Security lessons from 2012

DDoS attacks on banks, cyberwarfare should be high on security agendas

1 2 Page 2
Page 2 of 2

Security experts see Shamoon and similar malware, such as Flame and BatchWiper, as harbingers of a new class of tools that will increasingly be used in hacktivist attacks, for cyber espionage and cyber sabotage purposes.

"With assertions that attempts were made to destroy data and some suggestion of state sponsorship, Shamoon signals a move towards more serious economic espionage, regardless of motives," said Pete Lindstrom, an analyst with Spire Security in Malvern, Penn.

State-sponsored attacks

Many believe that the New York Times' report in June that the U.S. government had been actively involved in the development and use of Stuxnet to disrupt Iran's nuclear program may have ushered in an era of more open cyber hostilities between nations.

The big worry is that by choosing to develop and use cyber weapons such as Stuxnet, the U.S. government has exposed its own companies and networks to similar attacks by nations that are likely to be less hesitant about launching them. Many of the recent DDoS attacks against major U.S. banks, for instance, are believed to be the work of Iranian hackers. So too is the attack on Saudi Aramaco and other energy companies in the Middle East.

"There is no question in my mind that the biggest story of the year was the NYT revelation that the US was behind Operation Olympic Games in which they developed and successfully deployed Stuxnet," said Richard Stiennon, principal analyst at security consultancy IT-Harvest.

"Nation states are now undeniably in the game of cyber attacks. Olympic Games ushered in the era of weaponized software. There is no looking back," Stiennon said. "At the same time, as countries get into offensive cyberattacks, the defensive side is finally taking a turn for the better." Expect heightened awareness of the threat to result in new investments in 2013 on the tools and people needed to counter targeted state sponsored attacks, he said.

Targeted attacks

Many of the security incidents that made the news last year, including a massive breach at the South Carolina Department of Revenue, involved highly targeted attacks that combined social engineering techniques with sophisticated data stealing Trojans and other malware. In May, the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory warning gas pipeline companies to be on the lookout for targeted phishing attacks and intrusions.

In December, security firm RSA issued a similar alert warning more than two dozen banks about targeted attacks.

According to Verizon, expect such attacks to increase going forward. Large, high-profile enterprises and companies in the financial services and insurance sectors in particular are likely to be more vulnerable to such attacks. In fact, almost seven out of 10 targeted attacks already are directed at large companies, Verizon noted in its 2012 Data Breach Investigations Report.

"Targeted attacks from adversaries motivated by espionage and hacktivism ..will continue to occur, so it's critical to be watchful on this front," the company said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Copyright © 2013 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon