f5-nz logo
Story image

2012 Security Predictions

01 Dec 2011

Ransomware to Take Mobile Devices HostageOver the past few years, FortiGuard Labs has witnessed the evolution and success of "ransomware” (an infection that holds a device "hostage” until a "ransom” payment is delivered) on the PC. Mobile malware that utilize exploits have also been observed, along with social engineering tricks that lead to root access on the infected device. With root access comes more control and elevated privileges, suitable for the likes of ransomware. Worming into AndroidWorms, i.e., malware that is able to quickly propagate from one device to another, have by and large remained absent from the Android operating system, but this may change in 2012. Unlike Cabir, the first Symbian worm discovered in 2004, Android malware developers most likely won’t be using Bluetooth or computer sync to spread out because of their limited ranges. Instead, the team believes the threat will come from either poisoned SMS messages that include a link that contains the worm or through infected links on social networks, such as Facebook and Twitter.Polymorphism Want a Cracker? There’s no denying that Android-based malware has gotten more diverse and complex. Polymorphism is malware that is capable of automatically mutating, making it extremely difficult to identify and thus destroy. The team has previously encountered polymorphism on Windows Mobile phones and believes it’s only a matter of time before the malware appears on Android devices.Sponsored Attacks The FortiGuard team often talks about Crime as a Service (CaaS), which is just like Software as a Service (SaaS), but instead of offering legal and helpful services though the Internet, criminal syndicates are offering illegal and detrimental services, such as infecting large quantities of computers, sending spam and even launching direct denial of service (DDoS) attacks. If you’ve got the money, there’s a good chance you can find a CaaS provider to help you out. What we may see evolving in 2012 is that instead of hiring a CaaS outfit for blanket attacks, we’re going to see more strategic and targeted attacks on companies and individuals. Admittedly, this prediction will be tough to monitor because without "freedom of information” legislation in place, many of these discovered cases will be settled out of court with verdicts not being released publicly. Hacking a Good CauseWhile Anonymous has been alive and kicking in one capacity or another since its formation on 4Chan.org in 2003, only in the last year have the loosely organised anarchists started using their power to attack large, high profile targets such as Sony. More hacktivist groups were formed in 2011 (most notably LulzSec), and more will likely rise in 2012. What FortiGuard found interesting about Anonymous towards the end of the year, was how the group started to use their power for "good.” Case in point, they’ve recently threatened to unmask Mexican drug cartel members and they recently helped authorities break up a child porn ring. FortiGuard expects to see more examples of "hacktivist” justice in 2012.. Check out this list from Fortinet, a Sunnyvale-based firm specializing in network security appliances, on its top security predictions for 2012. This is just a sneak peek – to view the full list visit tinyurl.com/7ap2tep