Security lessons from 2012
DDoS attacks on banks, cyberwarfare should be high on security agendas
Computerworld - For all the apocalyptic prognostications, 2012 turned out to be a relatively uneventful year from an information security standpoint.
A cyber Pearl Harbor did not happen. Stuxnet and its kin did not take out any power grids or shut down cities. Mobile threats continued to escalate and malware became more sophisticated, but none were as game-changing in nature as Stuxnet was. While there were still plenty of data breaches, including a handful of big ones, they were much smaller in scope compared to the TJX and Heartland breaches of a few years ago.
Even so, several security related events in 2012 could well be harbingers of things to come in 2013.
DDoS attacks on banks
In the second half of 2012, U.S. financial services organizations became targets of sophisticated, high bandwidth distributed denial-of-service attacks launched by politically and financially motivated groups. Several banks experienced severe disruptions to their online banking operations as a result of the DDoS attacks.
Often, the attacks were accompanied by online fraud and account takeovers. The weapon of choice in many of the attacks was a toolkit called Itosknoproblembro which was capable of generating close to 70GBps of DDoS traffic and designed to launch multiple DDoS attacks simultaneously.
Such attacks could become increasingly common this year, according to Gartner analyst Avivah Litan. It's not just banks that will be targets, but enterprises as well. According to security firm Prolexic, the average bandwidth in DDoS attacks in 2012 was around 4.9Gbps, a 200% increase from just a year ago. Attacks averaging 20GBps of DDoS traffic happened with alarming frequency in 2012 compared to the smattering of them in previous years, according to Prolexic.
"This is definitely a threat to the day-to-day workings of our financial systems," Litan said. Banks in general, "should add DDoS attacks to the checklist of things to worry about when trying to prevent fraud," Litan said. "I don't expect [the attacks] to let up in 2013. To the contrary, I expect them to increase since so far they have generally been successful," she said.
Shamoon, Flame and other cyber sabotage malware
About 30,000 Windows PCs at Saudi oil company Saudi Aramco were believed to have been rendered unusable in August after they were infected by a particularly destructive virus called Shamoon. The virus was noteworthy because it not only corrupted and deleted files, but also completely overwrote the Master Boot Record on Windows PCs thereby rendering them useless.
Though Aramaco downplayed the seriousness of the incident, Shamoon stirred concern at the highest levels of the U.S. government. In a speech at a meeting of Business Executives for National Security (BENS) in New York, U.S. Secretary of Defense Leon Panetta described Shamoon as one of the most destructive viruses ever and one that could be used to launch an attack as calamitous as the 9/11 attacks.
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
China says to Chiang Kai-shek all Bitcoins at the door.
China marches long and hard over internal financial institutions, proclaiming that Bitcoins "should not and cannot be used as a currency". The news sent Bitcoin exchanges into a dive like cormorants in the deep China Sea. But all is not lost -- or is it? Bitcoins have been bubbling back to the surface, or has China's stance drained all enthusiasm? In IT Blogwatch, fearless leaders and bloggers quote pearls of wisdom from the little red book of Bitcoin. Not to mention: Financial advice from Whiz and Ice...
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Make or Break: New Auto Products Must Go To Market On Time
- This Webcast quantifies the value of time to market for the auto industry and highlights how Primavera Enterprise Portfolio Management can help organizations.
- Stock Shock: The effect of project and portfolio management on share price
- In this independent report, you'll see the intrinsic connection between long-term capital investment and short term market performance -- and how this can...
- Hedge Your Bets
- This report explains how visibility and increased governance is key to reducing risk.
- In the Firing Line
- CEOs Are Increasingly Being Held Accountable; How susceptible is the CEO's reputation to poor performance across the project portfolio?
- The CISO's Guide To Virtualization Security
- This guide describes the security challenges within virtualized environments and shows how to apply the concepts of Forrester's Zero Trust Model of information... All Financial IT White Papers
- Live Webcast Research Report: The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Live Webcast The Freedom to Run Your Business Your Way Vendors are challenged to create flexible systems that customers can tailor to particular business strategies and industry needs. But the flexibility should not...
- Live Webcast The Business Value of Human Capital Management for Finance View now >>
- HR and Finance Were made for Each Other View now >>
- The Value of Human Capital for Finance Professionals View now >>
- The Business Value of Human Capital Management for Finance View now >>
- The Freedom to Run Your Business Your Way Vendors are challenged to create flexible systems that customers can tailor to particular business strategies and industry needs. But the flexibility should not...
- Research Report: The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- All Financial IT Webcasts
Computerworld's Best Places to Work in IT 2013 list featured Quicken Loans, Securian, Vanguard and other top finance organizations. Honorees say the distinction helps them recruit top talent and boost staff morale.
Want to join this elite group? Nominate your organization for our 2014 list.