We’re used to hearing about the threats posed by lone hackers and international cyber gangs, but 2010 has seen an increase in other sources of security threats.
We have gone from rogue nations launching attacks on their rivals’ military services to political activists who want to help bring down websites in the run up to Christmas as a form of protest against perceived censorship. One thing is certain, the cyber threat landscape is always adapting.
One way this has been seen is with cybercriminals jumping much more rapidly on news events to lure victims to their websites. Also there has been an improved use of SEO techniques by criminals, even down to paying for ‘pay-per-click’, which has increased the risk whilst searching for information.
Previous years have seen huge numbers of computers compromised and used as part of botnets such as Mariposa, with the user completely unaware of what was going on. This continues but the latter part of this year has been dominated by the political aspect of the Internet.
The likelihood that Stuxnet was written to try and disable particular types of power stations suggests a political motif to the creation of the malware rather than the usual economic driver. The recent arrest of Wikileaks founder, Julian Assange, has also shown that some people will willingly make their computers part of a botnet to support a cause and in this case, attack corporate websites that have publically disassociated themselves from Wikileaks.
Dubbed ‘Operation: payback’, supporters are being encouraged to download a tool which will not only make their computer part of the voluntary botnet, but could see them get two years in prison.
2010 has also seen a much less radical socialisation of the internet. It’s now largely acceptable for people to use the internet at work (you just need to look at the corporate bandwidth figures to see what employees are spending their time on). But it’s not just bandwidth consumption that businesses need to keep an eye on.
Allowing employees to download and run social applications, passing information and links between internal and external networks runs the risk of them unwittingly introducing viruses to the network. Viruses that will exploit any vulnerability present and create a whole host of issues for the business.
Of course, many of these social applications bring with them certain advantages for some businesses – such as the ability to connect with more people and engage in a more relationship type sale. However, users of these social networks need to be careful as the providers continue to encourage them to put more of their personal information into the applications yet still have questionable security attitudes.
Nevertheless, as long as security procedures are kept current, following new trends and the right security systems are used to defend the network, the threat posed should be largely mitigated. What 2010 has shown is how rapidly the internet security landscape can evolve.