Mobile Malware Emerging as Significant Threat
While mobile malware accounted for a tiny portion of the overall malware volumes, there was a significant surge of malicious applications. Criminals discovered how easy it was to take existing Android apps and insert several lines of malicious code before repackaging them for online distribution. Apple's iOS platform wasn't immune as security researcher Charlie Miller discovered a way to bypass the process that allowed only signed apps from the iTunes App Store to be installed and run on the iPhone and iPad. As cloud computing and related services exploded in popularity, enterprises also began considering the risks of using those services. Companies like Dropbox and Box.net make it easier for enterprises to share data, but IT departments still have to remember that "bad stuff happens" even in the cloud, Geoff Webb, director of product marketing at Credant Technologies, told eWEEK.The "sobering lesson" of 2011 was that the cloud, despite its advantages, is "neither immune from problems nor does it offer a sanctuary from security and privacy concerns," Webb said, before adding, "Cloud users should tread very, very carefully." Ghosh said the security industry continued to fail to do its job in 2011. End users were still held accountable for the security of the organization, and IT departments continued to buy "reactive" security technology despite the fact that they are not effective in addressing the growing threat landscape, according to Ghosh. The industry won't change or innovate to develop proactive and more effective products as long as customers renew their subscriptions, Ghosh said. "As long as we continue to design systems that depend on users to make correct security decisions, we will continue to blame users and wonder why our networks get compromised," Ghosh said. Users were duped by social engineering attacks over social networking sites and email into clicking on malicious links and opening questionable attachments. These social engineering attempts were accompanied by the tendency to blame the user for infections and compromises. Users were targeted because "they are improperly put in the position of making security decisions, decisions they are not equipped to make," Ghosh said.
A problem with the authentication system used by Dropbox essentially allowed all users to access any files, without the need for an authenticated username and password, which caused organizations to think about encryption and how secure cloud storage really was, Webb said.