Malware-as-a-service and mobile security set to be the dominant themes of 2011

News by Dan Raywood

Smartphone application control will be the headache of 2011 for IT managers.

Smartphone application control will be the headache of 2011 for IT managers.

According to Ed Rowley, product manager of M86 Security, people have been thinking about smartphone security and threats to the mobile platform for a decade, yet 2011 will be the year when managing applications will cause headaches for the IT department.

Talking to SC Magazine about its M86 Security Labs Predictions 2011 Report, Rowley said: “Managing applications is difficult enough in its own right, from a security perspective bringing applications on to the network means there is more data to control and that is not easy to control and manage. It is not going through an HTTP mainframe and each application is a microcosm in its own right and self sufficient in accessing data.

The report claimed that while the RIM operating system continues to dominate, use of Google's Android operating system and phones running the Google OS have seen tremendous growth over the last year, while the introduction of tablet devices such as the Apple iPad, HP Slate and Android-based tablets signals a potential shift in which cyber criminals target end users via mobile platforms. The report said that as with other platforms, the attackers will go where the most users are and where these users are the least protected.

Elsewhere the report focuses on the evolution of advanced malware, with the likes of the Zeus Trojan an example of how data stealing Trojans are becoming more sophisticated while data-stealers such as SpyEye, Carberp and Bugat have also emerged.

Rowley said: “It is getting better, and equipment has to be better and more developed to where it is driven by the needs of security. It is good to see the likes of Microsoft making its operating system more secure and also with web-based email becoming more secure it is very good.”

He also commented that Trojans have gone from just data stealing to man-in-the-browser attacks, actively participating in cyber crime attacks through internet banking. Using this method, they do not need to worry about collecting the information required to impersonate the user, instead they wait for the user to log on and then take over their browsing session.

Finally M86 Security also said that more ‘attack toolkit' services are being offered as a new ecosystem has emerged with different players in the cyber crime ecosystem now offering their products as services, teaming up with other players to offer complete, one-stop shop cyber crime-as–a-service capabilities.

According to the report, while a decline in the usage of exploit kits is not anticipated, M86 predicts there will be more consolidated service offerings for cyber criminals. Bradley Anstis, vice president of technical strategy, M86 Security, said: “In 2010, we have seen dramatic increases in issues regarding mobile malware, as well as growing complexity of Trojan horse attacks in the banking industry. Although malware-as-a-service is not new, we are seeing it take hold.

“To outsmart the bad guys, organisations need to first understand where the threats are likely to come from and then second define exactly what needs to be protected, and how critical it is. But just as important, they must lay out their best practice strategies and policies for proactively combating and staying ahead of the emerging security threats.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews