Apple Faces Increasing Cyber Threats, McAfee Says

McAfee Inc. (NYSE:MFE) expects Apple’s iPhone, geolocation services such as Foursquare, and mobile devices to be the target of malware attacks in 2011. The computer security company also predicts attackers targeting shortened URL services and internet TV platforms as well as a rise in politically motivated hacktivisim, as more groups are expected to repeat the WikiLeaks example.

“We’ve seen significant advancements in device and social network adoption, placing a bulls-eye on the platforms and services users are embracing the most. These platforms and services have become very popular in a short amount of time, and we’re already seeing a significant increase in vulnerabilities, attacks and data loss,” said Vincent Weafer, senior vice president of McAfee Labs.

McAfee Labs Threat Predictions for 2011:

* Apple: No longer flying under the radar

McAfee said the popularity of iPads and iPhones, combined with the lack of user understanding of proper security for these devices, will increase the risk for data and identity exposure, and will make Apple botnets and Trojans a common occurrence.

* Exploiting Social Media: URL-shortening services

McAfee said it expects those with URL-shortening services will be at the forefront. The use of abbreviated URLs on sites like Twitter makes it easy for cybercriminals to mask and direct users to malicious websites. With more than 3,000 shortened URLs per minute being generated, McAfee expects to see a growing number used for spam, scamming and other malicious purposes.

* Exploiting Social Media: Geolocation services

Locative services such as Foursquare, Gowalla and Facebook Places can easily search, track and plot the whereabouts of friends and strangers. In just a few clicks, cybercriminals can see in real time who is tweeting, where they are located, what they are saying, what their interests are, and what operating systems and applications they are using. McAfee expects cybercriminals to increasingly use these tactics across the most popular social networking sites in 2011.

* Mobile: Usage is rising in the workplace, and so will attacks

The main mobile threats in 2010 were “jailbreaking” on the iPhone and the arrival of Zeus. With the widespread adoption of mobile devices, McAfee predicts that 2011 will bring a rapid escalation of attacks and threats to mobile devices, putting user and corporate data at very high risk.

* Applications: Privacy leaks—from your TV

McAfee said it expects an increasing number of suspicious and malicious apps for the most widely deployed media platforms, such as Google TV. These apps will target or expose privacy and identity data, and will allow cybercriminals to manipulate a variety of physical devices through compromised or controlled apps, eventually raising the effectiveness of botnets.

* Hacktivism: Following the WikiLeaks path

McAfee said hacktivism will become the new way to demonstrate political positions in 2011 and beyond. More groups will repeat the WikiLeaks paradigm, as hacktivism is conducted by people claiming to be independent of any particular government or movement, and will become more organized and strategic by incorporating social networks in the process.

* Botnets: The new face of Mergers & Acquisitions

According to McAfee, botnets continue to use a seemingly infinite supply of stolen computing power and bandwidth around the globe. The recent merger of Zeus with SpyEye will produce more sophisticated bots due to improvements in bypassing security mechanisms and law enforcement monitoring.

* Advanced Persistent Threats: A whole new category

Operation Aurora gave birth to the new category of advanced persistent threat (APT) — a targeted cyberespionage or cybersabotage attack that is carried out under the sponsorship or direction of a nation-state for something other than pure financial/criminal gain or political protest. McAfee warns that companies of all sizes that have any involvement in national security or major global economic activities should expect to come under pervasive and continuous APT attacks that go after email archives, document stores, intellectual property repositories and other databases.