ESET, a security solution provider for viruses and malicious software, has released its cyber-threat report for 2011, predicting that attacks on Facebook and other social networks will increase over the coming year. The report prepared by specialists and searchers in the business also says the mentioned attacks' main purpose will be to steal data, also known as 'phishing'
Attacks on Facebook and other social networks are likely to increase over the coming year, according to a report from ESET, an IT security company, on possible threat trends for 2011.
Social media will be a focus for social engineering attacks such as those already commonly experienced by users of Facebook and Google, according to ESET's new San Diego-based Cyber Threat Analysis Center, or CTAC.
Furthermore, it is likely there will be an increasing volume of attacks on other social networking sites such as LinkedIn, Orkut and Twitter, as well as other search engines such as Bing and Yahoo, the research team said.
Such attacks on the secondary platforms are likely to increase given the measures Facebook and Google are taking to protect themselves.
According to the CTAC, Facebook presents a particular danger because it could continue to ask its users to assume more responsibility for protecting their own data, as the site could share information with third parties unless users expressly request that such data not be shared.
Some sites such as Bebo have moved away from disclosing zero information to disclosing some information as sharing data with third parties is occasionally crucial, the CTAC said.
Mobile devices will be targeted increasingly, the team said, adding that brands protected by sound application of approved address lists will be much less vulnerable to malware attacks.
Despite all the precautions, attacks on social media are still expected to rise, the team said.
While botnets are no longer new, they will continue to grow in significance during 2011 as Shadowserver data indicates continuing growth in botnet volumes, while ThreatSense.Net data has shown a comparable growth in bot malware volumes, which all indicates that zombie PCs will constitute a higher proportion of all infected systems.
Botnet threat still anticipated
It is also expected that following the prominence in 2010 of botnets controlled through Twitter, "botherders" will experiment with other command and control channels.
In spite of the news, the recent successes in taking down botnets are expected to continue and perhaps even increase, according to ESET.
The CTAC team also said botnets would continue to be a major problem, but hoped that more people would realize that smaller low-profile botnets pose at least as big a threat as larger botnets that are being examined so closely by security researchers that they may be abandoned by their creators.
Most malware will continue to infect through usual channels, such as email, malicious URLs, forums and newsgroups, by tricking computer users into clicking on something that can infect the operating system, the CTAC said.
Still, it is likely that problems stemming from specific vulnerabilities of files known as .lnk will also appear occasionally – although one can hope that those with malicious intentions are not able to profit from the problems.
Further SCADA data-stealing attacks are also likely, the CTAC said, adding that it would probably stem from spear-phishing and malware or from Trojans, rather than self-replicating malware like Stuxnet.
However, Stuxnet's main purpose seems to have been sabotage, the team said. While the CTAC said the Stuxnet code could easily be adapted to attack all sorts of unrelated installations was untrue, it added that it expected that the use of malware for purposes of sabotage would remain the subject of speculation and active investigation.
Additionally, automated social networking site scraping tools, as well as data leaks, will reduce the cost of creating spear-phishing attacks, leading to several high-profile attacks, the CTAC said.