Feature
Cyber-threat evolution: the year ahead

https://doi.org/10.1016/S1361-3723(12)70052-0Get rights and content

Last year, 2011, was the year that virtually all global players signalled their readiness to develop and deploy cyber-weapons. The mass hysteria sparked by the discovery of the Stuxnet worm in 2010 led a number of states to start treating the use of cyber-weapons against them as an act of war. However, by doing so, they are losing sight of some very important aspects of this type of threat. Take, for instance, Stuxnet. It was a unique phenomenon, designed exclusively for use at a specific time and at a specific place. And there was no readily available military solution to combat it.

2011 witnessed the development of many new types of threat. For example, cyber-weapons such as Stuxnet generated an almost hysterical response, but were highly specialised. However, other cyber-weapons, such as logic bombs, may become more common.

Targeted attacks are on the increase, but so is the industry that has sprung up to counteract them. The focus will move to the browser and mobile devices. Over the next year, attacks on online banking systems will be one of the most widespread methods of stealing money. And the problems of hacktivism and leaks of personal data will increase. Aleks Gostev of Kaspersky examines what all this means.

Section snippets

Mass targeted attacks

In 2011 we witnessed the emergence of new sources of malware and targeted cyber-attacks. This year we expect to see a significant increase in the number of new players and threats as well as high-profile incidents.

A far more effective detection process will also play a role in boosting the number of recorded attacks. An entirely separate field of the IT security industry has sprung up as a result of the problems associated with detecting and combating targeted attacks, and large companies are

Mobile threats

The unwanted attention that the Android platform has received from virus writers will intensify. In 2012, cyber-criminals targeting mobile platforms will focus heavily on creating malware for Google Android. The dramatic growth in malicious programs for Android in the second half of 2011 saw Google's operating system rank first among mobile platforms in terms of the number of threats, and there is little to suggest that the virus writers will shift their focus anytime in the near future.

Other mobile platforms

  • Symbian: for a long time the most popular platform among users and virus writers. Now losing ground on the mobile OS market and among cyber-criminals. Therefore, we don't expect to see significant amounts of malware for this platform.

  • J2ME: we will continue to see quite a few malicious programs (more precisely, SMS trojans) for Java 2 Micro Edition. However, their number will either remain at the same level or decrease.

  • Windows Mobile: a platform that has never attracted much attention from

Attacks on online banking

Over the next year, attacks on online banking systems will be one of the most widespread methods of stealing money from ordinary users. The number of crimes committed in this area is rising rapidly all over the world in spite of all the technical measures taken by banks.

In the near future, it is likely that there will be more cases of unauthorised access to online banking systems in Asian countries. That is because these services are rapidly developing in South-East Asia and China, while the

Users' private lives

The problem of protecting users' confidential data is gradually becoming one of the hottest topics in IT security. Russian users have seen data leak from cellphone operators and e-commerce sites, there were the stories about the mobile software from CarrierIQ and the storing of geolocation data in iPad/iPhone, data thefts from tens of millions of clients of various systems in South Korea, the hacking of Sony PlayStation Network – to name just a few of the high-profile events that took place in

Hacktivism

Hacktivism, or hacker attacks as a form of protest, is now experiencing a revival and reaching new levels. Multiple attacks on various government institutions and businesses will continue despite all the efforts of authorities arresting high-profile hacktivists. Hacktivism will increasingly have political implications, and this will be a more serious trend than in 2011 when most attacks targeted corporations or were carried out just for ‘lulz’.

Hacktivism – a major feature of 2011 – is

Conclusions

In summary, expect to see the following events and trends next year in the field of cyber-criminal activities:

  • Cyber-weapons such as Stuxnet will be tailor-made for specific cases only. Cyber-criminals will increasingly use simpler tools, such as kill switches, logic bombs and so on to destroy data at a required time.

  • The number of targeted attacks will continue to grow. Cyber-criminals will begin using new infection methods, as the effectiveness of existing methods diminishes. The range of

About the author

Aleks Gostev is chief security expert with the Global Research & Analysis Team at Kaspersky Lab. He founded and led the team from 2008 before moving to his current position in 2010. Gostev analyses all aspects of information security, with a focus on new threats and mobile malware. His research and analytical articles are published both on dedicated IT sites and in the mass media. He has been with the company since 2002 and is based in Moscow. Prior to joining Kaspersky Lab,

References (0)

Cited by (0)

About the author

Aleks Gostev is chief security expert with the Global Research & Analysis Team at Kaspersky Lab. He founded and led the team from 2008 before moving to his current position in 2010. Gostev analyses all aspects of information security, with a focus on new threats and mobile malware. His research and analytical articles are published both on dedicated IT sites and in the mass media. He has been with the company since 2002 and is based in Moscow. Prior to joining Kaspersky Lab, Gostev worked as CTO for KomiSat and before that as manager of the ISP department at Komitex and as a systems administrator for SMZ. In 1996, he founded the Republic of Komi Antivirus Center and in 1998, he acted as project co-ordinator for the Wildlist Russia Project, an initiative which was launched with the aim of collecting and analysing information about malware outbreaks in the Russian Federation.

View full text