If you need to know what Cyber Crime is but you are bored and fed up with the too many information security terms, loosing yourself among the acronyms, you have stumbled upon the correct place. I have just compiled a very special alphabet which collects the terms related to Cybercrime. Forgive me for some “poetic license” and enjoy this half-serious list.
A like APT
Yes, the Advanced Persistent Threats have been the undisputed protagonists of 2011. An APT is essentially an attack carried on with different vectors, different stages and on a distributed time windows (yes, it Persistent). APT are behind the most remarkable events of 2011 such as the RSA Breach, Stuxnet, and so on…
B like Botnet
Botnet are networks of compromised machines that are used by cybercriminals to perpetrate their malicious action. Tipically a compromised machine becomes part of a botnet where the master distributes the commands from a C&C Server. Command may include the theft of information or the attack to other machines.
C like Crime-As-A-Service
The last frontier of Cybercrime: why developing costly malware if you can find a wide offer of customizable malware on the black market offering help desk and support services?
D like DLP
Data Leackage (or Lost) prevention is a suite of technologies that may help organization to counter the theft of information by preventing misuse or leak of data while they are in use at the endpoint (DIU), in transit on the network (DIM), or simply it is an aggregated Dark Matter on the corporate servers (DAR) that needs to be indexed and cataloged (and possibly classified and assessed).
I did not resist, so after publishing the summary of Security Predictions for 2012, I checked out what security vendors predicted one year ago for 2011. Exactly as I did in my previous post, at the beginning of 2011 I collected the security predictions in a similar post (in Italian). I also published in May an update (in English) since, during the Check Point Experience in Barcelona held in May 2011, the Israeli security firm published its predictions. Even if the latters have been published nearly at the half of 2011, for the sake of completeness, I decided to insert them as well in this year-to-year comparison.
Then, I included Symantec (for which this year I did not find any prediction), McAfee, Trend Micro, Kaspersky, Sophos and Cisco. I included Check Point in a second time and I did not include Fortinet, At that time I missed their five security predictions, which I only discovered later so I decided to provide an addendum for this post including Fortinet as well in order to provide a deeper perspective.
The security predictions for 2011 are summarized in the following chart, which reports what the vendors (with the partial above described exception of Checkpoint) expected for the past year in terms of Information Security trends.
But a strict side-by-side comparison with the 2012 information security predictions (extracted by my previous post) is more helpful and meaningful:
As you may notice mobile threats were on top even among the predictions for 2011. This prediction came easily true most of all for Android which suffered (and keeps on suffering) a huge increase in malware detection samples (even if the overall security risk remains contained). Social Media were on top as well: they have been crucial for the Wind of the Changes blown by the Arab Spring but in the same time Social Media have raised many security concerns for reputation, the so called Social Network Poisoning (who remembers Primoris Era?). Although 2011 was the year of the Anonymous, hacktvism ranked “only” at number 4, behind Advanced Persistent Threats, which however played a crucial role for information security (an APT was deployed for the infamous RSA Breach, but it was not an isolated case).
Also botnets, web threats and application vulnerabilities ranked at the top of Security predictions for last year (and came true). As far as botnets are concerned, fortunately 2011 was a very important year for their shutdown (for instance Hlux/Kelihos, Coreflood, Rustock). In several cases the botnets were taken down thanks to joint operations between private sectors and law enforcement agencies (another prediction came true). On the application side, this prediction came true most of all thanks to the Sony breach, the Liza Moon infection and the huge rate of SQLi based attacks and ASP.NET vulnerabilities. We have also assisted to an hard blow to SSL/TLS and XML Encryption.
But what is more surprising (and amusing) in my opinion is not to emphasize which predictions were correct, but rather to notice which predictions were dramatically wrong: it looks like that, against the predictions, virtualization threats were snubbed by cybercrookers in 2011 (and nearly do not appear in 2012). But the most amusing fact is that no security vendor (among the ones analyzed) was able to predict the collapse of the Certification Authority model thanks most of all to the Comodo and Diginotar Breaches.
Update 01/11/2012: Year-to-Tear comparison with 2011 Security Predictions
The new year has just come, vacations are over, and, as usually happens in this period, information security professionals use to wonder what the new year will bring them from an infosec perspective. The last year has been rich of events, whose echo is still resounding, and as a consequence, if RSA and Sony breach were not enough, the main (and somehow obvious) question is: will 2012 stop this trend or rather bring it to unprecedented levels, or, in other words, which threat vectors will disturb the (already troubled) administrators’ sleep?
Unfortunately my divination skills are not so developed (in that case I would not be here), but security firms can give a crucial help since they started to unveil their security predictions for 2012, at least since the half of December, so putting them together, and analyzing them is quite a straightforward and amusing task. Maybe even more amusing will be, in twelve years, to see if they were correct or not.
The security prediction that I take into consideration included, at my sole discretion (and in rigorous alphabetical order):
That is the only leader vendors for which I found predictions issued with original documents (feel free to indicate if I missed someone and I will be very glad to include them in the chart).
In any case, the landscape is quite heterogeneous since it encompasses security vendors covering different areas: one vendor, McAfee, covering all the areas (network, endpoint and content security), two vendors and one half focused on network and content security (Cisco, Fortinet and partially Sophos thanks to the Astaro acquisition), and two vendors focused essentially on endpoint security (Kaspersky and Trend Micro).
The following table summarizes their predictions:
In order to correctly understand the chart a premise is needed: as you will probably have already noticed, in several cases the predictions reflect the specific security focus for the analyzed vendor. For instance, Websense is focused on DLP, and that is the reason why the adoption of DLP is one of its predictions. Analogously McAfee is investing huge resources for Security on Silicon, and this implies that embedded systems and Malware Moving Beyond OS are present among its predictions. Same speech could be applied for Trend Micro and its Cloud Prediction and so on.
Some trends for this year are clearly emphasized: easily predictable Hactivism appears on 6 of the 7 vendors, as mobile (with different connotations) does. Social Media is on the spot as well as are SCADA, Embedded Systems and, quite surprisingly in my opinion, cloud. I would have expected a greater impact for APTs, but for a complete and more accurate analysis one should consider them together with threats targeting embedded systems or ICS. Even because according to several security firms, for instance Kasperky, APT Stuxnet-like will be used for tailored campaigns, whilst more “general purpose malware”, including botnets will be used for massive campaigns (this item is summarized as Mass Targeted Campaigns).
Some “old acquaintances” will be with us in 2012: consumerization, at least according to Sophos and Trend Micro (even if consumerization is strictly connected, if not overlapped with mobile) and, if the Comodo and Diginotar affaires were not enough, Rogue Certificates, according to McAfee. Instead some “new entries” are absolutely interesting, such as the threats related to NFC (even if in this case I would have expected a greater impact) or related to Virtual Currency. Besides let us hope that the prediction to adopt DNSSEC be more than a prediction but a consolidated practice.
The most conservative security firm? In my opinion Cisco. The most “visionary”? Maybe Fortinet, I found the “Crime as a Service (CaaS)” absolutely awesome, and most of all not so visionary, since there are already some (even if clumsy) attempts.
In any case with this plenty of Cyber Nightmares is not a surprise the fact the Enterprise security market is going to reach $23 billion worldwide in 2012 with a 8.7% growth year-on-year.
Thanks to Andrea Zapparoli Manzoni for suggesting the original concept of Consumerization of Warfare and this update.
In a previous post we defined “Consumerization of Warfare” the growing use of consumer technologies such as Social Networks and Mobile for Military purposes (such as propaganda or espionage).
The most obvious examples of this trend are represented, on a global scale, by the influence (also recognized by President Obama) that social media had for the Wind of Changes blowing from Maghreb to the Middle East. In this contest they were used for different purposes: for witnessing the real extent of the events (which was a key factor in fostering the Allied intervention in Libya), for virally spreading propaganda and psyops information, and, last but not least, in a strict military context, as a further evidence to “strong authenticate” coordinates for Nato Missile Attacks in Libya.
But this approach is not limited to social media. Mobile devices are the natural companions of social media, so U.S. Army, U.S. Marines, and National Security Agency are just evaluating the use of COTS (Commercial Off-The-Shelf) products for military purposes and is evaluating several different commercially available smartphones and tablets, properly hardened and secured.
In particular, despite privacy and reputation issues, social media have proven to be a powerful device for spreading information. Consider for example a single event: Osama Bin Laden’s death. Tweets dealing with this event averaged 3440 TPS from 10:45 to 12:30pm ET on May 2 2011, reaching a peak of 5106 TPS around 11:00pm ET.
Such a formidable weapon must be fully exploited for defensive and offensive purposes, consequently the newcomer in this warfare is none other than the Pentagon, which is asking scientists to figure out how to detect and counter propaganda on social media networks in the aftermath of Arab uprisings driven by Twitter and Facebook. The US military’s high-tech research arm, the Defense Advanced Research Projects Agency (DARPA), has put out a request for experts to look at “a new science of social networks” that would attempt to get ahead of the curve of events unfolding on new media.
The program’s goal is:
To track “purposeful or deceptive messaging and misinformation” in social networks and to pursue “counter messaging of detected adversary influence operations,”
according to DARPA’s request for proposals issued on July 14.
The idea to build fake personas to manipulate the social arena is not completely new (and one of the players involved was just the well known HBGary Federal), but this time the scope is pretty much wider, aiming to change the course of events by massive (counter)information campaigns (think for instance to video and images coming from Libya which were crucial to foster the Allied Intervention).
I am not sure Zuckerberg & Co. will be very happy that their creatures are considered, against their will, a battlefield from The Pentagon…
With great satisfaction yesterday I took advantage of a promotion so I updated the nav app on my Android device to the new premium version. Albeit I was very satisfied with the previous version, I could not resist, as usual, to a newer release: moreover the opportunity to save a dozen hard-earned euros was too tempting, so I gave a virtual credit card swipe and got the deal. Among the new features, I immediately noticed the so called “Social Navigation” (nowadays you may add the term social to anything), that is the possibility to share on Facebook or Twitter details about the journey.
My sixth sense and half told me not to enable the automatic share of journey details for a simple reason: what if a burglar should intercept my status update or my journey tweets, and consequently knew that I am leaving my home (maybe for several days)? The answer is pretty much simple… And it is exactly the reason why I am not used to post on Social Media details of my journeys, wether they are related to business or holiday.
Unfortunately it looks like many people do not think so and have the bad habit to post their holiday plans on Facebook or, worse, to publish in real times pictures shot too many miles far from home. Translated to real world, this behavior is like leaving an advert on the door to a burglar telling him there is nobody home.
This is an opportunity too tempting for “social burglars”, who have become familiar with these beahviors and also take advantage of weak default privacy settings, or also of the viral spread of information proper of social media, for probing profiles, looking for unprotected apartments to burgle.
From a social perspective, this is only the last field in which real life and virtual (social) life dangerously overlap, showing that the same threats may be equally applied to both areas. Luckily the same countermeasures may be applied as well, ans this is the reason why a UK Chelmsford-based security firm, Precreate Solutions for a small fee, provides its customers with “virtual updates” while they are away. The service, by mean of pre-approved messages, status updates and tweets scheduled while the customer is away, aims to show a real and virtual presence at home, discouraging potential criminals from taking malicious actions.
Of course holidaymakers should avoid to post their pictures or status updates while they are in holiday, moreover they also should be able to forge credible pre-cooked messages (what if they should update their status with a post telling “I am watching the football match” in July while there is no match, while contemporary posting pictures at the beach?
Thinking well this is not so different, in theory, from the old world approach where holidaymakers asked their neighbors to monitor their homes, to water the plants, and possibly to show signs of presence (switching on the lights for instance when not made through automated switches)… Moreover the bridge from real world to virtual world could become even more concrete, since Company director Gary Jackson claimed that
It’s getting to the point now when insurance firms are going charge higher premiums for social media users.
Maybe a marketing statement if it is true that the Association of British Insurers said it had never heard of insurers asking customers who use social networks to pay more, (and said it would not be practical to do so); a spokesman, however, warned people to think twice about advertising that they were away.
A further thought for this Social Media Day, a further example of the growing revolution of Social Media and their impact on everyday life, a further example of their privacy and security concerns, most of all if they are used, as often happens, with imprudence and shallowness, a behavior which might lead to serious aftermaths also in real world.
- This security firm offers to update your Facebook status whilst you’re away (theinformativereport.com)
- 1,369,915 hits since November 2010
Follow me on TwitterMy Tweets
About This Blog
In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.
Every information is reported with its source.
Anyone intending to use the information contained in my posts is free to do so, provided my blog is mentioned in your article.
Top Posts & Pages
- 16-28 February 2015 Cyber Attacks Timeline
- 2014 Cyber Attacks Timeline Master Index
- List Of Hacked Celebrities Who Had (Nude) Photos Leaked
- 2012 Cyber Attacks Statistics
- 1-15 February 2015 Cyber Attacks Timeline
- January 2015 Cyber Attacks Statistics
- 2013 Cyber Attacks Statistics
- 2013 Cyber Attacks Statistics (Summary)
- 2013 Cyber Attacks Timeline Master Index
- 1-15 January 2015 Cyber Attacks Timeline