A quarter into 2012 may be a good time to take a hard look at the state of online security.
Many high-profile data breaches made the news in 2011. According to the Privacy Rights Clearinghouse, more than 550 US breaches affecting more than 30 million records occurred last year. These breaches affected all kinds of public and private-sector organizations. One could almost call them a great equalizer.
While breaches were occurring in record numbers, service denials targeted Amazon, Sony, and many other company sites. Other sites suffered defacement and other content changes, such as Facebook’s porn postings late in the year.
And let’s not forget the appearance of DuQu, which is thought to share common code and characteristics with Stuxnet. DuQu, which we’ve discussed before, is a Trojan horse-based botnet that attacks Windows systems using a zero-day vulnerability that exploits the Win32k TrueType font parsing engine. It then uses the peer-to-peer SMB protocol, along with a 54×54-pixel jpg file (364.5 bytes) and encrypted dummy files deployed as containers, to smuggle data to its command and control center. Code is still being analyzed to determine what information the communications contain.
Then there is Anonymous, whose latest exploit involved the Vatican Website.
As bad as things were in 2011, look for them to get worse in 2012. Here are a few things IT and security professionals can expect the rest of this year:
- Geolocation will remain in the spotlight as controversy continues over its use/misuse.
- Hactivism will continue to spread as more and more people dissatisfied with political parties and practices voice their opinions through less-than-legal but highly public ways.
- Industrial threats will rise as more vulnerabilities come to light in the infrastructure. Web interfaces into the Supervisory Control and Data Acquisition (SCADA) System will give hackers a potential door. With more SCADA services migrating to the cloud, securing these systems will get more complicated.
- Advanced persistent threats (APTs), also known as targeted attacks -- another topic we've covered previously -- will become more pervasive.
- Social networking will get riskier as hackers become more savvy. Facebook, with more than 800 million members worldwide, will remain a prime target. But Twitter and LinkedIn also will get their share of attention.
- Attacks on the cloud will also increase as cybercriminals hope to find vulnerabilities in an effort to plunder the myriad data hosted there. As a result, data breaches in the cloud will highlight the problem service providers pose to forensic analysis and incident response. Some consider this part of the maturing process of a new technology, but efforts should be made to avoid becoming the victim of a service provider dropping the proverbial ball.
- Android threats will continue to increase. With the number of smart devices increasing exponentially, Android devices offer opportunities with little risk for cybercriminals.
- Personal devices in the workplace will increase, and the headaches associated with securing the devices and data will increase right along with them.
- You can expect growth in malware. Zero-day vulnerabilities will be exploited almost before there are patches to fix them. Hacking tools will grow more refined and sophisticated, though ugly, brute-force attacks still have their place in the cybercriminal arsenal.
- Adoption of virtualization is slowing, but risks are increasing -- partly due to the lack of security offerings that can apply policy within a private and public cloud environment.
One thing: Predictions should be taken with a grain of salt. They are not and cannot be certainties. Instead of calling these predictions, “expectations” will work.
— Karla Marciszewski is a 19-year veteran of IT in county government, beginning her career in mainframe operations. She has held several positions and now works in IT security.