Wednesday, December 28th 2011

Tomorrow's Internet More Like Yesterday's Internet: McAfee 2012 Threat Predictions

McAfee today unveiled its 2012 Threat Predictions report, outlining the top threats that McAfee foresees for the coming year. The list indicates that emerging threats from 2011 are on track to become the major players for cyberactivity in 2012, including mobile banking, “legal” spam and virtual currency. McAfee Labs also predicts that attacks involving political motivation or notoriety will also make headlines, including high-profile industrial attacks, cyberwarfare demonstrations and hacktivist attacks targeting public figures.

“Many of the threats that will become prominent in 2012 have already been looming under the radar in 2011,” said Vincent Weafer, senior vice president of McAfee Labs. “Over the past year, the general public has become more aware of some of these risks, such as threats to critical infrastructure or the impact of hacktivism as they gain international media attention. In the meantime, we continue to see cybercriminals improving their toolkits and malware and are ready to make a significant impact in 2012.”

McAfee Labs Threat Predictions for 2012:
  • Industrial Attacks: Cybercriminals Target Utilities
    Water, electricity, oil and gas are essential to people’s everyday lives, yet many industrial systems are not prepared for cyberattacks. Many of the environments where SCADA (supervisory control and data acquisition) systems are deployed don’t have stringent security practices. As with recent incidents directed at water utilities in the United States, attackers will continue to leverage this lack of preparedness, if only for blackmail or extortion in 2012.
  • Advertisers Will “Legalize” Spam
    McAfee Labs has seen a drop in global spam volumes in the past two years. However, legitimate advertisers are picking up where the spammers left off, using the same spamming techniques, such as purchasing email lists of users who have “consented” to receive advertising or purchasing customer databases from companies going out of business. McAfee Labs expects to see this “legal” spam and the technique known as “snowshoe spamming” to continue to grow at a faster rate than illegal phishing and confidence scams.
  • Mobile Threats: Attackers will bypass PCs
    2011 has seen the largest levels in mobile malware history. In 2012, McAfee Labs expects for mobile attackers to improve on their skill set and move toward mobile banking attacks. Techniques previously dedicated for online banking, such as stealing from victims while they are still logged on while making it appear that transactions are coming from the legitimate user, will now target mobile banking users. McAfee Labs expects attackers will bypass PCs and go straight after mobile banking apps, as more and more users handle their finances on mobile devices.
  • Embedded Hardware: The Promised Land for sophisticated hackers
    Embedded systems are designed for a specific control function within a larger system and are commonly used in automotive, medical devices, GPS devices, routers, digital cameras and printers. McAfee Labs expects to see proofs-of-concept codes exploiting embedded systems to become more effective in 2012 and beyond. This will require malware that attacks at the hardware layer, and will enable attacks to gain greater control and maintain long-term access to the system and its data. Sophisticated hackers will then have complete control over hardware.
  • Hacktivism: Joining forces online and on the front lines
    McAfee Labs predicts that in 2012, either the “true” Anonymous group will reinvent itself, or die out. Additionally, those leading the digital disruptions will join forces with physical demonstrators, and will target public figures such as politicians, industry leaders, judges and law enforcement, more than ever before.
  • Virtual Currency: A cybercriminal payment plan
    Virtual currency, sometimes called cybercurrency, has become a popular way for people to exchange money online. These online “wallets” are not encrypted and the transactions are public, making them an attractive target for cybercriminals. McAfee Labs expects to see this threat evolve into spam, data theft, tools, support networks and other associated services dedicated to solely exploiting virtual currencies, in order to steal money from unsuspecting victims or to spread malware.
  • Cyberwar: Flexing its muscles
    Countries are vulnerable due to massive dependence on computer systems and a cyberdefense that primarily defends only government and military networks. Many countries realize the crippling potential of cyberattacks against critical infrastructure, such as water, gas and power, and how difficult it is to defend against them. McAfee Labs expects to see countries demonstrate their cyberwar capabilities in 2012, in order to send a message.
  • Rogue Certificates: Untrustworthy and undetectable
    Organizations and individuals tend to trust digitally signed certificates; however, recent threats such as Stuxnet and Duqu used rogue certificates to evade detection. McAfee Labs expects to see the production and circulation of fake rogue certificates increase in 2012. Wide-scale targeting of certificate authorities and the broader use of fraudulent digital certificates will affect key infrastructure and secure browsing and transactions, as well as host-based technologies such as whitelisting and application control.
  • Tomorrow’s internet looks more like yesterday’s internet
    DNSSEC (Domain Name System Security Extensions) are meant to protect a client computer from inadvertently communicating with a host as a result of a “man-in-the-middle” attack. Such an attack redirects the traffic from the intended server (Web page, email, etc.) to another server. Governing bodies around the globe are taking greater interest in establishing “rules of the road” for Internet traffic, and McAfee Labs expects to see more and more instances in which future solutions are hampered by legislative issues.
  • Advances in Operating Systems Moves Hackers “Down and Out”
    New security features baked into the core of the operating system will cause hackers to find alternate entryways: down into the hardware and out of the operating system. Attacking hardware and firmware is not easy, but success allows attackers to create persistent malware in network cards, hard drives and even system BIOS (Basic Input Output System). McAfee Labs expects to see more effort put into hardware and firmware exploits and their related real-world attacks through 2012.
A full copy of the 2012 Threat Predictions report from McAfee Labs can be accessed here (PDF).
Add your own comment

7 Comments on Tomorrow's Internet More Like Yesterday's Internet: McAfee 2012 Threat Predictions

#1
qwerty_lesh
McAfee Labs predicts that in 2012 they will become the next Nostradamus, conquering the world with fear mongering and poppycock.
Posted on Reply
#2
qubit
Overclocked quantum bit
What I don't get about McAfee, is that they're such a big company, yet their products are consistently amongst the worst in the industry. You'd think pumping out garbage would catch up with them at some point, wouldn't you? Even now, being owned by Intel seems to have made no difference.

Sorry for the rant, but this bugs me. I moved to Kaspersky from McAfee years ago and have never looked back.
Posted on Reply
#3
DaJMasta
McAfee appears to hate bitcoin, but doesn't understand how it works.


Even if it's honest and well intentioned, it certainly seems odd for an antivirus software company to be spreading cyber doomsday messages. Oh well, I guess that falls in line for other 2012 doomsday predictions.
Posted on Reply
#4
Breathless
Perhaps they will also predict at some point that customers want an antivirus solution that isn't a bloated piece of feces.
Posted on Reply
#5
_JP_
A prediction I would like to see would be:
McAfee's Total Protection will not hog your RAM.
:p
But I know that is unlikely.
Posted on Reply
#6
Fx
sometimes I wonder if Anonymous is a faction of CIA
Posted on Reply
#7
Solaris17
Creator Solaris Utility DVD
by: qubit
What I don't get about McAfee, is that they're such a big company, yet their products are consistently amongst the worst in the industry. You'd think pumping out garbage would catch up with them at some point, wouldn't you? Even now, being owned by Intel seems to have made no difference.

Sorry for the rant, but this bugs me. I moved to Kaspersky from McAfee years ago and have never looked back.
maybe better stuff is their new years resolution.
Posted on Reply