The Top Four Cyber Threats for 2011

Jan. 7, 2011 — -- In late 2010, a new kind of computer worm attacked an Iranian nuclear facility and so altered the course of cyber warfare that the U.S. Senate Committee on Homeland Security and Governmental Affairs marked the attack as the beginning of a new era: The Age of Stuxnet.

And while the Stuxnet worm may be the most identifiable, ominous new threat to cyber security as the new year begins, security experts have predicted 2011 will also be a year of dynamic shifts in online threats in other areas, including social media and political "hacktivism."

Here are the top four security concerns that cyber experts see coming over the digital horizon:

Cyber War's Newest Superweapon: Stuxnet and Copycats

Stuxnet was first discovered in July 2010 by a security firm in Belarus, but didn't make global headlines until months later when Iranian state media announced the Middle East nation had been the target of a coordinated attack.

The worm was "the first of its kind, written to specifically target mission-critical control systems running a specific combination of software and hardware," a Department of Homeland Security official told ABC News.

But experts said the worm is not limited to any single type of target and can be altered to attack several key components of any nation's infrastructure, from electricity grids to oil rigs.

"The idea that a piece of malicious code can target physical systems and create real-world impacts is something that's been speculated in the industry for quite some time and certainly was largely understood to be possible. Stuxnet was the first widespread implementation of that kind of attack," Ben Greenbaum, senior research manager for cyber security firm Symantec, told ABC News.

Symantec's number one prediction for 2011 was increased cyber attacks on critical infrastructures just like the nuclear facility in Iran, and Stuxnet is only the beginning.

In November's Senate Homeland Security Committee meeting, National Cybersecurity and Communications Integration Center director Sean McGurk said that beyond Stuxnet, the Department was also concerned hackers could make their own copycat versions of the worm to attack whatever infrastructures they like -- a task Greenbaum said would be "fairly trivial."

"Stuxnet was seen by most in the security industry, including Symantec, as a harbinger of things to come," Greenbaum said.

In the Senate meeting, committee chairman Senator Joe Lieberman said, "Stuxnet was the warning of a gathering storm. We ignore it at great peril."

When Hacktivists Attack

Another recent online development that experts expect to see increase in 2011 was played out on an international scale at the end of 2010.

Shortly after the information sharing website WikiLeaks published a portion of over 250,000 classified U.S. diplomatic documents, the website's founder, Julian Assange, was arrested on sexual assault charges. While he was in custody in England, some major financial institutions including Mastercard, Paypal and Visa discontinued a service that was helping to raise money for Assange's defense.

Wikileaks' supporters shot back in an unprecedented manner: nearly 50,000 people downloaded simple programs used to launch a massive denial of service attacks against the companies they deemed at odds with Wikileaks.

The loosely organized "hacktivists" managed to take down the web pages of several of their targets, and their spontaneous attempt may be the first major showing of a new way to express political beliefs at a grassroots level.

Cyber security firm McAfee predicts in a new paper that not only will politically motivated attacks be "far more numerous in 2011," but the company said brand new kinds of attacks will appear.

"Transitioning from the streets, political organizers will move to the Internet to launch attacks and send messages in broad daylight or Internet time," McAfee said in "2011 Threat Predictions." "And as in the physical world, we expect that hackivist attacks will inspire and foment riots and other real-world demonstrations."

Greenbaum said that politically motivated cyber warfare also made Symantec's top threats in 2011, because of the problems politically motivated attacks pose to unsuspecting web sites.

"Remember, there's collateral damage," Greenbaum said, referring to other websites that could accidentally be taken down along with the target website. In such a case, Greenbaum said hacktivism can turn into something less like a peaceful protest and more like a riot.Politically motivated attacks also pose a greater threat if combined with Stuxnet-level sophistication.

"It's moved a little beyond just taking down a web site," said Greenbaum, "and into actual weaponized attacks with the goal to cause real-world damage."

Mobile Devices: Two Ways for Criminals to Take Advantage

On a more personal level, experts warned that as more and more people own internet-capable mobile devices in 2011, they're also increasing their exposure to cyber and real-life criminals.

First, McAfee showed that the GPS functions on many smart phones that allow users to tell their friends where they are via Facebook and Twitter also tell criminals exactly where they are -- and where they are not.

"It then becomes child's play to craft a targeted attack based upon what the bad guys have just learned from these services," McAfee said.

While this is not a new phenomenon, McAfee reported mobile tracking will be a "huge focus for cybercriminals and scammers in 2011 and beyond."

Second, both Security News Daily and Symantec list the technical vulnerabilities of mobile devices on their list of dangers for 2011.Security News Daily said, "Perhaps the most serious threat is to online banking transactions done via smartphone."

Symantec's Greenbaum said smartphones are likely targets for attack because they "blur the lines between business and personal... they permeate the perimeter of the security border."

From malicious code downloaded through untrustworthy applications, to data exfiltration or simply losing the devices, Greenbaum said that to hackers, smartphones are "the weak spot."

Spammers Adapt to Social Media

Finally, experts said 2011 is going to see a change in perhaps the most annoying security concern online: spammers.

A curious thing happened in Dec. 2010: Normally the amount of email spam would be at its highest levels during the holiday season, but instead it dropped dramatically, according to a study by web security provider Commtouch. Part of the reason, McAfee said, is that spammers are altering their strategy.

Rather than bombarding users with countless emails, they bombard users through social networking sites -- with multiple links and requests from programs like Facebook and Twitter -- attempting to trick users including clicking on links to malicious code.

"This shift will completely alter the threat landscape in 2011," McAfee said in the threat predictions paper.

One vulnerability McAfee said spammers will increasingly exploit is the use of small URLs -- a feature common to Twitter users who are confined by space. By using small URLs, spammers can mask the true URL from traditional security filters.

Regardless of how they target users -- whether governments or private citizens -- Greenbaum said more and more criminals are flowing into the online world with increasingly creative schemes.

"The more activities that are being carried out online by law-abiding citizens, the more opportunity criminals see..." he said. "Attack activity rises, to some extent as attacker technology improves, but to another extent -- and underlying all of that -- as general online activity rises."

The Department of Homeland Security agreed.

"The increased use of new technologies such as hand held devices and social networking sites has made the world more connected than ever before, but with greater connectivity comes greater risk of cyber threats and cyber crime," a DHS official told ABC News. "In 2011, DHS anticipates that malicious cyber activity will continue to become more common, more sophisticated and more targeted -- and range from unsophisticated hackers to very technically competent intruders using state-of-the-art techniques."