Editorial, Issues 65 - November 2003, brought to you by the publishers of Australasian Science

2012 McAfee Threat Predictions

A look at the latest threats that could affect consumers this coming year

Gary Davis
Director of Global Consumer Product Marketing, McAfee

Each year, McAfee Labs™ looks at the trends that they’ve seen over the past 12 months to make predictions about the types of security threats they expect to see in 2012. While looking into the future can be hit or miss, looking at trends and motives can give us a good idea of what to look out for so we are not caught unprepared.

For the most part, 2012 looks like it will contain an elevation of many of the threats that we have recently seen gaining momentum. Here’s a look at some of the consumer-facing threats that you should be aware of as we head into the New Year:

1. Disrupted utilities like water and power
You may remember earlier in the year when Southern California water systems hired a hacker to find vulnerabilities in its computer networks. The hacker had no trouble seizing control of their equipment and adding chemicals to the drinking water—in one day.

This is the kind of industrial threat that unnerves many consumers. Unfortunately, many industrial and national infrastructure networks were not designed for modern connectivity, making them vulnerable.

We expect attackers to take advantage of the situation in 2012, if only for blackmail or extortion, but in a worst-case scenario public utilities such as water and electrical services could be disrupted.

2. Affecting political change through hacktivism
Basically, hactivism is the use of computers or computer networks to protest or promote political change.

A great example of this is the “Anonymous” group which was active last year doing high profile activities such as briefly taking down New York Stock Exchange’s website in support of the Occupy Wall Street protests.

If there’s one thing that hactivists proved in 2011 it is that when they pick a target they can compromise it. We expect more organized digital disruptions to come in 2012. This means public figures such as politicians, political groups and industry leaders could be targeted for political or ideological means. As a result, the websites and systems that consumers normally use could fall victim to attack.

3. More spam in your inbox
The new trend in spamming is sending emails from advertising companies that obtain their email lists through shady but legal means. They may buy the lists from companies that are going out of business or partner with other advertising entities or mail-list providers without taking into account privacy policies.

They can do this because under the U.S.’ CAN-SPAM Act advertisers are not required to receive consent before sending advertising. Since this method is cheaper and less risky than bombarding us with spam from networks of compromised computers, we expect this activity to continue to grow through 2012, possibly resulting in more spam in your inbox.

4. Malware aimed at mobile phones
Attacking your computer is so 2011! Cybercriminals are now testing their creativity with mobile malware in the form of malicious applications. Once downloaded, they can deliver a variety of ads or even send expensive text messages from your phone. The twist is that they are using “botnets”—a collection of compromised computers that have traditionally been used to do things like send spam—to target mobile platforms.

Mobile malware is not common now, but we do expect these attacks to increase through next year. This may mean you could see unwanted ads and malicious applications on your phone.

5. Compromised cars, GPS trackers, and other devices
You know your PC can be attacked, but what about your car? Cybercriminals are now targeting embedded operating systems or even hardware to gain control of everything from cars to GPS trackers and medical equipment. They can do this two ways–either through infiltrating the device when it’s being manufactured or through the easier route of tricking users into downloading malware that can penetrate the “root” of the system.

While hackers have been playing with these kinds of attacks in the last year, we expect them to become more effective in 2012 and beyond, potentially affecting systems such as consumer electronics.

6. Cyberwar
Will 2012 be the year of cyberwar? We’ve recently seen an increase in high-tech spying and other “cyber” techniques to gain intelligence, albeit on a small scale. But many countries are now realizing the crippling potential of cyberattacks against critical infrastructure, and realize how hard they are to defend. Hopefully, it won’t come to this but the dangerous possibility is still out there.

Tips for Protecting Yourself in 2012

1. Don’t be part of the problem.
Many of the techniques that hackers and hacktivists use rely upon botnets. Botnets take over your computer and allow hackers to use your system to send spam email or execute attacks. Be wary of sites that ask you to download additional software, and download only from companies you trust. Never click on a link in a spam email or IM from someone you don’t know—it might download a bot onto your machine without your knowledge. Turn your computer off when you are not using it – when you are disconnected from the Internet cybercrooks can’t access your machine

2. Protect your PC and Mac.
Make sure you have an up-to-date security suite installed, including anti-virus, anti-spyware, a firewall, and a website safety advisor.

3. Use strong passwords.
Especially if you work at a financial institution, utility/energy, or telecommunications company you could be a target for hackers looking for ways to get into systems. Keep the bad guys out of your accounts at work and at home. Create passwords that combine letters (upper and lower case), numbers, special characters, and are more than six characters in length. An example of a strong password would be: Go1dM!n3. Frequent changing of passwords is key. Keep in mind that a “strong” password does not help if it’s posted or sold in a public forum.

4. Be extra vigilant when reviewing and responding to emails.
Avoid being the victim of a spearphishing or phishing attack, which hackers can use to target your work email to access important systems. Only reply to emails from known parties and don’t provide personal information to a company that requests it through email. Watch out for too-good-to-be-true offers and never agree to reveal your personal information just to participate in a promotion.

5. Protect your smartphone or tablet.
Only download mobile apps from official app stores. Read user reviews before downloading and only use Apps from stores like iTunes and the Android Market. Consider mobile malware threat protection, not only to protect against viruses and for safe mobile surfing, but to also safeguard privacy in the event of loss or theft. For the many consumers who own multiple devices, McAfee® All Access is a simple and cost-effective solution for protecting a wide range of Internet connected devices on different platforms including mobile devices.

In Summary
As technology evolves and our use of the Internet and mobile devices becomes more complex, cybercriminals are also evolving and honing their skills with new types of attacks. But although some of the threats may seem scary, the reality is many offer new takes on old forms of attack and with a little bit of foresight and preparedness we can guard against them.

The full report is at http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2012.pdf

Issues: Published by Control Publications, publishers of Australasian Science.


Designed by Delphinus Creative © Control Publications 2012		Acrobat Reader is required to view articles