December 03, 2010, 10:52 AM — Aside from the festivities of the holidays, one thing that always makes December special is the combination of reflecting on the year gone by, and looking ahead to what the next year might hold. It is filled with top 10 lists and predictions on every imaginable topic.
In that spirit, I decided that it's a good time for me to contribute to the annual onslaught of prognostications with a look at what 2011 holds in store for security--with a little help from some outside sources.
[ See also: 2010's biggest security SNAFUs ]
Malware attacks in general have already evolved over the years from a napalm, carpet-bombing approach designed for maximum disruption and notoriety to attacks focused on remaining undetected and stealing money or identity information (in order to steal money in most cases). That evolution is continuing, though, with even more precise attacks.
A MessageLabs blog post explains, "One of the most threatening advances in malware during 2010 broadened the range of targets beyond PCs and servers when the Stuxnet Trojan attacked programmable logic controllers. This specialized malware written to exploit physical infrastructures will continue in 2011 driven by the huge sums of money available to criminal enterprises at low risk of prosecution."
2010 saw the Stuxnet worm--apparently developed specifically with the goal of compromising Iranian nuclear reactor functionality, and the attack launched against Google (and a number of other companies)--seemingly orchestrated by the government of China if the WikiLeaks documents are accurate. Malware attacks are now a tool for both corporate and state-sponsored espionage, giving IT admins one more thing to worry about.
Ripped from the Headlines
Social engineering is all about catching users off guard and luring them into clicking on malicious links or sharing sensitive information. It is common for attackers to exploit breaking news as malware bait. Events like the World Cup tournament, or the BP oil spill in the Gulf of Mexico are popular topics that generate broad interest. Headline news often becomes the bait for malicious spam and phishing attacks, duping unsuspecting victims.