Multifunctional malware, staged drive-by attacks to rise in 2012

Automated toolkits with business models that include rental agreements and constant updates will gain considerable improvements in 2012, with many attack kits being primed with new features that enable even the least tech-savvy cybercriminals to hone malware in 2012 for highly targeted attacks.

Financial malware designed to target and infiltrate bank accounts could be recoded for targeted non-financial attacks, according to Boston-based security vendor Trusteer. The Zeus and SpyEye codebases, which are now publicly available, can be manipulated to pull off more sophisticated targeted attacks against enterprises. “Over the next twelve months perimeters will face an onslaught from various sources, viruses going financial, APT-style technologies in Zeus code derivatives manipulated by new coders and in other commercially available malware kits,” Trusteer CTO Amit Klein noted in the company’s list of predictions. 

Cybersecurity career experts: Mobile app security skills hot in 2012

Enterprises are going to be on the hunt for security professionals with the skills and certifications required to embrace the explosive demand for mobile devices and the cocktail of mobile security threats associated with them, according to several security industry career experts.

Security job recruiters and career advisors predict that in 2012 the swelling attraction to smartphones, tablets and other mobile devices will trigger substantial growth in jobs requiring IT security expertise. In particular, organizations are keen to nail down applicants with skill sets related to developing and maintaining mobile app security and enforcing mobile device security policies, according to Jeff Snyder, president of Woodland Park, Colo.-based SecurityRecruiter.com.

“The applications are now being written for mobile devices, and that brings up some different issues,” Snyder said.

Enterprises have been too focused on network security issues over the last few decades and as a result, according to Snyder, few organizations have spent enough time on creating secure applications.