Legal

2012: The year of cyber-espionage?

Kara Reeder highlights some of the reports that are warning about the rising threat of cyber-espionage exploits in 2012.
What will the New Year hold? An increase in cyber-espionage, according to industry security experts. 2011 saw the creation of the Stuxnet malware, which was intended to disrupt Iran's nuclear program. Then came the highly-sophisticated Duqu worm, which Jeff Hudson, CEO of Venafi, believes "will cause mayhem in early 2012," reports PCWorld.

Several countries, including the Unites States, have created specialized teams and centers to defend against cyber attack. But retaliation is complicated by the fact that is often impossible to determine who is behind the attack.

While high-profile malware like Stuxnet and Duqu may very well lead to "mayhem," companies and governments should not lose focus on cyber-espionage attacks that use simpler data exfiltration tools, known as Advanced Persistent Threats (APTs). Operation Aurora, Shady RAT, GhostNet, Night Dragon, and Nitro are just some examples of APTs that were discovered in 2011, notes Siliconindia.com.

Protection against APTs is difficult due to the human factor, says Rik Ferguson, director of security research and communication at security firm Trend Micro:

People still represent the weakest link in security for a large amount of enterprises and that is the reason they are targeted ... Training still has an important place in an organization's security planning but it needs to be ongoing training, not a one-time only event.

No doubt, 2012 will see even more APTs. Says Hudson:

If this issue isn't on the agenda of your board right now then the board is negligent.

7 comments
Forensics.Focus@gmail.com
Forensics.Focus@gmail.com

One thing is for sure, its not getting any better. As a forensics examiner for the last 20 years I have been made aware of just about every way to manipulate, steal, reveal, delete, and otherwise cause mayhem with computers and data. From my POV 2011 was a terrible year for security. Not just on an Enterprise level but also on the individual's level. Nothing is safe and nothing is sacred. 2012 is not starting out any better. We are ten days into it and already we have learned that any wireless router using WPS can be cracked in as little as four, or as many as ten, hours. Four to ten hours, not days, to get the WPS PIN and then you are attached to the victim's network and in full control. Hell, then you could lock out the guy who owns the network you are after. Just yesterday the FBI announced the return of the Zeus virus. Remember that guy? Your banker does. The new variant has been termed "Game Over" and it will be for your credit cards and bank accounts if you fall for this one. Today's Cyber Bulletin from the US Cyber Emergency Response Team is alerting us, again, how our Microsoft Software is riddled with holes. Need I even mention Adobe or the cadres of professional Chinese hackers being trained and put into action by the Chinese Army? Maybe the Symantec poster above would please promise us that the sky is not really falling and everything will be OK? Please! I can tell you that from a forensic POV 2012 is going to be great business wise, and, it will really suck from a user level, but what else in new? Happy, Happy New Year!

JCitizen
JCitizen

Heck! More than half of all boards are negligent, it is a wonder that the world economy is staying afloat in my opinion! Never a more true statement could be said Hudson - bravo to you!

lpamelaa
lpamelaa

Kara ? interesting and insightful post; we at Symantec completely agree with you that cyberespionage and advanced threats (particularly APTs) will remain a priority for organizations. We recently conducted a survey with CSO magazine and found that 43% of C-level executives worry that they would not be able to detect an APT attack on their radar. While I am not going to use this comment as a sales forum for Symantec, I would like to highlight that there are a wide variety of security assessments available that can pinpoint the weakest security spots in an organization and help businesses determine which vulnerabilities should be addressed immediately. This type of intel is critical for organizations looking to improve their security posture and mitigate the risk of becoming a victim to these advanced threats.

Michael Kassner
Michael Kassner

Since this is an IT security forum, could you provide any insight as to the alleged leak at Symantec?

lpamelaa
lpamelaa

Symantec can confirm that a segment of its source code used in two of our older enterprise products has been accessed, one of which has been discontinued. The code involved is approximately six years old. Symantec???s own network was not accessed, but rather that of a third-party entity. This does not affect Symantec???s Norton products for our consumer customers. We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec???s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time. Symantec recommends that users keep their solutions updated which will ensure protection against any new possible threats that might result from this incident. Given the early stages of the investigation, we have no further details to disclose at this time but will provide updates as we confirm additional facts.

JCitizen
JCitizen

products. But then they could be baiting the criminals to think they did get what they were after. However transparency is the best policy if they are to save their reputation with customers. I'm waiting for the day Logmein gets cracked - then I will be upset!!

Editor's Picks