View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 13, 2010

Security firms warn of 2011 mobile threats

Social engineering will also cause IT security headaches

By Steve Evans

Attacks targeted at mobile devices will dominate the threat landscape in 2011, according to two security firms.

Trend Micro and Webroot both believe the proliferation of mobile usage in the enterprise will mean attacks targeted at these devices and their operating systems will increase.

Gerhard Eschelbeck, CTO at Webroot, claims that data held on mobile devices is the next big target for criminals and the newest front in the war on cybercrime. "I predict that mobile platforms will continue to grow at a rapid pace, and we’ll soon reach the threshold level where malware creators start to take notice in significant numbers," he said.

Eschelbeck also addressed the issue of creeping consumerisation of IT, where employees use their personal devices for work purposes. "Users have embraced the advantages of mobile platforms, and even though IT admins may officially consider some or all of them ‘unsupported’ in some organisations, you can’t abandon users who will choose convenience over strict IT policy," he said. "IT admins should embrace these new platforms, and take steps to protect users who insist upon having them, even though doing so may make their work harder."

Trend Micro’s CTO Raimund Genes agrees that mobile will provide a security headache in 2011, with more proof of concept, and some successful, attacks occurring. He told CBR recently that the number of mobile devices in the wild mean that it’s inevitable cybercriminals will turn their attention to attacking them, but the operating systems on board may present a solid line of defence.

"The bad guys out there are realising that there’s money to be made from attacking mobile devices so they are beginning to target them," he told us. "However the likes of Google Android and other newer mobile operating systems have been designed from scratch with security implemented so are more difficult to attack."

Content from our partners
AI is transforming efficiencies and unlocking value for distributors
Collaboration along the entire F&B supply chain can optimise and enhance business
Inside ransomware's hidden costs

Both companies also agreed on the chances of social engineering becoming more of an issue in 2011.

"It doesn’t matter how comprehensive your patch and update schedule is — when a sufficiently convincing spam email reaches a gullible employee, all bets are off," wrote Eschelbeck. "With targeted attacks becoming more common, the best defence against this threat continues to be education. Every user, from the newest administrative assistant to the C-level executives, needs training in identifying and avoiding fraudulent email and other messages, harmful file attachments, and Internet behaviour that can lead to trouble."

Elizabeth Bookman, threats marketing manager at Trend Micro, said social engineering will continue to play a big role in the propagation of threats. "Cybercriminals will focus on malware campaigns that promote malware via cleverly designed email messages that trick users into clicking malicious links that point to download pages. These types of campaign will speed up the proliferation process for downloader malware. The downloader would then randomly generate binaries to avoid detection, as DOWNADConficker and ZeuS-LICAT have done in the past."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.