Stuxnet and the specter of sophisticated, state-sponsored attacks were still dominating the news a year ago, as 2010 ended and we welcomed the New Year. Soon enough, however, there would be a new phenomenon to contend with: hacktivists. As the attack on HBGary Federal and Sony showed, faceless online activists or anarchists can do plenty of damage to even sophisticated and well protected firms.
Pity poor Iran. They can’t catch a break. After cleaning up the mess Stuxnet wreaked on their nuclear ambitions, the Middle Eastern country admitted in November that a number of machines across multiple industries were infected with Duqu. While academic arguments raged over whether similarities in source code proved Duqu was the spawn of Stuxnet, researchers digging around under the worm’s hood discovered some interesting and unique characteristics.
Admit it. It would scarcely break your heart if the legions of slack-jawed smartphone Facebook and FourSquare gawkers were forced to confront their own digital mortality – however briefly – with a few scary exploits made just for them. In 2011, the untethered among us saw several mobile security challenges to be concerned about. High on the mobile hackers’ hit list is Android, the market-leading smartphone OS.
Few things sent shockwaves to all corners of the security community like news in March that RSA’s popular SecurID two-factor authentication tokens had been rendered all but useless by a small but cleverly targeted phishing campaign that included a payload of a malicious Flash object embedded in an Excel file.
Not even a techno-religion is immune from security snafus, as the folks at Apple are steadily discovering. After years of watching the bad guys use crimeware kits like Zeus against Microsoft, the iGang finally got a malware construction tool to call its own in May of this year.
A flurry of attacks on open source servers, operating systems and software also permeated the headlines this year, with a compromise of the repository for the Linux source code leading the way.
Sony’s online gaming platform, The PlayStation Network (PSN), disappeared for more than a month starting in April, and no amount of double X and O-ing or right joysticking could save it. The reason? A massive attack on PSN’s network knocked the gaming giant offline and exposed the data of more than million users worldwide.
After a decade of flourishing unseen in the shadows of the Internet, Anonymous, LulzSec and other like-minded groups expanded their activities from obscure attacks and protests to full fledged hacking and DDoS campaigns against governments, The Church of Scientology, Visa, Paypal, Sony and a wide range of other private and public organizations perceived as hostile to the hackers’ ever shifting li
Stuxnet debuted with a frenzy in 2010 after researchers exposed the malware already busily disrupting Iran’s nuclear enrichment program. That was followed this past year by continued speculation, finger pointing and even some dismissive attitudes about the worm, which targets Siemens-made industrial control devices.
We’ve compiled our list of the Top Security Stories of 2011, presented here in no particular order. These are the issues that shook the world’s markets and kept us awake at night. If there’s a lesson here, it’s that cybersecurity challenges aren’t going away anytime soon. In fact, as we look forward to 2012, about the only thing that could quell the continuing battle to secure the technology system is if the Mayans turn out to be right.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
