The 10 Biggest Security Stories Of 201210:00 AM EST Thu. Dec. 06, 2012
As 2012 fades into the sunset, we take a look at what has truly been a remarkable year for information security. The threats have become more complex and more frequent. But at the same time, the technology continues to evolve in an effort to keep our data safe. Meanwhile, weaponized malware and APTs have gained traction not only among nation-states but also with crime syndicates. Join us as we walkthrough the top 10 security news stories of 2012.
When it comes to online banking and information security, Europe is seen as decades ahead of the security provided by banks in the United States. Two-factor authentication is widely deployed by banks in the EU, but it is only beginning to see adoption in the U.S. where banks have apparently been grappling with the cost of the technology versus the cost of the losses. But as basics such as usernames and passwords become increasingly vulnerable, this dialogue apparently spurred some banks to take further action, using either hard tokens or soft tokens to leverage the users' smart phones and variable numeric codes for one-time use.
In late April, VMware acknowledged that a single file from its ESX server hypervisor source code had been posted online. The breach opened up the potential for a zero-day attack, and it ignited concerns that additional files might also be made public. Additional source code was then leaked in November by a hacker using the alias "Stun." Most of the specifics about either case were not publicly disclosed, making it difficult to assess the actual level of risk. But, a software update is believed to have resolved any potential issues.
The phrase, "I don't need security; I've got a Mac!" became a thing of the past in 2012 when Java vulnerabilities were used to infect more than a half million Macs with malware known as "Flashback." The hackers at one point even changed how the bug spread, moving from a fake Adobe Flash installer in favor of an equally fake software update. The bug required multiple patches and, at the same time, shattered the Apple platform's perceived invincibility against attack. The bottom line for infected machines, as is usually the case, was the theft of a variety of personal information.
Leveraging the RICO Act for the first time, last March Microsoft with the help of U.S. marshals carrying a federal warrant took down a number of malware-spreading botnets that were allegedly responsible for the theft of more than $100 million from financial institutions and other businesses. Roughly 13 million computers and 800 domains were involved in the criminal enterprise, which was tied to command-and-control servers in Lombard, Ill., and Scranton, Pa. The illegal botnets were held responsible for spreading the Zeus family of malware that included the SpyEye and Ice-IX variants. Similar operations were conducted later in the year.
No stranger to tough times, one-time telecommunications giant Nortel Networks Ltd. was apparently deeply infiltrated with spyware from Chinese hackers for at least a decade. The reports, which surfaced in February of 2012, claimed that the hackers had "access to everything," including technical papers, R&D reports, business plans and employee emails. The attack began with the theft of seven passwords from top executives, including Nortel's chief executive. A number of employees were quoted as saying that the company made no attempts to close the breach before its assets were subsequently sold.
While much of the IT security industry was focused on the Black Hat event in Las Vegas, Symantec ousted CEO Enrique Salem (pictured), a long-time veteran of the company who had served as its chief executive for three years. But with earnings down nearly 10 percent, the board opted in favor of its chairman, Steve Bennett, who assumed both roles. Bennett joined Symantec's board in February 2010 and became chairman in 2011. The following quarter, Symantec posted modestly better numbers, but the executive changes continued with the departure of William Robbins, executive vice president of worldwide sales.
The year marked a significant increase in the number of distributed-denial-of-service (DDoS) attacks against banks and other financial institutions. A nearly 80-fold increase in malicious traffic was recorded from the fourth quarter 2011 to the first quarter of this year, and the attacks continued on an ongoing basis. Attackers had begun using shorter, stronger bursts of traffic and were seen to increase the overall intensity of the exploits, increasing their firepower. By the end of the year, the sophistication increased to include obvious decoy attacks that would attract attention of security personnel while the more insidious portion of the attack occurred elsewhere on the network.
Government efforts to protect the nation's critical infrastructure from cyberattack took center stage in 2012. The Lieberman Collins Bill was shot down in the Senate on Aug. 2 along party lines, but the debate continued for the remainder of the year and is certain to spill over into 2013. Intended to stimulate investment in cybersecurity R&D, better protect critical infrastructure, define public/private cooperation and grant authority to the Department of Homeland Security to lead the government's cybersecurity efforts, the legislation was widely opposed by the Republicans, the U.S. Chamber of Commerce and privacy advocates who claimed that the bill placed too much regulatory authority in the hands of the government. Proponents of the bill claim that the terms were necessary to protect the nation's critical infrastructure and computer networks.
May of 2012 marks the emergence of a new piece of malware that would soon become a household name within the security community. Known by a number of different names, including "Flame," "Viper," and "Skywiper," the bug was first identified in the Middle East and was most notably used against Iran. Capabilities include information theft, the ability to detect more than 100 security products, the ability to scan network resources and the functionality to read screenshots and record voice conversations. It communicates with its command-and-controlled servers over SSH and HTTPS protocols using extensive encryption.
In early June, the New York Times reported alleged ties between the Stuxnet worm and the presidential administrations of both George W. Bush and Barack Obama, thereby raising questions as to whether the U.S. was at cyberwar with Iran. The malware was allegedly used to attack centrifuges in Iran that were believed to be tied to a nuclear weapons program that economic sanctions had failed to deter. There was widespread speculation that the cyberattack would've been viewed as a substitute for conventional military attack that would have further destabilized the Middle East. This was presumably the first time that the United States has used this type of initiative against a foreign government.