Hacktivism, Targeted Attacks Dominate 2011 Security Trends
How to Increase the Reliability of Your IT Infrastructure Using Predictive Analytics REGISTER >
The past year was a momentous one in many aspects for the security industry, with high profile cyber-attacks and data breaches, but also a year in which many of the incidents evoked a sense of d j vu amongst industry observers.
"2011 was the Year of the Hack," Harry Sverdlove, CTO of Bit9, told CIO Insight sister publication eWEEK.
There was an "unprecedented rise" in targeted attacks, and while some were very sophisticated, others employed crude, yet effective, methods, according to Sverdlove.
The breach against RSA Security was an example of how sophisticated attackers have become when it comes to stealing intellectual property. The attackers managed to breach one of the foremost security companies in the world by combining social engineering with a zero-day vulnerability embedded in an Excel spreadsheet.
Simply by sending an email with a malicious attachment to recruiters and staff members in the RSA Human Resources department, attackers walked off with information relating to the SecurID two-factor authentication technology used by major government agencies and large corporations to secure their networks.
Sony was an example of how organizations that hadn't paid attention to security were suddenly faced with a high price tag and brand damage after a data breach. Under the cover of a distributed denial-of-service attack, adversaries managed to breach Sony's online systems and stole more than 100 million user records. Subsequent reports highlighted numerous security issues that Sony neglected to address.
Organizations realized that there is no such thing as being too big or too small to be safe from cyber-attacks and data breaches. Operation Night Dragon was a coordinated and wide-scale attack on several petroleum and energy companies, and the Nitro campaign targeted at least 48 companies within the chemical and defense industries. Operation Shady RAT targeted over 70 organizations using the same command and control server.
Experts have been predicting attacks against critical infrastructure for almost a decade, and in 2011, people started paying attention. The White House outlined its proposal on how best to secure critical infrastructure such as power grids and public utilities, as well as chemical, gas, oil and energy plants.
The proposal named the Department of Homeland Security as the agency in charge of coordinating the efforts. In the second half of 2011, the Duqu Trojan revived worries of the new generation of Stuxnet-style malware capable of manipulating industrial process control software used in many industries to damage critical industrial and utility infrastructures.
Symantec researchers found that the number of daily targeted attacks has increased almost fourfold compared with the beginning of the year. In the same report, Symantec identified the public sector as the most frequently targeted industry, with approximately 20.5 targeted attacks blocked each day.
Hacktivists highlighted how effectively they could embarrass corporations by using SQL injection and cross-site scripting to steal and publicize potentially sensitive data. Hacktivist collective Anonymous famously breached HBGary Federal's email servers and leaked personal emails belonging to CEO Aaron Barr and other executives.
They also used distributed denial-of-service attacks as a form of protest. This included attacks on repressive governments in the Middle East and companies that cut ties with the WikiLeaks sites that circulated stolen government and corporate documents. Along with the effectiveness of their attack methods, these hackers also showed how effectively they could organize using social media tools such as Twitter and Pastebin.
"Thousands of different companies around the world were attacked in 2011, with no stone left unturned," said Sverdlove.
Organized crime dominated cyber-exploits in 2011 as criminals figured out how much easier it is to steal money online. Law enforcement authorities were busy in 2011, breaking up cyber-criminal rings, including Operation Ghost Click in which six individuals netted over $14 million and shutting down botnet operations.
McAfee reported more than 80,000 new variants of malware were generated each day in 2011, a 400 percent increase in the rate of malware production since 2007.
While mobile malware accounted for a tiny portion of the overall malware volumes, there was a significant surge of malicious applications. Criminals discovered how easy it was to take existing Android apps and insert several lines of malicious code before repackaging them for online distribution. Apple's iOS platform wasn't immune as security researcher Charlie Miller discovered a way to bypass the process that allowed only signed apps from the iTunes App Store to be installed and run on the iPhone and iPad.