Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/14/2011
10:34 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Social Media Abuse, Mobile Malware Headline 2011 Top Internet Security Trends

From social media abuse to mobile malware to major busts, past year filled with new twists on old scams

TACOMA, Wash. – December 13, 2011 – IID (Internet Identity'), a provider of technology and services that help organizations secure their Internet presence, today released its list of the top security trends from 2011. Some specific trends that IID saw emerge over the past year include the extended enterprise coming under assault, the emergence of dangerous mobile applications, and cybercriminals increasingly harnessing the power of social media. Below is the IID list of the top Internet security incidents and trends from 2011 (in no particular order):

1. The year of the data breach — From Epsilon to RSA Security SecurID to Sony, we have witnessed criminals concentrating on organizations that house proprietary data for millions of customers. In each case, cyber criminals targeted and attacked these organizations in particular in order to gain access to vital personal information (like email addresses, shopping habits, etc.) that could lead to broader consumer and employee attacks (better known as spear phishing). IID estimates that by the number of reported events, 2011 was likely the worst year ever for data breach incidents, and the forecast does not look any better for 2012.

2. Mobile malware — As was predicted last year, the security industry has tracked a rapid rise of malicious software (malware) for applications, with a trend towards targeting Google’s Android mobile phones. This malware has popped up both on unofficial marketplaces or even with “good” apps becoming infected and repurposed as bad ones. When malware is downloaded onto a phone, criminals can essentially take over that phone and gain access to any information that is shared on it from emails to text messages to bank login information, without the phone’s owner even knowing it.

3. Criminals communicate with social media — As opposed to utilizing secret chat rooms, some cyber crime organizations like LulzSec and Anonymous are boldly using social networking sites to promote and coordinate their efforts. For example, June’s Operation Anti-Security, a joint effort by LulzSec and Anonymous, was advertised on Twitter and involved cyber attacks on the FBI and affiliated agencies.

4. Big busts — Public-private partnerships have resulted in the takedown of numerous online criminal networks. For example, on November 8, the FBI, in partnership with various private sector entities, executed one of the largest coordinated cyber-takedown efforts ever with Operation Ghost Click. The target of this takedown, malware dubbed DNSChanger, is estimated to have infected over 4 million machines in 100 countries. And in September Microsoft took down the Kelihos botnet, a network of private computers infected with malware unknowingly to those computers’ owners. That botnet reportedly consisted of a network of 41,000 infected computers capable of sending billions of spam emails per day.

5. Attacks redirected at registrars — Criminals are publicly stating that foiled cyber attacks have prompted them to turn to targeting the "domain name company," otherwise known as a registrar. For example, in the September hijacking of ups.com, theregister.co.uk and other major Internet properties, cybercriminals targeted their registrars to indirectly hijack the domains. By targeting the registrar, cybercriminals have access to their original target through this extended enterprise connection that is often overlooked. And in the case of a domain hijacking, that means complete control of the targeted organization’s Web presence, email, and Internet-based transactions.

6. Malware with a purpose — Continuing a major trend from 2010, malware is no longer being used just for the thrill of a takeover, or as a means of ripping off credit card numbers. Criminals are purposefully targeting enterprises in order to gain access to proprietary organizational assets. For instance researchers found the “Duqu” Remote Access Trojan was built as a weapon for espionage and targeted attacks against certificate authorities (CAs). By gaining access to these CAs, cyber criminals then have the key to access vital data from enterprises through its infrastructure. Industries previously thought to be insulated from cyber threats, like CAs, have been clearly been caught in the criminal crosshairs.

7. SSL Certificate Flaws Exposed — While there may be nothing wrong with encryption technology itself, the September breach of Netherlands-based CA Diginotar showed that blind trust placed in SSL (secure sockets layer) encryption certificate providers must be examined. The breach showed that even the foremost experts in Internet security can have their proprietary information hijacked just like any other company.

About IID

IID (Internet Identity) has been providing technology and services that secure the Internet presence for an organization and its extended enterprise since the company was founded in 1996. It recently introduced a number of unique approaches to secure organizations’ use of Internet infrastructure with ActiveTrust' BGP, ActiveTrust DNS, and ActiveTrust Resolver and TrapTrace. IID also provides anti-phishing, malicious software (malware) and brand security solutions for many of today’s leading financial services firms, and e-commerce, social networking and ISP companies, and more. The company is working hard to deliver solutions that help keep the Internet safe and trusted for businesses. IID is headquartered in Tacoma, Washington. More information can be found at www.internetidentity.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
The Data-Centric Path to Zero Trust
Altaz Valani, Director of Insights Research, Security Compass,  1/13/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
CVE-2020-28476
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
CVE-2021-25173
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25174
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).