The Stuxnet and Aurora attacks have shown us that malware development has become a professional job.
Security news during the last months of 2010 have been dominated by WikiLeaks and the politically motivated online attacks carried out by its opponents and supporters.\r\n\r\nMikko Hypponen, Chief Research Officer at F-Secure, says, \"There is nothing new in the type of DDoS attacks that were used to target companies like Mastercard, Visa and Paypal, which had dissociated themselves from WikiLeaks. But today DDoS attacks have become so easy to carry out that almost anyone can participate.\"\r\n\r\n\r\nThe most significant malware development of the year – and perhaps of the whole decade – has been the highly sophisticated Stuxnet worm.\r\n\r\nMikko Hypponen says, \"Stuxnet can attack factory systems and alter automation processes, therefore making cyber sabotage a reality by causing actual real-world damage. And unfortunately it\'s likely that we will see Stuxnet copycats in the future.\"\r\n\r\nBest year for arresting cybercriminals\r\n\r\n2010 has been the best year ever in terms of the number of people arrested and convicted for committing online crimes. For example, the FBI revealed in October that it had arrested more than 90 suspected members of an international cyber crime ring, accused of stealing about $70million from bank accounts in the United States.\r\n\r\nMore arrests were also made in the UK and the Ukraine, from where the operation was directed. The criminals had gained access to people’s online banking details by sending infected spam messages. According to the FBI, the arrests were part of “one of the largest cyber criminal cases we have ever investigated”.\r\n \r\nAn interesting case involving spytools installed on mobile phones was reported by The Register in July, in which Romanian authorities had arrested 50 people accused of using off-the-shelf software to monitor the mobile phone communications of their spouses, competitors and others.\r\n\r\nThe Romanian Directorate for Investigating Organized Crime and Terrorism also arrested Dan Nicolae Oproiu, a 30-year-old IT specialist who allegedly sold the spyware for handsets running the iPhone, Blackberry, Symbian, and Windows Mobile operating systems, according to The Register.\r\n \r\nWindows XP still the major target\r\n\r\nThe Windows 7 operating system has been lauded as a safer operating system than its predecessor Window Vista. Despite overtaking Vista in terms of market share this year, Windows 7 is still far behind Windows XP, which remains by far the most popular operating system and the biggest target for malware writers.\r\n \r\nThe security implications of using outdated operating systems have been demonstrated by reports that the oil spill in the Gulf of Mexico could in part have been caused by the failure of computers that were still using Windows NT 4 from 1996. Mikko Hypponen says, \"It is irresponsible that a billion dollar oil drilling operation did not bother to keep its computers up-to-date and as secure as possible.\"\r\n \r\nMobile security developments\r\n\r\nThe number of mobile malware has not increased dramatically in 2010 but this year saw some developments that may give pointers to future trends. For example, a trojanized version of the Windows Mobile game 3D Anti-terrorist action was uploaded to several Windows Mobile freeware download sites.\r\n\r\nInfected phones made secret calls to expensive premium rate numbers, resulting in big phone bills for the victims.
Vendor-neutral testing and certification firm ICSA Labs offers its thoughts on the security landscape spanning 2010 and 2011. Mobile security 1.
With increasingly stringent compliance mandates, a flurry of vendor consolidation, demands for audit reporting, and a spike in complex security breaches, 2010 has been a dynamic year for the IT security and compliance world. As 2011 promises that we’ll continue to see more of the same, managing the changes to IT assets and systems that introduce dangerous security vulnerabilities into the IT environment will continue to be critical for organizations in ensuring the security and compliance of their IT infrastructures. Tripwire outlines the following predictions for 2011: The Stuxnet effect: The impact of the Stuxnet attacks earlier this year went far beyond any other cyberattack to date.
Viruses will become more subtle and even harder to detect in 2011, and the primary line of attack will continue to be via the internet, according to Redscan.\r\n\r\nMalware is now designed to hide undetected on infected systems, ever more subtly, ever more difficult to detect.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.