Targeted attacks, hacktivist campaigns and the rise of mobile malware were just a handful of security news that dominated 2011's headlines.
was a momentous year in many aspects for the security industry, with high
profile cyber-attacks and data breaches, but also a year in which many of the
incidents evoked a sense of d??Â«j??Ã vu amongst industry observers.
was the Year of the Hack," Harry Sverdlove, CTO of Bit9, told eWEEK
was an "unprecedented rise" in targeted attacks, and while some were
very sophisticated, others employed crude, yet effective, methods, according to
against RSA Security
was an example of how sophisticated attackers have
become when it comes to stealing intellectual property. The attackers managed
to breach one of the foremost security companies in the world by combining
social engineering with a zero-day vulnerability embedded in an Excel
by sending an email with a malicious attachment to recruiters and staff members
in the RSA Human Resources department, attackers walked off with information
relating to the SecurID two-factor authentication technology used by major
government agencies and large corporations to secure their networks.
was an example of how organizations that hadn't paid
attention to security
were suddenly faced with a high price tag and brand
damage after a data breach. Under the cover of a distributed denial-of-service
attack, adversaries managed to breach Sony's online systems and stole more than
100 million user records. Subsequent reports highlighted numerous security
issues that Sony neglected to address.
realized that there is no such thing as being too big or too small to be safe
from cyber-attacks and data breaches. Operation
was a coordinated and wide-scale attack on several petroleum
and energy companies, and the Nitro
targeted at least 48 companies within the chemical and defense
targeted over 70 organizations using the same command and control
have been predicting attacks against critical infrastructure for almost a
decade, and in 2011, people started paying attention. The White House outlined
its proposal on how best to secure
such as power grids and public utilities, as well
as chemical, gas, oil and energy plants.
proposal named the Department of Homeland Security as the agency in charge of
coordinating the efforts. In the second half of 2011, the Duqu Trojan revived
worries of the new
generation of Stuxnet-style malware
capable of manipulating industrial
process control software used in many industries to damage critical industrial
and utility infrastructures.