Attacks targeted at mobile devices will dominate the threat landscape in 2011, according to two security firms.
Trend Micro and Webroot both believe the proliferation of mobile usage in the enterprise will mean attacks targeted at these devices and their operating systems will increase.
Gerhard Eschelbeck, CTO at Webroot, claims that data held on mobile devices is the next big target for criminals and the newest front in the war on cybercrime. "I predict that mobile platforms will continue to grow at a rapid pace, and we’ll soon reach the threshold level where malware creators start to take notice in significant numbers," he said.
Eschelbeck also addressed the issue of creeping consumerisation of IT, where employees use their personal devices for work purposes. "Users have embraced the advantages of mobile platforms, and even though IT admins may officially consider some or all of them ‘unsupported’ in some organisations, you can’t abandon users who will choose convenience over strict IT policy," he said. "IT admins should embrace these new platforms, and take steps to protect users who insist upon having them, even though doing so may make their work harder."
Trend Micro’s CTO Raimund Genes agrees that mobile will provide a security headache in 2011, with more proof of concept, and some successful, attacks occurring. He told CBR recently that the number of mobile devices in the wild mean that it’s inevitable cybercriminals will turn their attention to attacking them, but the operating systems on board may present a solid line of defence.
"The bad guys out there are realising that there’s money to be made from attacking mobile devices so they are beginning to target them," he told us. "However the likes of Google Android and other newer mobile operating systems have been designed from scratch with security implemented so are more difficult to attack."
Both companies also agreed on the chances of social engineering becoming more of an issue in 2011.
"It doesn’t matter how comprehensive your patch and update schedule is — when a sufficiently convincing spam email reaches a gullible employee, all bets are off," wrote Eschelbeck. "With targeted attacks becoming more common, the best defence against this threat continues to be education. Every user, from the newest administrative assistant to the C-level executives, needs training in identifying and avoiding fraudulent email and other messages, harmful file attachments, and Internet behaviour that can lead to trouble."
Elizabeth Bookman, threats marketing manager at Trend Micro, said social engineering will continue to play a big role in the propagation of threats. "Cybercriminals will focus on malware campaigns that promote malware via cleverly designed email messages that trick users into clicking malicious links that point to download pages. These types of campaign will speed up the proliferation process for downloader malware. The downloader would then randomly generate binaries to avoid detection, as DOWNADConficker and ZeuS-LICAT have done in the past."