To Forsee the Future, We Must Consult the Past
A wise man once said, “Whoever wishes to foresee the future must consult the past; for human events ever resemble those of preceding times.” (Machiavelli). Thus, looking back at the major cyber security trends of 2011 helps us gain perspective on what we can expect in the future. So, how would you describe the past year in cyber security and what trends do you think will continue to grow in 2012? A few thoughts come to my mind.
First, perhaps 2011 will be remembered as the year we saw the foundation laid for the successor of the infamous Stuxnet. Another thought is that 2011 will go down in history as the year of the mobile threat; after all the mobile malware movement finally began in earnest. Finally, maybe we’ll look back on 2011 as the year of targeted attacks; with a concerning number of compromised legitimate digital certificates involved.
We think these key themes from 2011 will continue to grow throughout 2012. Here’s a bit deeper look at each of them:
Advanced persistent threats (APTs) continued to target industrial control-related organizations, while critical infrastructure protection program awareness and engagement waned. A recent Symantec Critical Infrastructure Protection (CIP) Survey found that companies are generally less engaged in their government’s CIP programs this year when compared to last. In fact, only 37 percent of companies are completely or significantly engaged in such programs this year, versus 56 percent in 2010. It should subsequently come as no surprise that overall CIP readiness on a global scale also fell an average of eight points (from 60 to 63 percent who said they are somewhat/extremely prepared in 2011 compared with 68 to 70 percent in 2010).
When combined with recent revelations around the Duqu threat, the findings of the CIP Survey are particularly troubling. Duqu’s purpose was to gather intelligence data and assets from organizations such as manufacturers of components commonly found in industrial control environments. The attackers behind Duqu were looking for information such as design documents that could help them mount a future attack on an industrial control facility. Thus, Duqu is essentially the precursor to a future Stuxnet.
At this point in time, there is no reason to assume the attackers behind Duqu were unable to gather the intelligence they were looking for. In addition, it is likely other similar reconnaissance-type threats exist and have simply not yet been discovered. Thus, it’s quite likely that 2011 saw the foundation for the next Stuxnet-like attack being laid.
As the use of smart mobile devices has exploded, the risks surrounding them – particularly mobile malware and data loss – have also experienced growth. According to Gartner, sales of smartphones will exceed 461 million by the end of the year, surpassing PC shipments in the process. In fact, combined sales of smartphones and tablets will be 44 percent greater than the PC market by the end of 2011.
This explosion has captured cybercriminals’ attention and as a result, 2011 saw significant real growth in the amount of mobile malware. From malware simply seeking to embarrass victims to malware exploiting premium rate number billing, to malware focused on information theft, it’s undeniable that 2011 was the first year mobile malware presented a true threat to enterprises and consumers.
In addition, despite 2011 being a year of external hacks, CISOs have already begun to shift their focus on insiders once again. The reason is once again the proliferation of mobile devices, especially personal mobile devices. Tablets in particular have become a major concern as employees are bringing them into corporate infrastructures at a rate that outpaces many an organization’s ability to secure and manage them and protect the information the employees can access via the tablets.
Organizations are seeing an increase in employee productivity and happiness that tablets bring to the business culture. But, such rapid adoption of tablets can leave organizations vulnerable to data loss from insiders, both malicious and well-meaning. With tablets in hand, the concern has become insiders that fly under the radar of IT to access and send sensitive data, and in the case of the malicious insider, steal highly confidential intellectual property.
Cybercrime’s spread from the criminal underground to the business mainstream was highlighted by a surge in targeted attacks. Symantec’s November Intelligence Report shows that targeted attacks are becoming more prevalent in 2011. Large enterprises, with more than 2,500 employees, received the greatest number of attacks, with 36.7 targeted attacks being blocked each day during 2011.
By contrast, small-to-medium sized businesses, with less than 250 employees, had 11.6 targeted attacks blocked daily during the same period.
The increasing number of targeted attacks is being driven at least in part by competitive advantage as companies exploit digital espionage to acquire sensitive, proprietary data from competitors. For example, imagine an organization preparing to invest billions of dollars in a new chemical manufacturing facility that uses a targeted attack against its competitors to gather intelligence and ensure a competitive advantage. Just such a scenario may have recently unfolded.
Symantec recently discovered a series of attacks, codenamed “Nitro,” that primarily targeted private companies involved in the research, development and manufacture of chemicals and advanced materials. A total of 29 companies in the chemical sector and another 19 in various other sectors, primarily the defense sector, were confirmed to be targeted in this attack. The goal of these attacks appears to have been to collect intellectual property such as design documents, formulas and manufacturing processes.
High-profile hacks of Secure Sockets Layer (SSL) Certificate providers and malware threats that misuse SSL certificates became an issue in 2011, driving SSL Certificate Authorities (CAs) and website owners to take stricter security measures to protect themselves and their customers. Publicity and public ire about SSL-related breaches such as DigiNotar and Comodo reached an all-time high in 2011. Malware threats increasingly came from sources using SSL Certificates that cyber criminals either stole or fraudulently acquired.
All this has caused enterprise and consumer customers alike to begin demanding better SSL security, which started pushing CAs and website owners to further implement protections against social engineering, malware and malvertising. The popularity of mobile device use and the proliferation of cloud services within the enterprise further exacerbated potential vulnerabilities and showed the increased need for reliable, strong authentication. SSL-based authentication solutions for mobile and cloud deployments also began growing in popularity as customers’ awareness around the safety of their online transactions has increased. All this stoked discussion on whether too many organizations are issuing SSL certificates without sufficient security to back them up.
A persistent topic in 2011 was also whether high-profile SSL breaches signified the impending demise of SSL technologies, and even online trust itself. Data indicates that both claims are overblown. SSL technology wasn’t the weak link in DigiNotar and similar hacks; instead, these attacks highlight the need for organizations to harden security infrastructures and reinforces that CAs must implement standards for stronger security around business operations and authentication processes. Furthermore, if online trust were dead, no one would go online, which obviously isn’t the case.
There you have it, a look back at Symantec’s top cyber security trends from 2011. We expect to see continued growth in these areas in 2012.