2011: A year of hack!

BANGALORE, INDIA: Dubbed as ‘The Year of hack’, 2011 was marked by change, challenge, and chaos in information security history. With threats evolving in their sophistication, pervasiveness and frequency, the profile of a hacker also underwent a transformation owing to increasing rise in cyber crime that were designed to go under the radar and steal sensitive data from individuals, businesses and governments.

Here is a summery and notable highlights of 2011 from the  information security landscape:

Hacktivism: A portmanteau of hacking and activism, ‘Hacktivism’ refers to using the skills of hacking to achieve an activist’s goal. 2011 saw a rising tide of hacktivism among people who wanted their voices to be heard or who wished to attack the reputations of businesses and other organisations. In addition to defacement (the primary activity of hacktivists) and distributed denial of service, these attackers utilised social media for newer Sophisticated attacks.

IT security policies ignored rampantly: Cisco rpt

Though police convicted some members of hacktivist groups such as Anonymous and Lulzsec in mid 2011, the outcomes of these arrests varied for both these groups. While Anonymous responded to the arrests with a number of "revenge" attacks -- including its OpPayPal, which is believed to have caused thousands of customers to close their PayPal accounts, the arrests are believed to have made LulzSec relatively inactive.

General malware explosion: McAfee Labs saw marked increase in malware sophistication and targeting as well as a continued increase in the overall volume of daily malware threats throughout the year. As reported in our latest threat

report, we expect to count almost 75 million unique malware samples by year’s end. We noted saw some significant increases this year in stealth malware techniques, often referred to as rootkits. Although numerically spam is low around the world, the targeted spam, sometimes called spearphishing, has actually been more sophisticated than ever. Botnets made some strong advances globally and continue to be dispersed differently in almost every region and country.  The botnet trajectory saw crests and troughs throughout the year wherein India saw a spike amongst new botnet senders in the months of May, June and July of 2011.

ALSO READ: Threats making enterprises adopt UTMs

Embedded devices: Embedded systems have become a part of the very quality of our lives in automobile electronics, appliances, water etc and will only continue to proliferate. According to Ericsson, there will be 50 billion IP-connected devices by 2020, up from 1 billion just a year ago. This phenomenon has exploded the threat scope for these devices with ATMs, point-of-sale (POS) terminals, kiosks, medical equipment, SCADA systems and other embedded devices being hacked in ever-increasing numbers. That’s because many of these systems are now connected to the Internet and enabled by open-source hardware, firmware, operating systems, and even application software. Furthermore, these devices are rarely patched for operating system or application vulnerabilities, and they often contain card data as well as customer or patient histories. No wonder that 2011 saw some startling headlines such as ‘skimmers siphon card data at gas pumps’ or ‘restaurant sue vendors after point of sale hack’ or ‘Stuxnet poses real threat to SCADA systems.’

Targeted attacks on critical infrastructures: Targeted attacks have taken many different forms that are automated, low and slow, leveraging device tampering to get access to confidential information for reasons of sabotage or espionage. These targeted attacks were focused, stealthy and aimed at long term manipulation of their targets. The Stuxnet worm and Night Dragon attacks were especially aimed at critical infrastructures, a term that is used to describe assets that are essential for the functioning of society; the disruption of which can cause dire consequences to the economy at large. Especially in a country such as India, there are many critical infrastructures which are public sector undertakings and hence are owned by the government. Because of their inherent economic importance, such assets make strong targets for political sabotage, data infiltration and extortion. These targeted attacks will require critical infrastructure enterprises to adopt a comprehensive risk-based approach with stronger network controls as part of their security strategy.

Mobile malware: As recorded in our Q3 report, Mobile malware growth in 2011 was firmly on target to exceed last year’s and become the busiest year in mobile malware’s short, but interesting, history. From a security perspective, cybercriminals currently have a window of opportunity to exploit a variety of mobile platforms. Especially, Android is the top target of today’s mobile malware authors given its early stages of infancy combined with its increasing popularity.

Notable mobile malware detections made this year included the Android/Wapaxy, Android/LoveTrp, and Android/HippoSMS families which were new versions of premium-rate SMS Trojans that signed up victims to subscription services. Phishing and password-stealing Trojans such as Zeus (Zbot) working on mobile phones using SMS messaging were also relevant discoveries in the mobile malware space. Given our historically fragile cellular infrastructure and slow strides toward encryption, user and corporate data on mobile platforms may face serious risks over the next year.

(The author is vice president and CTO, APAC, McAfee)