Cybercriminals will feast on the insatiable demand for smartphones and tablets, like Apple's iPad, to infest as many devices with malware as possible in 2011, security firm M86 predicts [1].

In a four-page white paper released last week [2] (.pdf), the Web and e-mail security firm released their top eight cyberthreat predictions for the new year. Among the multiplicity of threats facing Web and e-mail users, M86 devotes the most time to mobile devices.

"Smartphone adoption in the enterprise will only continue to grow, and, as the focus shifts toward the tablet platform, we anticipate malware targeting all of the mobile platforms to increase in 2011,” Bradley Anstis, vice president of technical strategy for M86 Security, said in a statement.

But the white paper disproportionately concentrates on Google's mobile operating system, Android, because of its growing market share and open source platform.

The open source nature on the Android platform particularly seems to worry M86.

"Google's Android platform is open source, and its application approval process is less restrictive, allowing most applications to be submitted and approved," according to the white paper. "Additionally, users of Android-based phones have a setting that allows users to install applications from outside Google's App Store."

According to M86, Apple's iOS platform is closed, while its App Store's application approval process is "restrictive," although the security firm says vulnerabilities do exist. 

Anstis has some simple advice for businesses that utilize smartphones and tablets or allow their employees' personal devices to connect to the company WiFi network:  create "clearly defined policies and remediations" for such devices.

Two other of M86's 2011 predictions are worthy of singling out.

Spammers are getting better and better at spoofing e-mails. For instance, M86 reports that spammers have ripped the actual headers and body templates off of LinkedIn messages to fool recipients into downloading malware or clicking on links that deliver a malicious payload.

Much like commercial cloud software developers catering to legitimate business needs, underground software developers are offering more and more services, known as "attack toolkits" to cybercriminals, thereby chopping down the barriers of entry to this illicit trade.

“To outsmart the bad guys, organizations need to first understand where the threats are likely to come from, and then second define exactly what needs to be protected, and how critical it is,” Anstis warns. “But just as important, they must lay out their best practice strategies and policies for proactively combating and staying ahead of the emerging security threats.”

♦ iPads by Yutaka Tsutano/Flickr [3]

Thumbnail: