This page contains a Flash digital edition of a book.
report on 2012 predictions focused on one narrow aspect of mobile security that went, for the most part, unmentioned by the other prognosticators we surveyed. Rather than highlighting the pitfalls of rogue applications, Trend Micro believes that cybercriminals will target the vulnerabilities in trusted, widely used legitimate apps. Numerous warnings have been issued about those dodgy Android Market apps, and others from third-party app stores with obscure developers. Trusting the security of NPR’s news app or the BBC’s breaking news should be a no-brainer. Not so fast, warns Trend’s Rik Ferguson. “We fully expect cybercriminals to continue the experimentation with mobile malware functionality but also to begin searching for vulnerabilities in legitimate mobile apps instead of concentrating solely on the Trojan approach”, noted the fi rm’s director of security research. Trend’s annual report on forward-looking threats said cybercriminals will seek vulnerabilities in coding errors of these legitimate and trusted apps that may lead to data protection issues. In the spirit of Monty Python, our next


and fi nal prediction is something completely different. Okay, it’s still related to mobile security, but this time it comes from an organization with a viewpoint that is the polar opposite of most of its contemporaries. PandaLabs bucked the Android-bashing trend, reminding us that it has been almost a decade since anti-virus companies started their dire warnings over mobile malware. The situation – as they correctly noted – has been far from the doomsday scenario, although there is an obvious uptick in this type of activity. Last year PandaLabs said there would be a marked increase in attacks on mobile devices, and they were spot on. This year, the fi rm’s research outfi t said, “there will be new attacks on Android, but it will not be on a massive scale”. For this prediction, PandaLabs stands alone. With vendors, researchers, and analysts alike all picking on Android, the fi rm has offered up a bit more tempered advice. At the end of this year, at least someone will have proved prophetic on the Android front.


Nevertheless, Luis Corrons – technical director of PandaLabs – issued a sobering assessment of the year to come. “The overall picture is not improving”, Corrons lamented. “As new technologies advance, cyber-crooks develop new modes of attack sometimes by simply adapting old techniques to the new platforms. In the end, users’ false sense of security is a cyber-crooks’ best friend.”


The overall picture is not improving…In the end, users’ false sense of security is a cyber- crooks’ best friend


Luis Corrons


A Never-ending Struggle The problem with predictions is that those who look into the future and guess wrong have nothing to lose, yet they are always some of the fi rst people to pat themselves on the back when prognostications turn into reality. Predictions in the information security fi eld, however, have a knack for coming true eventually, likely because those who make such analyses are well aware of the vulnerabilities that both people and organizations face every day. Unlike predictions in other fi elds – let’s say, sports – things that many assume will go bad in the fi elds of information and cybersecurity often have far-reaching, dire consequences with some potential for real disaster. While many of the people we talk to in this industry are top-notch when it comes to awareness, one need not possess a Hawking-type mind to correctly assume that some shady characters will take advantage of unscreened apps in a mobile marketplace, or a known software vulnerability that remains unpatched.


Then there are the unforeseen trends that are the function of IT’s ever-changing landscape. Often we talk of good guys vs. bad guys in this industry, but the most naive discussions center around “beating” these so-called bad guys. Logically, this wonderland of virtue will never be realized (but admitting this simple fact hardly helps sell products). There will always be offenders and defenders, no matter the situation, and the threats we face tomorrow may not even be on our radar. It’s a point driven home by the ISF’s vice president, Steve Durbin, as he looked forward toward 2012. “Predicting the future of IT threats is always very diffi cult”, he acknowledged. “Organizations can usually only deal selectively with individual aspects, but we are seeing a convergence of several major security issues that will have a signifi cant impact in the coming months and beyond. You could argue that we are heading towards a ‘perfect storm’, where a combination of threats relating to cloud, consumerization, cybersecurity, and more, will come together at the same time.” The award for the most sarcastic, if not accurate, prediction goes to our US news correspondent, Fred Donovan. During a recent review of the year that passed, he rather unboldy proclaimed “there will be more data breaches in 2012”. Amusing as this was, and completely accurate, I do hope that someone will go keep Fred company out on that imaginary ledge he has put himself on. In the fi nal analysis, it’s perhaps the words of our own UK news writer, Kevin Townsend, that ring most true when looking ahead to 2012. He noted that despite all the warnings, “it will be the threat that you didn’t expect that gets you”. This is sound advice, and it may be the most important thing to keep in mind at all times. It appears that the old cliché ‘expect the unexpected’ is indeed timeless counsel. Welcome all to 2012, a year in which this


never-ending struggle continues. Mayan calendars aside, I will likely be able to say the same thing when 2013 comes around.


www.infosecurity-magazine.com /// 11


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60