‫ Top 10 in 2011: An 'explosive' year in security- 2

As we turn the page to 2012, it makes sense to sit back and take a look at what happened during the past twelve months in the IT Security world. If we were to summarize the year in one word, I think it would probably be “explosive.” The multitude of incidents, stories, facts, new trends and intriguing actors is so big that it makes it very hard to crack into top 10 of security stories of 2011. What I was aiming for with this list is to remember the stories that also indicate major trends or the emergence of major actors on the security scene. By looking at these stories, we can get an idea of what will happen in 2012.
6. The Sony PlayStation Network hack

On April 19th, 2011, Sony learned that its PlayStation Network (PSN) was hacked. At first, the company was reluctant to explain what happened and claimed the service, which was suspended on April 20th, would be back in a few days. It wasn’t until April 26th that the company acknowledged personal information was stolen, which potentially included credit card numbers. Three days later, reports appeared which seemed to indicate that 2.2 million credit card numbers were being offered for sales on hacker forums. By May 1st, the PSN was still unavailable, which left many users not just with their credit cards stolen, but frustrated for not being able to play the games they already paid for. Unfortunately for Sony, the story was not over because in October 2011, the PSN was again making the headlines with 93,000 compromised accounts that had to be locked down by Sony to prevent further misusage.

The Sony PSN hack was a major story for 2011 because it points out several main things – first of all, in the cloud era, Personally Identifiable Information is nicely available in one place, over fast internet links, ready to be stolen in the case of any misconfigurations or security issues. 77 million usernames and 2.2 million credit cards can be considered normal “booty” in the cloud era.
7. Fighting cybercrime and botnet takedowns

If the attackers from the PSN incident are still unidentified, 2011 was definitively a bad year for many cybercriminals that got caught and arrested by law enforcement authorities around the world. The ZeuS gang arrests, the DNSChanger gang takedown and the Rustock, Coreflood and Kelihos/Hilux botnet takedowns were just a few examples. These indicate an emerging trend, which is of course “attribution.” Bringing down one cyber-criminal gang goes a long way to slow criminal activity around the world and sending a message to the remaining gangs that this is no longer a risk-free job. One particular case I’d like to mention is the Kelihos takedown, which was performed in cooperation between Kaspersky Lab and Microsoft’s Digital Crimes Unit. As part of this effort, Kaspersky Lab initiated a sinkhole operation for the botnet, counting many tens of thousands of infected users per day. Here’s where the big debate starts: knowing the bot update process, Kaspersky Lab or a law enforcement agency could effectively push a program to all the infected users, notifying them of this fact, or, even cleaning their machines automagically. In a poll ran on the Securelist website, a whopping 83% of the users voted that Kaspersky should “Push a cleanup tool that removes the infections,” despite this being illegal in most countries. For obvious reasons, we haven’t done so, but it outlines the vast limitations of today’s legal system when it comes to fighting cyber-crime in an effective manner.

8. The rise of Android malware

In August 2010, the first Trojan for the Android platform appeared as Trojan-SMS.AndroidOS.FakePlayer.a, which masqueraded as a media player app. In less than one year, Android malware quickly exploded and became the most popular mobile malware category. This trend became obvious in Q3, when we received over 40% of all the mobile malware we saw in 2011. Finally, we hit critical mass in November 2011, when we received over 1000 malicious samples for Android, which is almost as much as all the mobile malware we have received in the past 6 years! The huge popularity of Android malware can be attributed to several things – most notably the wild growth of Android itself. Secondly, the documentation available on the Android platform makes the creation of malware for Android quite trivial. Finally, there are many who blame the Google Market for its weak screening process, which makes it easy for cybercriminals to upload malicious programs. While there are only two known malicious programs for iPhone, we are now approaching 2000 Android Trojans in our collection.

9. The CarrierIQ incident

CarrierIQ is a small, privately owned company founded in 2005 and operating out of Mountain View, Calif. According to their web site, the CarrierIQ software is deployed on over 140 million devices around the world. Although the declared purpose of CarrierIQ is to collect “diagnostic” information from the mobile terminals, Trevor Eckhart, a security researcher, demonstrated that the extent of information CarrierIQ is collect goes beyond the simple “diagnostic” purpose and includes things such as keylogging and monitoring URLs opened on the mobile device. CarrierIQ is built in a typical Command and Control architecture – the admins can set up the kind of information which is collected from the terminals and which information is being sent “home.”

While it is obvious that CarrierIQ does collect a lot of information from your mobile phone, it doesn’t necessarily mean it is evil, or so we are advised to think by its creators or companies such as HTC, which support its usage. Being a U.S.-based company, this means that CarrierIQ could be forced to disclose much of the collected information to US law enforcement, if presented with a warrant. This legal loophole could effectively turn it into a government spy and monitoring tool. If this is indeed the case, or not, many users have decided that it’s best to get rid of CarrierIQ from their phones. Unfortunately, this isn’t a very simple process and is different for iPhones, Android phones and BlackBerry terminals. In the case of Android, you may have to root your phone in order to get rid of it. Alternatively, many users have decided to flash a custom Android firmware instead, such as Cyanogenmod. The CarrierIQ incident shows that we are vastly unaware of what exactly is running on our mobile devices, or the level of control which the mobile operator has on your hardware.
10. MacOS malware
While I do realize that I’ll put myself into the line of fire by even just mentioning Mac OS X malware, I think it’s an important story from 2011 which shouldn’t be overlooked. Products called MacDefender, MacSecurity, MacProtector or MacGuard, which are actually Rogue AV products for Mac OS appeared in May 2011 and quickly became popular. Distributed through black-hat SEO techniques in Google searches, these programs rely on social engineering to get the user to download, install and then pay for the full version. Most of the users who decide to pay $40 for the supposedly “full” version, later discover that they actually paid $140, and sometimes, they paid multiple times.

The expansion of PC threats (Rogue AV programs being one of the most popular malware categories for PCs) to Macs is one of the important trends of 2011. In addition to Mac OS Rogue AVs, the DNSChanger family of Trojans deserves a special mention as well. First identified around 2007, these small Trojans perform a very simple and straightforward system compromise, by changing the DNS settings to point to the criminals’ private DNS servers, before uninstalling themselves. Hence, you may get infected with a DNSChanger, have your DNS settings changed and you may be happily thinking you’re fine because there’s no malware on your computer, while criminals abuse the DNS communication to make you visit fake websites and perform click fraud and man-in-the-middle attacks. Luckily, in November 2011, the FBI arrested six Estonian nationals as part of an operation called “Ghost Click,” as the gang behind the DNSChanger malware.

According to FBI data, during the past four years, they infected over 4 million computers in more than 100 countries and generated approximately $14 million in illegal profit. These incidents show that malware for Mac OS is as real as the malware for PCs, and that even modern security practices fail against carefully elaborated social engineering techniques. It is without doubt that we will see both of them being abused in the future.

To summarize, these 10 stories are probably just a tiny speck in the galaxy of 2011 security incidents. The reason I selected them is because they point to the major actors of 2011 which will no doubt continue to play a major role in the cyber-security blockbuster which is around the corner. These are the hacktivist groups, the security companies, the Advanced Persistent Threat in the form of superpowers fighting each other through cybere-spionage, the major software and gaming developers such as Adobe, Microsoft, Oracle or Sony, Law Enforcement Agencies and traditional cybercriminals, Google, via the Android operating system and Apple, thanks to its Mac OS X platform. The relations between these can be complicated, full of drama, contain many super-secret details and be as mysterious and darkly dreaming as Showtime’s Dexter. One thing is for sure – these same stars will be playing in all the major 2012 security blockbuster movies.

Source: ZDNet website


بدون نظر
شما برای نظر دادن باید وارد شوید

مشخصات خبر

تاریخ ایجاد: 25 بهمن 1390



امتیاز شما
تعداد امتیازها: 0