IID has released its predictions of the big cyberattacks for 2012. Of the 5 predicted cyberthreats, 4 depend upon phishing scams for their evil success.
Here’s the IID predictions:
1) Phishing – London Summer Olympics cyber attacks — Cybercriminals will try to capitalize on the Olympics by tricking people into installing malware with phishing scams impersonating the Summer Olympics official website and/or official Summer Olympics vendors. Once malware is on a victim’s computer, the miscreants can monitor or control both personal and business computer activity — enabling them to steal data, send spam, and commit fraud.
2) Phishing – Elections altered — The 2012 U.S. presidential election year will create opportunities for deceiving voters and other skullduggery. Cybercriminals are expected to impersonate voting websites and political emails with phishing and malware attacks. Many U.S. states allow military and overseas voting via the Internet — creating the opportunity to alter votes. There are also concerns about the security of voting machines.
3) Phishing – 12/21/2012 danger — The Mayan “end of times” of December 21, 2012 will allow bad guys to play into this fear through targeted phishing and malware attacks playing on people’s heightened awareness surrounding 12/21/2012.
4) Internet infrastructure attacks for financial gain — While hacktivism will persist, expect DNS (Domain Name System) and BGP (Border Gateway Protocol) attacks for financial gain to grab headlines in 2012. The December 2010 DNS hijacking of large European payment processor ChronoPayis an example of this theat. More details surrounding this attack can be found at www.internetidentity.com/images/stories/docs/ecrime_trends_report-q4-2010_by_iid.pdf.
5) Spearphishing – Infrastructure Attacks. IID predicts attacks on physical infrastructure attacks. The Stuxnet hack caused substantial damage to the Iranian nuclear program. The recently discovered DUQU hack is distributed by spearphishing.
This is an interesting forecast. While it is hard to predict the precise events and vulnerabilities that the badguys will use, there is little doubt that clever criminals will use current events and zero day exploits to cause havoc.