages appear to come from friends and family, or
using signatures and certificates to trick security applications. Eventually,
social media attacks will overtake e-mail as the leading attack vector,
according to the report.
Cyber-criminals will also abuse URL shorteners to drive
people to their malicious sites since it is not clear at first glance where the
URLs are pointing. The "nominal convenience" of having short URLs will have "a
tremendous impact on the success of cyber-criminals and scammers," said the report.
McAfee Labs currently tracks and analyzes more than 3,000 shortened URLs per
minute, and a growing number of them are used for spam, online scams and
"other malicious purposes."
Spam in URL shorteners are particularly tricky to
control, as Facebook found over Christmas. The social networking site said it
blocked all j.mp shortened URL links because more than 70 percent of j.mp links
redirected customers to spam and malicious sites. While the j.mp ban has been
lifted, Facebook still suggests users exercise caution.
The "massive" amount of personal information online
combined with users unaware of how to properly secure the information opens
them up to identity theft and user profiling, the researchers said. With social
media making it easy to see and track individuals and groups, including their
likes and dislikes, affiliations and interest, there will be more instances of
spear phishing, or targeted attacks, the report said.
Internet users are also adding geo-location information
to their social media profiles to publicize where they are. Locative services
such as foursquare, Gowalla, and Facebook Places, or just turning on location
info on Twitter gives cyber-criminals even more information about their
potential victims. It is "child's play" to craft a targeted attack, predicted
"Personalized attacks are about to get a whole lot more
personal," the researchers wrote.
Spam volumes are also down because of successes by law
enforcement in shutting down some major botnets
, including the Mariposa,
Bredolab and Zeus networks. To evade shutdown, more botnets will merge,
similar to SpyEye and Zeus
, or apply sophisticated features such as more
targeted attacks and advanced data-gathering. They will also employ Facebook, Twitter
and other geo-location services, the researchers predicted.