Threat incidents and security wins in 2011

Having spent much of the year battling data breaches that led to huge information and financial loss, the security industry was likely relieved to see 2011 come to a close.

In its annual threat roundup report, Trend Micro wraps 2011 as “The Year of Data Breaches,” after witnessing large, well-known companies succumb to targeted data breach attacks that not only stained reputations, but caused them significant collateral damage.

This year’s report revisits past predictions, and summarizes notable threat incidents and security wins throughout 2011. Highlights include:

• The mobile threat landscape reached new levels of maturity in 2011. Trend Micro threat researchers tracked a staggering spike in the volume of mobile malware, especially those targeting the Android platform. RuFraud and DroidDreamLight — just two of the most notorious Android malware variants — took much of the spotlight, causing millions of users lost data and money.
• 2011 was a profitable year for social media threats, spammers and scammers who leveraged the trending topics of social networking sites to improve upon their social engineering and hacking tactics, stealing the data of millions of social networkers worldwide. Consequently, regulators have started demanding that social networking sites implement policies and mechanisms to protect the privacy of their users.
• While the number of publicly reported vulnerabilities decreased from 4,651 in 2010 to 4,155 in 2011, exploit attacks evolved with higher complexity and sophistication. Exploit attacks in 2011 were targeted, original, and well controlled, the most notable of which set their sights on CVE-2011-3402, CVE-2011-3544, and CVE-2011-3414, along with a couple of Adobe product zero-day vulnerabilities that were exploited in the wild.
• Finally, despite an aggressive cybercriminal landscape, Trend Micro, along with its industry partners and law enforcement authorities achieved some remarkable and strategic wins this year. One of them – Operation Ghost Click – reached success after 5 years of stealth tracking and working closely with the FBI. Trend Micro, the only security company that was involved, was able to assist the FBI in what was noted as the biggest cybercriminal takedown in history.

“Reflecting back on 2011, I am very proud of what we’ve achieved. But our work is never done. With 3.5 new threats created every second, and as businesses and consumers take the journey to the cloud, the risk of data and financial loss are greater than ever,” said Raimund Genes, CTO.

“As a company (and as an industry), we must continue to evolve and create better, data-centric security products for the post-PC era where users need greater visibility and assurance into who is accessing their data, when, where and how.”