The 'Emerging Cyber Threats Report 2012' noted that mobile applications rely increasingly on the browser, presenting unique challenges to security in terms of usability and scale.
“It is getting much harder to deal with the threats on the mobile device….It is not whether threats are going to move to mobile devices, but as we work on addressing them, what are some of the challenges we have to deal with”, Mustaque Ahamad, director of the Georgia Tech Information Security Center, told Infosecurity.
The report advised mobile users to expect cybercriminals to launch compound threats targeting mobile devices using SMS, e-mail, and the mobile Web browser and then to silently record and steal data.
The report also cautioned about online search poisoning. In a typical search poisoning event, a user searches a term then clicks a particular link from among the search results. The user is redirected to a page that is used as a vector to deliver malware, the report explained.
Attackers are doing their own search engine optimization to get their malicious sites to rank highly in search results. Malicious sites are also getting better at hiding their malicious payloads from the search engine crawlers. If they detect a crawler, they will present a clean web page to remain undetected, the report noted.
Also, the report predicted that advanced persistent threat (APT) adversaries will continue to adapt to security measures and exploit human error, lack of user education, and weak passwords.
“Persistent is the key word here. They might not be that advanced, but they are persistent, and they are going to evolve, so defenses against them will have to evolve”, Ahamad said.
The report predicts that APT adversaries will increasingly use botnets to carry out their attacks. “While botnets have plagued the Internet for some time, their usage in advanced persistent threats is evolving, as are the tactics, techniques and procedures for command and control”, the report explained.
APT adversaries could query botnet operators to identify compromised machines belonging to a particular company or organization in their crosshairs. The adversary may ask the botnet operator if he can run some queries against the machines to determine the operating system, applications running, and type of function they perform to gather information for creating a targeted attack. In many cases, adversaries will pay top dollar for the information, providing a new and lucrative source of revenue for botnet operators, according to the Georgia Tech report.