IID released its list of the top security trends from 2011. Some specific trends that IID saw emerge over the past year include the extended enterprise coming under assault, the emergence of dangerous mobile applications, and cybercriminals increasingly harnessing the power of social media.
Below is the IID list of the top Internet security incidents and trends from 2011:
1. The year of the data breach – From Epsilon to RSA Security SecurID to Sony, we have witnessed criminals concentrating on organizations that house proprietary data for millions of customers. In each case, cyber criminals targeted and attacked these organizations in particular in order to gain access to vital personal information (like email addresses, shopping habits, etc.) that could lead to broader consumer and employee attacks (better known as spear phishing).
IID estimates that by the number of reported events, 2011 was likely the worst year ever for data breach incidents, and the forecast does not look any better for 2012.
2. Mobile malware – As was predicted last year, the security industry has tracked a rapid rise of malicious software (malware) for applications, with a trend towards targeting Google’s Android mobile phones. This malware has popped up both on unofficial marketplaces or even with “good” apps becoming infected and repurposed as bad ones.
When malware is downloaded onto a phone, criminals can essentially take over that phone and gain access to any information that is shared on it from emails to text messages to bank login information, without the phone’s owner even knowing it.
3. Criminals communicate with social media – As opposed to utilizing secret chat rooms, some cyber crime organizations like LulzSec and Anonymous are boldly using social networking sites to promote and coordinate their efforts. For example, June’s Operation Anti-Security, a joint effort by LulzSec and Anonymous, was advertised on Twitter and involved cyber attacks on the FBI and affiliated agencies.
4. Big busts – Public-private partnerships have resulted in the takedown of numerous online criminal networks. For example, on November 8, the FBI, in partnership with various private sector entities, executed one of the largest coordinated cyber-takedown efforts ever with Operation Ghost Click. The target of this takedown, malware dubbed DNSChanger, is estimated to have infected over 4 million machines in 100 countries.
And in September Microsoft took down the Kelihos botnet, a network of private computers infected with malware unknowingly to those computers’ owners. That botnet reportedly consisted of a network of 41,000 infected computers capable of sending billions of spam emails per day.
5. Attacks redirected at registrars – Criminals are publicly stating that foiled cyber attacks have prompted them to turn to targeting the “domain name company,” otherwise known as a registrar. For example, in the September hijacking of ups.com, theregister.co.uk and other major Internet properties, cybercriminals targeted their registrars to indirectly hijack the domains.
By targeting the registrar, cybercriminals have access to their original target through this extended enterprise connection that is often overlooked. And in the case of a domain hijacking, that means complete control of the targeted organization’s Web presence, email, and Internet-based transactions.
6. Malware with a purpose – Continuing a major trend from 2010, malware is no longer being used just for the thrill of a takeover, or as a means of ripping off credit card numbers. Criminals are purposefully targeting enterprises in order to gain access to proprietary organizational assets. For instance researchers found the “Duqu” Remote Access Trojan was built as a weapon for espionage and targeted attacks against certificate authorities (CAs).
By gaining access to these CAs, cyber criminals then have the key to access vital data from enterprises through its infrastructure. Industries previously thought to be insulated from cyber threats, like CAs, have been clearly been caught in the criminal crosshairs.
7. SSL Certificate Flaws Exposed – While there may be nothing wrong with encryption technology itself, the September breach of Netherlands-based CA Diginotar showed that blind trust placed in SSL (secure sockets layer) encryption certificate providers must be examined. The breach showed that even the foremost experts in Internet security can have their proprietary information hijacked just like any other company.