Watch Out: Cyber Threats to Expect in 2010

Jan. 1, 2010— -- To your list of New Year's resolutions, here's one more you might want to add: Keeping your computer safe from new threats security researchers say will accompany the new year.

Over the past 12 months, the way people use the Internet and their computers has evolved significantly. And, computer security experts warn, cyber criminals have changed their tactics accordingly.

"It really speaks to a Web 2.0 world. People communicate differently today, people transact and pay their bills differently today, and that drives today's criminals," said David Marcus, director of security research and communications for McAfee Labs, which this week released its 2010 Threat Predictions report. "Bad guys tend to go where the masses go."

Not only has the volume of threats escalated dramatically, but the delivery methods have become more sophisticated, he said.

Cyber criminals increasingly leverage the news of the day to attack unsuspecting consumers. Celebrity deaths, natural disasters, you name it -- Marcus said tech-savvy criminals will find a way to conceal their malware in the headlines you want to read and the bits of conversation you're already having.

Facebook, Twitter, Social Networking Sites to Become Major Targets

The hubs for those snippets of communication -- Facebook, Twitter and other social networking sites -- will become major targets for cyber criminals, McAfee predicts.

Although consumers know to be wary of Web links sent by strangers, they tend to trust Web links and e-mail messages sent by friends and family.

But online attackers are learning how to exploit that trust, by delivering malware that appears to come from Facebook friends, Twitter followers and friends' e-mail accounts.

"When you consider there are 350 million users of Facebook, that's a pretty target-rich environment," said Marcus. Though Twitter has a smaller population, he said because of the site's trust relationships, it too will be targeted.

URL Shorteners, Banking Sites Increasingly Exploited by Online Crooks

McAfee also warns that URL shorteners, like those used to accommodate Twitter's 140-character limit, make the cyber criminal's task even easier.

Unlike many typical Web addresses that show Internet users the name of the site they're about visit, shorter URLs tend to display a string of letters and numbers that seem to have no rhyme or reason. For example, instead of showing a user "http://bankofamerica.com" or "http://abcnews.com," abbreviated URLs might display only "http://bit.ly/XpEwA" or "http://bit.ly/15OAyP."

As another Internet security firm Symantec said in its recent report on 2010 threats, URL shortening services will "become the phisher's best friend."

"Because users often have no idea where a shortened URL is actually sending them, phishers are able to disguise links that the average security conscious user might think twice about clicking on," the company said.

As consumers continue to bank online, Marcus said attacks on financial sites will likely increase in 2010.

Google's New Chrome OS Could Face Security Challenges

Even though banks have upped online security with extra features to authenticate users, cyber thieves have become smarter. Some criminals have already learned how to bypass the banks' second layer of protection.

McAfee noted one new technique that involves interrupting a legitimate transaction to make an unauthorized withdrawal, while simultaneously checking the user's transaction limits to fly below the radar and avoid alerting the bank.

McAfee said another target for online crooks this year will likely be Google's new operating system, Chrome. The tech giant, which has already released a Chrome browser, is expected to release an entire open source operating system this year to rival Microsoft Windows, Linux and others.

As the "new kid on the block," McAfee predicts attackers will attempt to break the code and prey on consumers.

While Microsoft has a lot of experience with operating system security and regularly sends out patches, Marcus said it will be a brand new world for Google.

Adobe to Be Number One Target for Cyber Criminals

But the No. 1 target for cyber criminals in 2010? McAfee expects it to be Adobe products, especially Flash and Acrobat reader.

"It really kind of speaks to Adobe's popularity," said Marcus. "When you're searching online for a document, chances are it's a PDF you're going to download."

During tax season, for example, if you're hunting for an instructions guide, he said chances are it's going to be an Adobe PDF file -- not a Word document -- that you'll find online.

Symantec also warned that malware for Mac and mobile devices will increase. As Macs and smart phones (such as iPhones, BlackBerrys and Android phones) increase in popularity, attackers will spend more time figuring out how to exploit them.

But not all predictions for 2010 are negative.

As law enforcement recognizes the severity of the damage cybercriminals inflict, they are stepping up efforts to combat them. Marcus said international cyber law enforcement had a number of successes in tracking, identifying and arresting cyber criminals in 2009, and McAfee expects that trend to continue in 2010.

And, ultimately, Marcus said his company releases the threat predictions to keep consumers educated about security trends and make sure they use safe browsing technology and anti-virus software.

"You've got to look both ways before you cross the street," he said. "They shouldn't be scared, they're more empowered."