Trusteer, aprovider of cybercrime prevention solutions, releasedTuesday what it predicts will be the five leading cybercrimetrends in 2012 based on intelligence gathered by its researchorganization.

Prediction 1: 2012 will see new multipurposemulti-functional malware. Trusteer predicts malware, originally designed for one purpose,will evolve to pose a new threat with a malicious undertone.Non-financial viruses will morph to become financial malware and beused to commit online banking fraud. Conversely, existing financialmalware will adopt features introduced in non-financial advancedpersistent threat attacks. Over the next 12 months perimeterswill face an onslaught from various sources, viruses goingfinancial, APT style technologies in ZeuS code derivativesmanipulated by new coders and in other commercially availablemalware kits.

Prediction 2: We're on the verge of malwareglobalization. Next year, cybercrime software developerswill realize their dreams of global domination as Trusteer expectsto see widespread resale and repackaging of malware. This meanscode, originally designed specifically to target one geographicallocation, will be adopted and translated to target other regions oreven countries. The end result will see terms such as “regionalmalware” and even “malware free countries” cease to exist aseveryone, regardless of where they are, come under attack fromcybercrime.

Prediction 3: Cyber criminals will up their game andimprove evasion techniques. Ultimately, a cyber criminal'sfocus is on infecting the user's PC and remaining undetected for aslong as possible. It makes sense, therefore, that they willcontinue to improve their evasion techniques to hide the rogueprogram or mimic that of another program. But be warned, whereevasion techniques are unsuccessful, fraudsters will resort todeveloping malware designed to attack and destroy existingprotection, with the premise that the organization, and its users,may not notice they're vulnerable to attack.

Prediction 4: Personal information, disclosed on socialnetworks, will be used in social engineering attacks against theenterprise. Fraudsters, all too aware of the valuableintelligence freely available social networks, are starting to minethese data sources to capture the personal details needed tosuccessfully complete social engineering attacks. Trusteer predictsthis will manifest itself over the coming year as an enterpriseissue. As a crude example, if an enterprise uses a secret questionfor password retrieval, it's feasible that an individual's answerscould be researched via the net, the password reset and thelegitimate account used to compromise the organization.

Prediction 5: The move to SaaS allowing malware attackson enterprise applications. Many organizations, in aneffort to reduce the cost of enterprise applications have moved toSaaS. However, as part of this process, many have outsourcedservices to external websites without first carefully consideringthe security risks it presents. While the damage that can be donehas not yet been evident, Trusteer's prediction is that it willbecome apparent over the next 12 months. Its belief is that manyorganizations will spend 2012 fighting fires, backtracking andperhaps having to withdraw these services.

“Cyber criminals are successfully defeating security controlsacross the globe and in all industries. They have moved from theshotgun approach to a marksman's methodology, becoming focused onthe institutions they target,” said Amit Klein, CTO for Trusteer.“More organized than ever before, cyber criminals now study theirprey and learn their security controls so then can bypass them andcommit fraud.”

Key principles in fighting 2012 cybercrime

Searching for security solutions that can turn the table oncyber criminals and maintain the upper hand requires a closer lookat the shared attack vectors of successful cybercrime schemes.

First, malware residing on the machine abuses the trust a userplaces in the browser and the rendered site, through whichfraudsters can initiate an endless number of social engineeringattack variations. Secondly, malware that has free access toapplication and system resources will eventually leveragetechnology and social engineering to penetrate any securitycontrol.