Security Round up 2011 : McAfee


Dubbed as ‘The
Year of hack’, 2011 was marked by change, challenge, and chaos in information
security history. With threats evolving in their sophistication, pervasiveness
and frequency, the profile of a hacker also underwent a transformation owing to
increasing rise in cyber crime that were designed to go under the radar and
steal sensitive data from individuals, businesses and governments.

Michael
Sentonas, Vice President and Chief Technology Officer- APAC, McAfee summarises
notable highlights of 2011 from the  information security landscape:

Hacktivism:
A portmanteau of hacking and activism, ‘Hacktivism’ refers to using the skills
of hacking to achieve an activist’s goal. 2011 saw a rising tide of hacktivism
among people who wanted their voices to be heard or who wished to attack the
reputations of businesses and other organisations. In addition to defacement
(the primary activity of hacktivists) and distributed denial of service, these
attackers utilised social media for newer.

sophisticated
attacks. Though police convicted some members of hacktivist groups such as
Anonymous and Lulzsec in mid 2011, the outcomes of these arrests varied for
both these groups. While Anonymous responded to the arrests with a number of
“revenge” attacks — including its OpPayPal, which is believed to
have caused thousands of customers to close their PayPal accounts, the arrests
are believed to have made LulzSec relatively inactive.

 

General
malware explosion: McAfee Labs saw marked increase in malware sophistication
and targeting as well as a continued increase in the overall volume of daily
malware threats throughout the year. As reported in our latest threat report,
we expect to count almost 75 million unique malware samples by year’s end. We
noted saw some significant increases this year in stealth malware techniques,
often referred to as rootkits. Although numerically spam is low around the
world, the targeted spam, sometimes called spearphishing, has actually been
more sophisticated than ever. Botnets made some strong advances globally and
continue to be dispersed differently in almost every region and country. 
The botnet trajectory saw crests and troughs throughout the year wherein India
saw a spike amongst new botnet senders in the months of May, June and July of
2011.

Embedded
devices: Embedded systems have become a part of the very quality of our lives
in automobile electronics, appliances, water etc and will only continue to
proliferate. According to Ericsson, there will be 50 billion IP-connected
devices by 2020, up from 1 billion just a year ago. This phenomenon has
exploded the threat scope for these devices with ATMs, point-of-sale (POS)
terminals, kiosks, medical equipment, SCADA systems and other embedded devices
being hacked in ever-increasing numbers. That’s because many of these systems
are now connected to the Internet and enabled by open-source hardware,
firmware, operating systems, and even application software. Furthermore, these
devices are rarely patched for operating system or application vulnerabilities,
and they often contain card data as well as customer or patient histories. No
wonder that 2011 saw some startling headlines such as
skimmers siphon card data at gas pumps’ or restaurant sue vendors after point of sale hack‘ or Stuxnet poses real threat to SCADA systems.’


Targeted
attacks on critical infrastructures: Targeted attacks have taken many different
forms that are automated, low and slow, leveraging device tampering to get
access to confidential information for reasons of sabotage or espionage. These
targeted attacks were focused, stealthy and aimed at long term manipulation of
their targets. The Stuxnet worm and Night Dragon attacks were especially aimed
at critical infrastructures,
a term that is used to describe assets that are essential for the
functioning of society; the disruption of which can cause dire consequences to
the economy at large. Especially in a country such as India, there are many
critical infrastructures which are public sector undertakings and hence are
owned by the government. Because of their inherent economic importance, such
assets make strong targets for political sabotage, data infiltration and
extortion. These t
argeted attacks
will require critical infrastructure enterprises to adopt a comprehensive
risk-based approach with stronger network controls as part of their security
strategy.


 Mobile malware:
As recorded in our Q3 report, Mobile malware growth
in 2011 was firmly on target to exceed last year’s and become the busiest year
in mobile malware’s short, but interesting, history. From a security
perspective, cybercriminals currently have a window of opportunity to exploit a
variety of mobile platforms. Especially, Android is the top target of
today’s mobile malware authors given its early stages of infancy combined with
its increasing popularity. Notable mobile malware detections made this year included
the Android/Wapaxy, Android/LoveTrp, and Android/HippoSMS families which were
new versions of premium-rate SMS Trojans that signed up victims to subscription
services. Phishing and password-stealing Trojans such as Zeus (Zbot) working on
mobile phones using SMS messaging were also relevant discoveries in the mobile
malware space.
Given our historically fragile cellular infrastructure
and slow strides toward encryption, user and corporate data on mobile platforms
may face serious risks over the next year.


By Michael
Sentonas,
vice president
and chief technology officer, APAC, McAfee

[email protected]