A new year of New Year’s Resolutions and a progressively faster march down into an insecure world which is even more important these days in the cyber world. Infosec & AntiSec movements have had a crazy year in trends in 2011. With talk of cyber war, cyber espionage and hacking gone wild in governments and institutions around the world, it’s hard to keep up with it all. Costin Raiu who is the director of Global Research & Analysis for Kaspersky Lab has summed up 2011 in a year of infosec events that puts a pretty good closing on 2011.
The security landscape really can’t be covered in just a few events and their summaries but it does highlight changes in government, corporations and underground groups all fighting for digital territory in a landscape of ones and zeroes. Groups like Anonymous & Lulzsec are often labeled hacktivists and rightly so they are hacking away for a cause. Wikileaks may have not hacked their way into every source of information but they truly showed how loose security can be in government, corporations, financial sectors and high profile individuals lives.
The attacks start from individuals in their homes, groups and IRC channels and the sophistication spreads into information distribution networks and popular release sites like Pastebin. Anonymous has utilized Twitter and social media just as the Middle East has seen cultural and political change because of social media and Twitter giving people a voice. While the daily releases of credit cards, passwords and hacks n cracks spread onto social networks like Twitter, here are some of the top security events of 2011 according to Costin Raiu (@craiu).
1. The Rise of Hacktivism
Here the popular groups that many people have heard are mentioned like Anonymous, LulzSec & TeaMp0isoN. This was mentioned as the top trend of 2011 with major security flaws and cyber war activism spread throughout everyone’s social streams. While some may look at these attacks and digital disputes as a bad trend Mr. Raiu also mentions how these events have revealed security problems, holes and the need for better encryption standards.
2. The HBGary Federal Hack
This story is mentioned in conjunction with #1 and refers to an Ars Technica article that breaks down the HBGary hack with an inside play by play analysis of how it happened and why it happened. HBGary Federal is a high profile company that specializes in computer forensics, malware analysis (worms, viruses and trojans), intrusion detection, secure networking, vulnerability assessment & penetration testing. The way this company was hacked was through weak passwords that consisted of six lowercase numbers and two numbers. Ironically it was the CEO Aaron Barr & COO Ted Vera that were the targets. The lesson? Weak passwords and one step authentication systems are not going to work in an evolving digital world.
3. The Advanced Persistent Threat
The mention of this trend is said to be a popular media term by Mr. Raiu and despised by security experts. This cyber security trend really reveals that use of zero-day exploits that are spread everywhere in the software industry with the main focus of these zero-days being the Adobe Flash Player and Adobe Reader vulnerabilities. The connection of these attacks is summarized due to digital data like SecurID tokens being used in following attacks.
4. The Comodo and DigiNotar incidents
Two attacks are mentioned here the Comodo digital certificate provider on March 15th, 2011 and the DigiNotar certificate authority on June 17th, 2011. Both of these attacks were found to have come from Iran which starts the ball rolling on the cyberwar and cyber espionage front. DigiNotar stole the cake from the Comodo attack as it replicated over 300 fraudulent certificates. This trend really opens up the reality that security software and SSL digital certificates can’t be trusted and will probably be attacked in the future.
This trend sitting at #5 was described quite well by Mr. Raiu and connects the dots with the Duqu Trojan with the Stuxnet malware. While many in the security field made fun of the Stuxnet code and it’s lack of sophistication the Duqu erased any talk of the lack of sophistication if these two pieces of malware were used in conjunction with each other. Traces of the Duqu malware go back to August 2007 and were hard to detect. These two pieces of malware really bring home the fact that cyberwar is real and many won’t ever even know war is going on until it hits the nightly news.
You can go read Mr. Costin Raiu’s breakdown summaries of the first five and the other five trends of 2011. You’ll find the rest of the trends in this order:
6. Sony Playstation Network Hack
7. Fighting Cybercrime and Botnet Takedowns
8. The rise of Android Malware
9. The CarrierIQ Incident
10. MacOS Malware
With all of these cyber security events piling up it certainly sheds a spotlight on a growing career field that didn’t even exist 10 years ago. Cyber Security is a growing field and we just did a partner article on Cyber Security Jobs and training on the rise. We also did an analysis on the Cyber Security Job Outlook and revealed the BLS trends coupled with Indeed cyber security job postings and salaries. Everything looks to be on steep upward growth curve for the time being. For those in the computer field looking for a promising direction, cyber security seems to be golden.
Information has been gathered in partnership with Cyber Security Degree Programs.