Another ruse, says Nguyen, is a text-message link to download an app that supposedly allows free Internet access but is actually a Trojan that sends hundreds of thousands of SMS messages (usually at "premium SMS" rates of $2 each) from the phone.
Wireless carriers say they do try to stave off the attacks. For instance, Verizon spokeswoman Brenda Raney says the company scans for known malware attacks and isolates them on the cellular network, and even engages with federal crime units to block attacks.
Still, as Joffe notes jokingly, there is "no defense against being stupid" or against employee errors. For example, he recounts that he and other security professionals training corporate employees one-on-one about cell phone dangers would send them messages with a fake worm. And right after the training session, he says, many employees would still click the link.
To keep such malware off users' phones, Joffe recommends that businesses institute strict corporate policies limiting whom employees can text using company networks and phones, and what kind of work can be done via text. Another option is a policy that disallows text messaging entirely, at least until the industry figures out how to deal with the threats.
For consumers, common sense is the best defense. Avoid clicking on text-message links or attachments from anyone you don't know, and use extreme caution even with messages from known contacts, who might unwittingly be part of a botnet.
2. Hacking into smart grids
A common misconception is that only an open network -- say, your corporate wireless LAN for visitor access -- is hackable. Not true, says Justin Morehouse, a principal consultant at Stratum Security who spoke about network security at last year's DefCon security conference. Morehouse says it's actually not that difficult to find an access point into a so-called closed system.
For example, the Stuxnet worm last year infected tens of thousands of Windows PCs running Siemens SCADA systems in manufacturing and utility companies, most notably in Iran, and it was largely spread via infected USB flash drives. Even some nuclear plants and power grids have wireless networks for employees to use.
"Stuxnet proved that it is relatively simple to cause potentially catastrophic damage" to an industrial control network, says Neustar's Joffe.
According to Morehouse, another new attack point will be smart grids, which use electronic metering to streamline power management. Utility companies around the world have begun testing and rolling out smart meters to customers' homes and businesses. The technology, which can send data to and receive it from a central system, can also be very helpful for IT: You can open a console to see the power usage for one section of a building, for example.
Sign up for Computerworld eNewsletters.