McAfee: Coming cyber threats to target mobile devices, official secrets

The biggest cyber threats in 2011 are expected to include, among other new risks, malicious applications on mobile devices and attacks aimed at stealing government secrets and sabotaging business operations, according to McAfee.

The computer security firm annually issues a list predicting what will be the biggest cyber scares during the coming year. New for 2011 is the projection that perpetrators will target social media communications on mobile devices -- a means of interaction that businesses, including agencies, increasingly depend on for work.

The societal shift from desk-based e-mail communications to mobile instant messaging and Twitter insta-blogging has transformed the threat landscape, according to the report.

The authors, all specialists employed by McAfee Labs, the firm's research arm, expect to see apps -- online tools for mobile devices -- expose privacy and identity data.

"These tools have historically weak coding and security practices, and will allow cybercriminals to manipulate a variety of physical devices through compromised or controlled apps," the researchers wrote.

McAfee Labs anticipates that attackers will hide malicious software in programs that look like legitimate applications, including federal data apps, Dmitri Alperovitch, the study's co-author and McAfee's vice president for threat research, said in an interview. According to the threat list, "friendly fire" malware, which appears to come from contacts on social networks, will grow.

"Social media connections will eventually replace e-mail as the primary vector for distributing malicious code and links," the authors wrote. "The massive amount of personal information online coupled with the lack of user knowledge of how to secure this data will make it far easier for cybercriminals to engage in identity theft and user profiling than ever before."

For example, phishing -- traditionally scam e-mails that appear to come from your bank or from Nigerians -- will move to Twitter because e-mail is no longer vulnerable, Alperovitch said. "E-mail is a fairly well-protected channel these days, and people are starting to finally get the message that if that they get an e-mail that looks too good to be true ... it potentially needs to be reported," he added.

The transition to mobile communications also creates an easy opportunity for fraud purveyors to pinpoint the location of potential victims. More Internet users are logging on to the Web via portable devices with Global Positioning System satellite technology. Many GPS tools essentially broadcast people's coordinates to friends and colleagues so they can see where they are.

"You can easily search, track and plot the whereabouts of friends and strangers," the report stated. "In just a few clicks cybercriminals can see in real time who is Tweeting and where, what they are saying, what their interests are, and the operating systems and applications they are using."

In 2011, shortened Web addresses -- ideal for inserting website locations in word-constrained mobile messages and Tweets -- will become ideal for masking fake websites, the researchers noted.

"The trouble -- and abuse -- follows because users do not know where these shortened links actually lead until they click them," they wrote.

Alperovitch said malware distributors and phishers will start using these abbreviated Web addresses, or short URLs, to bypass the Web-filtering tools in offices.

But information technology managers cannot prohibit federal officials from conducting business via mobile devices, as President Obama demonstrated when he refused to part with his BlackBerry upon taking office.

"The real answer is not to fight these things because they will get in," Alperovitch said. "The key is to make sure they are secure."

The motivation of attackers also is changing, according to the study. Instead of carrying out attacks to steal money or to send a political message, some groups, including nation-states and corporations, increasingly are interested in stealing intelligence.

McAfee defines these new so-called advanced persistent threats as government or organization-sponsored attempts at cyberespionage or cybersabotage for something other than political protest, or financial gain.

Work mobile devices will become breeding grounds for APTs, Alperovitch said. "Those are essentially full-blown computers now -- and they are connected to the network," he added.

"Companies of all sizes that have any involvement in national security or major global economic activities should expect to come under pervasive and continuous APT attacks that go after e-mail archives, document stores, intellectual property repositories and other databases," the authors wrote.

Other 2011 predictions detailed in the report: Cybercriminals will target more Apple-manufactured technologies; botnets -- compromised computers that hackers hijack all at once to send viruses -- will filch data from breached computers instead of sending spam; and "hacktivism" attacks, intended to discredit political opponents, will intensify.

"The popularity of iPads and iPhones in business environments and the easy portability of malicious code between them could put many users and businesses at risk next year and beyond," the researchers wrote, adding botnets will be a common occurrence on Apple platforms in 2011.

More activists will mimic the WikiLeaks model of harming companies and individuals by manipulating their online operations, as sympathizers of the document-leaking site did by knocking MasterCard services offline. The company stopped processing payments for WikiLeaks because the site violated MasterCard's acceptable use policies.

"Hacktivism as a diversion could be the first step in cyberwarfare," where governments secretly arm grass-roots groups with sophisticated cyber weapons, the report warned. Alperovitch explained that hacktivism initiated by nongovernmental organizations serves as a good cover for government-sponsored cyberwar. It grants nation-states plausible deniability, he said.

"Everyone within information security will have to be vigilant to recognize the difference between hacktivism and the beginning of a cyberwar," the authors write. "As in the physical world, we expect that hacktivist attacks will inspire and foment riots and other real-world demonstrations."