PandaLabs' technical director, Luis Corrons, believes that 2012 will be a year of transition. “We'll see new cross-platform operating systems, such as Windows 8 running on PCs, tablets and smartphones. We’ll see new technologies, such as NFC-based payment systems. And we’ll see new preferred targets: small and medium sized companies. The number of threats will increase – as it has been for the last 20 years – and the most-targeted platform will again be Windows-based computers. However, there will also be an increase in attacks on other platforms – smartphones, tablets and Mac computers – due to the market share they're gaining.”
On cyber-espionage, Corrons explains that since we live in a world where information is digital, “modern-day spies no longer need to infiltrate a building to steal information. As long as they have the necessary computer skills, they can wreak havoc and access the best-kept secrets of organizations without ever leaving their living-rooms.” Cyber-espionage is easier, safer and far more cost-effective than the James Bond method. He further believes that the original cyber-espionage (the theft of intellectual property and trade secrets) is spilling over into new cyber-warfare (the theft of state-secrets). Cyber-espionage-war “will become more than ever a reality,” he explains, “as we learn how different governments such as China, the US, and the UK, allocate specific budgets for it.”
Corrons believes that small and medium sized businesses will become an increasing target in the future. The reason is the same argument for criminals to attack bank customers rather than the banks themselves: volume of targets and relatively weak security. SMBs, who usually don’t have a dedicated security team, says Corrons, tend not to have strong security, “and this makes them very attractive for cyber-thieves, who can steal data from hundreds or thousands of users in one go.”
At home (and, let’s face it, at work) both attacks on and exploitation of social networks will continue. “From an end user point of view, the main attack field for the cybercriminals will be social networks,” predicts Corrons, “as this is the place users spend most of the time while being online.
“Social networking sites provide a space where users feel safe as they interact with friends and family. The problem is that attackers are creating worms that take advantage of that false sense of security to spread their creations, and it is really easy for them to trick users with generic messages like ‘Look, you’re on this video’ for example. Sometimes, curiosity can be our own worst enemy.”
Criminals also use social media to gather the personal intelligence used in socially engineered spear phishing attacks.