The general trend shows the growing professionalization and commercialization of what the Information Security Forum calls the ‘malspace’. One-third of all malware ever discovered by PandaLabs was discovered during 2011, showing, says PandaLabs, “cyber-criminals’ sheer capacity to automate the creation of new malware variants.” One example comes from the new attack against Mac: rogueware called MacDefender. Within hours of Apple’s patch, new variants of the malware could by-pass it.
Some of what happened last year was inevitable and expected. We always knew that cyberwarfare was either coming or was already happening unnoticed. Stuxnet in 2010 suggested that; but in 2011 it was proven when “Israel Defense Forces Chief of Staff General Gabi Ashkenazi took credit for it in his farewell party.” Last year we had Stuxnet 2.0, or Duqu, and increasing attacks against both infrastructure and military targets. While fingers point at China as the usual culprit, PandaLabs points out that “China itself must be suffering attacks from others... and has admitted that it was hit by nearly 500,000 cyber-attacks last year, about half of which originated from foreign countries.”
Growth in mobile malware, particularly directed at the increasingly popular Android platform, was also inevitable. A Zeus variant appeared early in the year, and if this was not enough, “we learned that Android has some very basic security holes, as shown by the fact that it stores the passwords for email accounts on the phone’s file system in plain text, with no encryption,” says the report.
The report also gives an overview of the rise of cyber-activism (hacktivism) last year, typified by the ‘war’ between Anonymous and HBGary Federal. Aaron Barr, CEO of HBGary Federal, claimed to know the names of Anonymous leaders, and said he would make them public. “Anonymous then threatened to hack into the company... and managed to do so in less than an hour,” gaining evidence of some dubious practices “such as the proposal to develop a rootkit.” Aaron Barr stood down.
For 2012, the PandaLabs report suggests that “cyber-espionage and social networking attacks will be the predominant threats to safeguard against this year.” But don’t let it spoil your enjoyment of online banking and shopping, social networking, music and books, it adds. “You just need to take a few precautions.”