Stolen digital certificates and malware infested applications aimed at the growing smartphone and tablet markets top M86 Security Lab's predictions for the eight biggest threats to security for 2011.
The frequency of encounters with cyber miscreants may be on the rise as well with the proliferation of Malware as a Service (MaaS).
The criminally inclined are finding a broader range of malicious services they can opt to deploy on a subscription basis in order to steal your sensitive data or money.
Could we likely see cyber crime taken up by weekend hobbyists?
“We haven’t quite seen it yet, but we can certainly see in the next 12 months where you could have a cyber-crime service, and a cyber-criminal just needs to subscribe to that service, and all the different pieces that he’s going to need to perpetrate the cyber-crime are all offered through that service,” says M86 Security's Bradley Anstis, vice president of technology strategy.
As far as stolen or fabricated digital certificates, the technique is already documented as being a factor in the Stuxnet and Lethic malware attacks, both having usedsigned digital certificatesappearing to be from a Taiwanese company, Realtek Semiconductor Corp.
A summary of the fill M86 list is as follows:
- malware that uses stolen digital certificates to bypass whitelisting
- more mobile malware on smartphones
- spam that’s better at mimicking legitimate e-mail
- sophisticated data-stealing Trojans
- more threats on social networks
- HTML 5 becoming a prime target for compromise
- malware-as-a-service offerings increasing
- botnets that come back after takedown attempts
The single biggest threat to information security is the human element.