2011 – the year the cyber security fightback began

Have just put the finishing touches to V3’s information security round-up/predictions piece so thought I’d share a few of the headlines with you here.

First the bad news – 2011 witnessed an unprecedented number of security incidents, with attacks launched by the usual suspects including state-sponsored hackers and cyber criminals as well as hacktivists such as the Anonymous online collective.

This new breed of hacker caused organisations from a wide variety of industries some serious problems throughout the year, launching denial of service attacks, harvesting and posting sensitive information online and even hacking the web site of The Sun to post a fake story.

Mobile became a big focus for attack in 2011 too, as the perfect storm of powerful consumer devices and the trend towards consumerisation in the workplace made them an attractive target for cyber criminals. All the major platforms have found to contain security weaknesses, but Android is still by far the worst, given its open ecosystem which allows fake malicious apps to be uploaded and sold on the official application store with disturbing ease.

The fall-out from the infamous Stuxnet worm also continued apace in 2011, as huge numbers of flaws were revealed in Scada and other industrial control systems which operate everything from nuclear power plants to sewage works. We can expect these vulnerabilities and as yet undiscovered ones to be exploited in earnest by hacktivists, state-sponsored hackers and cyber criminals in earnest in 2012.

And now for the good news. The past 12 months have seen some spectacular wins for law enforcement and industry players like Microsoft and Trend Micro in working together to take down big name botnets including Rustock, Coreflood and Esthost. These botnets are the root cause of most global cyber threats and if we can get a little better at cross-border, cross-industry co-operation, things may not be as bad as all that in 2012 after all.