Security predictions released by Arbor Networks reveal that the iPhone will be a major target for cybercriminals in 2008. The forecast also highlights Chinese specific crime as a major issue for the New Year. Arbor’s Security and Engineering Response Team (ASERT), who have put together the forecasts, believe that the iPhone will become the victim of a serious attack in 2008.
These assaults are likely to be in the form of drive by attacks – malware embedded into seemingly harmless information, images or other media that actually perform dangerous actions when rendered on the iPhone’s Web browser.
With the scrutiny the iPhone has received since its launch earlier this year over network lock-in, ASERT believes that hackers will be enticed by the possibility of attacking Apple users and the opportunity to “be the first” to hack a new platform.
ASERT has also predicted a rise in ‘Chinese on Chinese’ cybercrime. In the past year the team has seen a dramatic increase in the attention paid to Chinese-language specific software such as QQ Messenger and a number of malware samples focused on stealing users credentials. Arbor expects this trend to multiply in 2008 as more Chinese users come online, more software is written for the market and Chinese cybercriminals become increasingly more sophisticated and organised.
The Storm botnet is another vulnerability that ASERT believe will be prevalent in 2008. Although the Storm botnet has been quiet for some time, there are still tens of thousands of infected PCs around the world. Arbor believes this presents a too lucrative an opportunity to be passed up and anticipate a hacker hijacking the bots for their own gain in the New Year.
Spammers are highly motivated by financial gains and are not afraid to push technological boundaries to develop new attacks. Arbor envisages an attack that will eclipse the storm worm vulnerability that caused havoc in 2007 and in 2008 we will see a much larger, but similar (spam) botnet designed to target P2P networks.
Jose Nazario, senior security engineer at Arbor Networks commented:
2007 was the year of the browser exploit, the data breach, spyware and the storm worm. We expect 2008 to be the year of the iPhone attack, the Chinese Hacker, P2P network spammers and the hijacking of the Storm botnet. Online fraud is soaring and security attacks are now being used in countless and ever more sophisticated ways to both steal and launder money. Financial and other confidential data is being obtained, sold and utilised in the highly developed black market. In 2008 this market will continue to grow and it is important that business implement the processes and technology necessary to protect themselves and their customers.