Mobile attackers to enhance mobile banking attacks in 2012 : McAfee

McAfee has unveiled its 2012 Threat Predictions
report, outlining the top threats that McAfee foresees for the coming year.

Industrial Attacks: Cybercriminals Target Utilities

Water, electricity, oil and gas are essential to people’s
everyday lives, yet many industrial systems are not prepared for cyberattacks.
Many of the environments where SCADA (supervisory control and data acquisition)
systems are deployed don’t have stringent security practices. As with recent
incidents directed at water utilities in the United States, attackers will
continue to leverage this lack of preparedness, if only for blackmail or
extortion in 2012.

Advertisers Will Legalize Spam

McAfee Labs has seen a drop in global spam volumes in the
past two years. However, legitimate advertisers are picking up where the
spammers left off, using the same spamming techniques, such as purchasing email
lists of users who have consented” to receive advertising or purchasing
customer databases from companies going out of business. McAfee Labs expects to
see this legal” spam and the technique known as snowshoe spamming” to
continue to grow at a faster rate than illegal phishing and confidence scams.

Mobile Threats: Attackers will bypass PCs

2011 has seen the largest levels in mobile malware
history. In 2012, McAfee Labs expects for mobile attackers to improve on their
skill set and move toward mobile banking attacks. Techniques previously
dedicated for online banking, such as stealing from victims while they are
still logged on while making it appear that transactions are coming from the
legitimate user, will now target mobile banking users. McAfee Labs expects
attackers will bypass PCs and go straight after mobile banking apps, as more
and more users handle their finances on mobile devices.

Embedded Hardware: The Promised Land for sophisticated

Embedded systems are designed for a specific control
function within a larger system and are commonly used in automotive, medical
devices, GPS devices, routers, digital cameras and printers. McAfee Labs
expects to see proofs-of-concept codes exploiting embedded systems to become
more effective in 2012 and beyond. This will require malware that attacks at
the hardware layer, and will enable attacks to gain greater control and
maintain long-term access to the system and its data. Sophisticated hackers
will then have complete control over hardware.

Hacktivism: Joining forces online and on the front lines

McAfee Labs predicts that in 2012, either the true”
Anonymous group will reinvent itself, or die out. Additionally, those leading
the digital disruptions will join forces with physical demonstrators, and will
target public figures such as politicians, industry leaders, judges and law
enforcement, more than ever before.

Virtual Currency: A cybercriminal payment plan

Virtual currency, sometimes called cybercurrency, has
become a popular way for people to exchange money online. These online wallets
are not encrypted and the transactions are public, making them an attractive
target for cybercriminals. McAfee Labs expects to see this threat evolve into
spam, data theft, tools, support networks and other associated services
dedicated to solely exploiting virtual currencies, in order to steal money from
unsuspecting victims or to spread malware.

Cyberwar: Flexing its muscles

Countries are vulnerable due to massive dependence on
computer systems and a cyberdefense that primarily defends only government and
military networks. Many countries realize the crippling potential of
cyberattacks against critical infrastructure, such as water, gas and power, and
how difficult it is to defend against them. McAfee Labs expects to see
countries demonstrate their cyberwar capabilities in 2012, in order to send a

Rogue Certificates: Untrustworthy and undetectable

Organizations and individuals tend to trust digitally
signed certificates; however, recent threats such as Stuxnet and Duqu used
rogue certificates to evade detection. McAfee Labs expects to see the
production and circulation of fake rogue certificates increase in 2012.
Wide-scale targeting of certificate authorities and the broader use of
fraudulent digital certificates will affect key infrastructure and secure
browsing and transactions, as well as host-based technologies such as
whitelisting and application control.

Tomorrow’s internet looks more like yesterday’s internet

DNSSEC (Domain Name System Security Extensions) are meant
to protect a client computer from inadvertently communicating with a host as a
result of a man-in-the-middle” attack. Such an attack redirects the traffic
from the intended server (Web page, email, etc.) to another server. Governing
bodies around the globe are taking greater interest in establishing rules of
the road” for Internet traffic, and McAfee Labs expects to see more and more
instances in which future solutions are hampered by legislative issues.

Advances in Operating Systems Moves Hackers Down and Out

New security features baked into the core of the
operating system will cause hackers to find alternate entryways: down into the
hardware and out of the operating system. Attacking hardware and firmware is
not easy, but success allows attackers to create persistent malware in network
cards, hard drives and even system BIOS (Basic Input Output System). McAfee
Labs expects to see more effort put into hardware and firmware exploits and
their related real-world attacks through 2012.

By Team
[email protected]