Security Threats in 2011 – What Should You Prepare For?

Stonesoft predicts security themes evolve around Stuxnet, social engineering and advanced evasion techniques

Stonesoft Press Release, Helsinki, Finland — January 12, 2011 — While it’s time for industry heads to reflect back on what has been and forecast what is yet to come, the IT security industry is no different. As many security companies have listed the most significant milestones in the world of data security in the previous year, Stonesoft, an innovative provider of integrated network security and business continuity solutions, reveals what organizations should prepare for in 2011.

“As with any year in cyber security, there will undoubtedly be many unwelcome surprises”, says Joona Airamo, chief information security officer at Stonesoft. “The bearing themes in 2010 were definitely Stuxnet, social engineering attacks and advanced evasion techniques, and I am pretty confident that the threats of 2011 will evolve around these themes as well”, Airamo continues.

With over 20 years of experience in network security, here’s what Stonesoft predicts:

1.    As the Apple OS becomes more commonly used, there will be a nasty worm or virus which is going to target it specifically.

2.    There will be an increase in the number of malware related attacks through social networking sites like Facebook and Twitter, with a single attack affecting thousands (or even millions) of people. Hackers will use malware that copies a user’s address book and sends out malicious emails/files to all their friends. Just like the old email scams, the malicious file will look like it has been sent from the initial target so recipients will trust the source.

3.    We can expect to see more “information warfare”-type attacks on nation states. The political motivation in the attacks will increase, even though the attacks with a financial motivation will clearly remain dominative.

4.    There will be a rise in targeted ’social engineering’ attacks. Sophisticated hackers will undertake thorough investigations of people in order to penetrate corporate networks for significant financial gain. This will hopefully result in organizations taking more time to educate staff on cyber-crime, but maybe not. After all, the human factor has long been the weak link in the security chain.

5.    We will see more attacks like Stuxnet. The target will be critical infrastructure, such as government and military systems. The attacks will remain rare because hackers need to be very well resourced in order to build a virus of this magnitude. Stuxnet was made up of four zero-day vulnerabilities and the one used also by the Conficker worm. Its complexity and the expense of developing the virus both point in the direction of it being a government sponsored attack.

6.    The smartphone is set to become a more prominent target for hackers. The amount of smartphones sold in 2011 will get closer to the amount of sold PCs.

7.    Hackers will be even more promiscuous in quickly spreading viruses far and wide. They will try to improve their "return of investment" by making sure no vulnerability is left unused and by utilising the full window of opportunity when the security patches are not yet installed.

8.    Stonesoft’s recent discovery of Advanced Evasion Techniques (AETs) means that the whole IPS (Intrusion Prevention System) vendor community will have to unite in order to build sufficient protection to mitigate against this new method of attack.

For information on how to protect against these threats please visit www.stonesoft.com  or contact your security vendor.