Continuing with the summary reports for this year ending 2010 Panda Security has just announced its security forecasts for next year 2011. According to Luis Corrons, technical director of PandaLabs, “we have taken out our crystal ball, and this is, in short, our prediction of the top 10 security trends for 2011 ”:
1.- Creation of malware: The year 2010 is going to close with a significant increase in the number of malware, which we have already been talking about for a few years. In this fiscal year, more than 20 million were created, a figure higher than that created in 2009. Thus, the Panda Collective Intelligence database has classified and stored more than 60 million threats. The year-on-year growth ratio in 2010 was 50%.
2.- Cyberwar: Stuxnet and the Wikileaks leak pointing to the Chinese Government as responsible for the cyber attacks on Google and other targets has marked a before and after in the history of conflicts. In cyber wars there are no sides with a uniform in which the different combatants can be distinguished. We are talking about guerrilla warfare, where it is not known who is attacking, or from where it is attacking, the only thing that can be tried to deduce is the purpose it is pursuing.With Stuxnet, it has become clear that they wanted to interfere in certain plant processes nuclear, specifically in the Uranium centrifuge.
3.- Cyberprotests: The great novelty of 2010. The cyberprotest or cyberactivism, a new movement inaugurated by the Anonymous group and its Operation Payback, aiming at objectives that seek to end Internet piracy first, and supporting Julian Assange, author of Wikileaks, later, has become fashionable. Even users with little technical knowledge can be part of these Distributed Denial of Service attacks (DDoS attacks) or spam campaigns. Even despite the fact that many countries are trying to regulate these types of actions quickly, in order to be considered a crime and, therefore, prosecuted and reprehensible, we believe that in 2011 we will see this type of cyber demonstrations proliferate.
KEEP READING the rest after the jump.
4.- Social engineering: "Man is the only animal that stumbles twice on the same stone." This popular saying is true like life itself, and therefore one of the greatest attack vectors will continue to be the use of so-called social engineering to infect unsuspecting Internet users. Furthermore, cybercriminals have found an ideal breeding ground in social networks, where users are even more trusting than when using other types of tools, such as e-mail.During 2010 we have seen several attacks whose distribution headquarters have been the two most used networks worldwide: Facebook and Twitter. In 2011 we will see not only how they are consolidated as a tool for hackers, but they will continue to grow in terms of distributed attacks.
5.- Windows 7 will affect the development of malware: As we discussed last year, we will need at least two years to begin to see threats specifically designed for Windows 7 proliferate. In 2010 we have seen some movements in this direction, but we believe that in 2011 we will continue to see new cases of malware that seek to attack more and more users of the new operating system.
6.- Mobile: This remains the eternal question: when will mobile malware take off? Well, it seems that new attacks could be seen in 2011, but not massively either. Most of the current attacks are directed at mobiles with Symbian, an operating system that tends to disappear.
7.- Tablets ?: The dominance of the iPad is total in this field, but soon there will be competitors offering interesting alternatives. In any case, except for some proof of concept or anecdotal attack, we do not believe that in 2011 tablets will be the main target of cybercriminals.
8.-Mac: Malware for Mac is, and will continue to be. The number will grow as your market share continues to grow. The most worrying thing is the number of security holes Apple has in its Operating System: it better be quickly remedied, since cybercriminals are aware of this and the ease that these security holes entail to distribute malware.
9.- HTML5: The one that could turn out to be the replacement for Flash, HTML5, is a perfect candidate for all types of criminals. The fact that it can be executed by browsers without the need for any plugin makes it even more appealing to be able to find a hole that could reach users' computers regardless of the browser used. We will see the first attacks in the coming months.
10.- Encrypted and rapidly changing threats: We have already seen this movement in the last two years, and we will witness an even greater increase in 2011. That malware is designed for financial gain is nothing new. That to achieve this, it uses social engineering to deceive users and tends to be as silent as possible so that the victims do not find out that they are infected, it is not either. But the same mechanism of making it more and more silent means that more and more obfuscated copies are received in the laboratory and with encryption mechanisms, ready to connect to a server and be updated quickly at the time that security companies are capable of detect them, and increasingly targeting specific users.