Security threats in 2011 - what should you prepare for?

Stonesoft predicts security themes evolve around Stuxnet, social engineering and advanced evasion techniques Helsinki, January 12, 2011 - While it's time for industry heads to reflect back on what has been and forecast what is yet to come, the IT security industry is no different. As many security companies have listed the most significant milestones in the world of data security in the previous year, Stonesoft, an innovative provider of integrated network security and business continuity solutions, reveals what organizations should prepare for in 2011. "As with any year in cyber security, there will undoubtedly be many unwelcome surprises", says Joona Airamo, chief information security officer at Stonesoft. "The bearing themes in 2010 were definitely Stuxnet, social engineering attacks and advanced evasion techniques, and I am pretty confident that the threats of 2011 will evolve around these themes as well", Airamo continues. With over 20 years of experience in network security, here's what Stonesoft predicts: 1. As the Apple OS becomes more commonly used, there will be a nasty worm or virus which is going to target it specifically. 2. There will be an increase in the number of malware related attacks through social networking sites like Facebook and Twitter, with a single attack affecting thousands (or even millions) of people. Hackers will use malware that copies a user's address book and sends out malicious emails/files to all their friends. Just like the old email scams, the malicious file will look like it has been sent from the initial target so recipients will trust the source. 3. We can expect to see more "information warfare"-type attacks on nation states. The political motivation in the attacks will increase, even though the attacks with a financial motivation will clearly remain dominative. 4. There will be a rise in targeted 'social engineering' attacks. Sophisticated hackers will undertake thorough investigations of people in order to penetrate corporate networks for significant financial gain. This will hopefully result in organizations taking more time to educate staff on cyber-crime, but maybe not. After all, the human factor has long been the weak link in the security chain. 5. We will see more attacks like Stuxnet. The target will be critical infrastructure, such as government and military systems. The attacks will remain rare because hackers need to be very well resourced in order to build a virus of this magnitude. Stuxnet was made up of four zero-day vulnerabilities and the one used also by the Conficker worm. Its complexity and the expense of developing the virus both point in the direction of it being a government sponsored attack. 6. The smartphone is set to become a more prominent target for hackers. The amount of smartphones sold in 2011 will get closer to the amount of sold PCs. 7. Hackers will be even more promiscuous in quickly spreading viruses far and wide. They will try to improve their "return of investment" by making sure no vulnerability is left unused and by utilising the full window of opportunity when the security patches are not yet installed. 8. Stonesoft's recent discovery of Advanded Evasion Techniques (AETs) means that the whole IPS (Intrusion Prevention System) vendor community will have to unite in order to build sufficient protection to mitigate against this new method of attack. For information on how to protect against these threats please visit or contact your security vendor. For more details, please contact: Joona Airamo Chief Information Security Officer Stonesoft Corporation Tel. +358 9 476 711 E-mail: joona.airamo(AT) About Stonesoft Stonesoft Corporation (NASDAQ OMX: SFT1V) is an innovative provider of integrated network security solutions to secure the information flow of distributed organizations. Stonesoft customers include enterprises with growing business needs requiring advanced network security and always-on business connectivity. StoneGate(TM) Secure Connectivity Solution unifies firewall, VPN, IPS and SSL VPN blending network security, end-to-end availability and award-winning load balancing into a unified and centrally managed system. The key benefits of the StoneGate solution include low TCO, excellent price-performance ratio and high ROI. The StoneGate Virtual Security Solutions protect the network and ensure business continuity in both virtual and physical network environments. StoneGate Management Center provides unified management for StoneGate Firewall with VPN, IPS and SSL VPN. StoneGate Firewall and IPS work together to provide intelligent defense all over the enterprise network while StoneGate SSL VPN provides enhanced security for mobile and remote use. Founded in 1990, Stonesoft Corporation is a global company with corporate headquarters in Helsinki, Finland and Americas headquarters in Atlanta, Georgia. For more information, visit, and the corporate blog This announcement is distributed by Thomson Reuters on behalf of Thomson Reuters clients. The owner of this announcement warrants that: (i) the releases contained herein are protected by copyright and other applicable laws; and (ii) they are solely responsible for the content, accuracy and originality of the information contained therein. Source: Stonesoft Oyj via Thomson Reuters ONE [HUG#1479105]