Symantec Internet Security Threat Report - 2011

Introduction | 2011 In Review | 2011 In Numbers | Executive Summary | Safeguarding Secrets: Industrial Espionage in Cyberspace | Against the Breach: Securing Trust and Data Protection | Consumerization and Mobile Computing: Balancing the Risks and Benefits in the Cloud | Spam Activity Trends | Malicious Code Trends | Closing the Window of Vulnerability: Exploits and Zero-day Attacks | Conclusion: What’s Ahead in 2012

Conclusion: What’s Ahead in 2012

A wise man once said, ‘Never make predictions, especially about the future’. Well, this report has looked back at 2011 but in the conclusion we’d like to take a hesitant peak into the future, projecting the trends we have seen into 2012 and beyond1.
  • Targeted attacks and APTs will continue to be a serious issue and the frequency and sophistication of these attacks will increase.
  • Techniques and exploits developed for targeted attacks will trickle down to the broader underground economy and be used to make regular malware more dangerous.
  • Malware authors and spammers will increase their use of social networking sites still further.
  • The CA/Browser Forum will release additional security standards for companies issuing digital certificates to secure the internet trust model against possible future attacks.
  • Consumerization and cloud computing will continue to evolve, perhaps changing the way we do business and forcing IT departments to adapt and find new ways to protect end users and corporate systems.
  • Malware authors will continue to explore ways to attack mobile phones and tablets and, as they find something effective and money-making, they will exploit it ruthlessly.
  • In 2011, malicious code targeting Macs was in wider circulation as Mac users were exposed to websites that were able to drop trojans. This trend is expected to continue through 2012 as attack code exploiting Macs becomes more integrated with the wider web-attack toolkits.
  • While external threats will continue to multiply, the insider threat will also create headlines, as employees act intentionally – and unintentionally – to leak or steal valuable data.
  • The foundation for the next Stuxnet-like APT attack may have already been laid. Indeed Duqu may have been the first tremors of a new earthquake, but it may take longer for the aftershock to reach the public domain.