2011 is coming to an end, so now it’s time to try to see what we have to expect for the next 12 months:

  • Social networks: Social engineering techniques exploiting users’ weaknesses have become the leading attack method in social networks. Trending topics such as the Olympics or the next US Presidential elections will be used as a bait. Cybercriminals will continue to target social media sites to steal personal data.
  • Malware increase: In the past few years, the number of malware threats has grown exponentially, and everything seems to indicate that the trend will continue in 2012. In fact, malware is the weapon use by cybercriminals to carry on their attacks.
  • Trojans: they are cyber-crooks’ weapon of choice for their attacks, as shown by the fact that three out of every four new malware strains created in 2011 were Trojans, designed to sit silently on users’ computers and steal their information.
  • Cyberwar: or maybe it is more accurate to say cyberespionage. 2011 has been the year with most intrusions ever aimed at companies and government agencies. From New Zealand to Canada, from Japan to the European Parliament, there have been countless attacks aimed at stealing secret or classified information. We live in a world where all the information is in digital form, so modern-day spies no longer need to infiltrate a building to steal information. As long as they have the necessary computer skills, they can wreak havoc and access the best-kept secrets of organizations without ever leaving their living-rooms. In 2012 we will see these kind of attacks even more.
  • Mac malware: As the market share of Mac users continues to grow, the number of threats will grow. Fortunately enough, it seems that Mac users are now more aware that Mac is not immune to malware attacks and they are increasingly using antivirus programs, hindering cyber-crooks. The number of malware specimens for Mac will continue to grow in 2012, although much less than for PCs
  • Mobile malware: Over ten years ago, antivirus companies started making dire predictions of a mobile malware epidemic. Years later, as the situation was not as apocalyptic as predicted, they started claiming that the installation of antivirus software on mobile phones had prevented the catastrophe. Well, they were wrong again. If having an antivirus solution were enough to solve all types of malware problems, the world would be a happier place. Unfortunately though, both users and security vendors alike are in the hands of cyber-crooks, who are the ones who decide which platform to target. In this context, last year PandaLabs predicted a surge in cyber attacks on mobile phones, and the fact that Android has become the number one mobile target for cyber-crooks in 2011 confirms that prediction. In 2012 there will be new attacks on Android, but it will not be on a massive scale. New mobile payment methods –via NFC for example– could become the next big target for Trojans but, as always, this will largely depend on their popularity.
  • Malware for tablets: The fact that tablets share the same operating system as smartphones means that they will be soon targeted by the same malware as those platforms. In addition, tablets might draw a special interest from cyber-crooks as people are using them for an increasing number of activities and they are more likely to store sensitive data than, say, a smartphone.
  • Cybercriminals targeting small to medium-sized companies: Why do cybercriminals target online banking customers instead of directly attacking banking institutions to steal money? The answer to this question has to do with the cost-benefit ratio of the attack: Financial entities are usually very well protected, and the chance of launching a successful attack is remote and very costly. However, attacking their customers to steal their identity and impersonate them is much simpler. The security of small to medium-sized companies is not that strong, and this makes them very attractive for cyberthieves, who can steal data from hundreds or thousands of users in one go. On many occasions, small to medium-sized companies do not have dedicated security teams, which makes them much more vulnerable.
  • Windows 8: The next version of Microsoft’s popular operating system is scheduled for November 2012, so even though it is not supposed to have much on an impact on the malware landscape in the coming year, it will surely offer cyber-crooks new opportunities to create malicious software. Windows 8 will allow users to develop applications for virtually any device (PCs, tablets and smartphones) running Windows 8, so it will be possible to develop malicious applications like those for Android. This, in any event, will probably not take place until 2013.