2012 in review: New platforms and changing threats
In 2012, we saw attackers extend their reach to more platforms, from social networks and cloud services to Android mobile devices. We saw them respond to new security research findings more rapidly, and leverage zero-day exploits more effectively.
In the past year the most sophisticated malware authors upped the stakes with new business models and software paradigms to build more dangerous and sustained attacks. For instance, the creators of Blackhole, an underground malware toolkit delivered through Software-as-a-Service rental arrangements (aka crime packs), announced a new version. They acknowledged the success of antivirus companies in thwarting their activities, and promised to raise their game in 2012.
Private cybercriminals were apparently joined by state-based actors and allies capable of delivering advanced attacks against strategic targets. We saw reports of malware attacks against energy sector infrastructure throughout the Middle East, major distributed denial-of-service attacks against global banks, and targeted spearphishing attacks against key facilities.
More conventionally, attackers continued to target thousands of badly-configured websites and databases to expose passwords and deliver malware—yet again demonstrating the need for increased vigilance in applying security updates and reducing attack surfaces. Meanwhile, a new generation of victims found themselves on the wrong end of payment demands from cybercriminals, as social engineering attacks such as fake antivirus and ransomware continued unabated.
In the wake of these growing risks, 2012 also saw good news. This year, IT organizations and other defenders increasingly recognized the importance of layered defenses. Many organizations began to address the security challenges of smartphones, tablets, and bring your own device (BYOD) programs. Enterprises moved to reduce their exposure to vulnerabilities in platforms such as Java and Flash; and to demand faster fixes from their platform and software suppliers.
Not least, law enforcement authorities achieved significant victories against malware networks—including the arrest of a Russian cybercriminal charged with infecting 4.5 million computers with the goal of compromising bank accounts; and the sentencing in Armenia of the individual responsible for the massive Bredolab botnet. Yet another good sign: Microsoft’s aggressive lawsuit against a China-based Dynamic DNS service that enabled widespread cybercrime, including operation of the Nitol botnet. The lawsuit’s filing and settlement demonstrated those who facilitate cybercrime can be held as accountable as the criminals themselves.
In 2013, as computing increasingly shifts to virtualized cloud services and mobile platforms, attackers will follow, just as they always have. This means IT organizations and users will need to ask tough new questions of their IT service providers and partners; become more systematic about protecting diverse devices and network infrastructure; and become more agile about responding to new threats. We’ll be there to help—every minute of every day.
< Back Next >