For years security firms have been predicting that Apple operating systems’ run of luck avoiding almost all malware and spyware would be coming to an abrupt end…and, although it hasn’t happened yet, network security firm Stonesoft is joining McAfee in forecasting 2011 will bring serious threats to Apple’s iOS mobile operating system. But, like all security firms, Stonesoft doesn’t think iOS will be the only security story in 2011: the firm also forecasts more sophisticated malware, increased targeting of smartphone platforms, and an increase in politically motivated attacks.
“The bearing themes in 2010 were definitely Stuxnet, social engineering attacks and advanced evasion techniques, and I am pretty confident that the threats of 2011 will evolve around these themes as well,” says Stonesoft chief information security officer Joona Airamo, in a statement.
Stonesoft forecasts smartphones and particular Apple’s iOS mobile operating system will be targeted by attacks in 2011, as attackers seek personal information, account numbers, and resources increasingly carried around in people’s pockets—and, in many cases, right into the hearts of data centers and enterprise. “As the Apple OS becomes more commonly used, there will be a nasty worm or virus specifically targeted to this operating system,” predicts Stonesoft.
Stonesoft has been waving a flag over what it called “Advanced Evasion Techniques,” which are essentially sophisticated attacks against computers and network services that utilize multiple vectors, no single one of which is sufficient to raise a flag with security software. (A simple example would be fragmenting an attack over multiple TCP streams or packets.) Stonesoft forecasts these techniques will become more commonplace since most network security architecture is currently blind to them—and attackers will continue to use any exploit that works.
Stonesoft also forecasts increased malware attacks via social media like Facebook and Twitter, social engineering against enterprises (including targeted scams run against individual employees), and increased political cyber warfare—although Stonesoft says money will still be the main motivator behind online attacks. Stonesoft forecasts more attacks like Stuxnet that target government, military, and civilian infrastructure. Stuxnet exploited four zero-day vulnerabilities as well as the exploit leveraged by the highly-successful Conficker worm with a level of sophistication that have lead many to speculate it was sponsored by a government. Stuxnet managed to hamstring Iran’s nuclear efforts, and now the New York Times is reporting that Stuxnet was first tested in Israel.
Photo credit: Device Magazine