Top Ten Information Security Events from 2011

Tuesday, January 03, 2012



Costin Raiu, director of Kaspersky Lab’s global research and analysis team, has an interesting writeup on Dancho Danchev and Ryan Naraine's Zero Day blog at ZDNet on his top ten picks for the most significant information security events of 2011.

As 2011 was such an eventful year where security is concerned, no doubt many readers will point to numerous instances where they feel an episode was overlooked that should have been included in the top ten - but hey, you have to draw the line somewhere, and Raiu provides his reasoning behind the selections:

"The multitude of incidents, stories, facts, new trends and intriguing actors is so big that it makes it very hard to crack into top 10 of security stories of 2011... These 10 stories are probably just a tiny speck in the galaxy of 2011 security incidents. The reason I selected them is because they point to the major actors of 2011 which will no doubt continue to play a major role in the cyber-security blockbuster which is around the corner," Raiu writes.

The following are Raiu's choices followed by a brief excerpt:

10. MacOS malware

"Products called MacDefender, MacSecurity, MacProtector or MacGuard, which are actually Rogue AV products for Mac OS appeared in May 2011 and quickly became popular. Distributed through black-hat SEO techniques in Google searches, these programs rely on social engineering to get the user to download, install and then pay for the full version. In addition to Mac OS Rogue AVs, the DNSChanger family of Trojans deserves a special mention as well..."

9. The CarrierIQ incident

"Although the declared purpose of CarrierIQ is to collect “diagnostic” information from the mobile terminals, Trevor Eckhart, a security researcher, demonstrated that the extent of information CarrierIQ is collect goes beyond the simple “diagnostic” purpose and includes things such as keylogging and monitoring URLs opened on the mobile device..."

8. The rise of Android malware

"In less than one year, Android malware quickly exploded and became the most popular mobile malware category. This trend became obvious in Q3, when we received over 40% of all the mobile malware we saw in 2011. Finally, we hit critical mass in November 2011, when we received over 1000 malicious samples for Android.."

7. Fighting cybercrime and botnet takedowns

"2011 was definitively a bad year for many cybercriminals that got caught and arrested by law enforcement authorities around the world. The ZeuS gang arrests, the DNSChanger gang takedown and the Rustock, Coreflood and Kelihos/Hilux botnet takedowns were just a few examples. These indicate an emerging trend, which is of course attribution..."

6. The Sony PlayStation Network hack

"The Sony PSN hack was a major story for 2011 because it points out several main things – first of all, in the cloud era, Personally Identifiable Information is nicely available in one place, over fast internet links, ready to be stolen in the case of any misconfigurations or security issues. 77 million usernames and 2.2 million credit cards can be considered normal booty in the cloud era..."

5. Duqu

"Compared to Stuxnet, the purpose of Duqu is quite different; this Trojan is actually a sophisticated attack toolkit which can be used to breach a system and then systematically siphon information out of it. New modules can be uploaded and run on the fly, without a filesystem footprint. The highly modular architecture, together with the small number of victims around the world made Duqu so hard to detect for years..."

4. The Comodo and DigiNotar incidents

"The attacks against Comodo and DigiNotar are an indication of two emerging trends: first of all, we already have the loss of trust in the certificate authorities (CA), but in future, CA compromises may become even more popular. Additionally, more digitally signed malware will appear..."

3. The Advanced Persistent Threat

"These attacks confirm the emergence of powerful nation-state actors and the establishment of cyber-espionage as common practice. Additionally, many of these attacks seem to be connected and have major global ramifications. For instance, the RSA breach was notable because the attackers stole the database of SecurID tokens, which was later used in another high-profile attack..."

2. The HBGary Federal hack

"I believe this story is relevant because it shows an interesting situation – the usage of weak passwords together with old software systems and cloud application can turn into a security nightmare. If the CEO and COO would have been using strong passwords, maybe none of this would have happened..."

1. The rise of Hacktivism

"It’s difficult to imagine someone reading this list who has not yet heard of Anonymous, LulzSec or TeaMp0isoN. Throughout 2011, these groups, together with others were actively involved in various operations against law enforcement agencies, banks, governments, security companies or just major software vendors. Sometimes working together, in other cases, working against each other, these groups emerged as one of the main actors of 2011..."

Take the Infosec Island poll (lower right of our main page) and tell us what you think 2011 will be best remebered for. And, for the complete story behind each of Raiu's picks, be sure to refer to the full article on  ZDNet here:


Possibly Related Articles:
Security Awareness
malware Botnets Advanced Persistent Threats Headlines Android Anonymous Hacktivist Sony HBGary Federal Mac OS X Comodo Lulzsec TeaMp0isoN AntiSec DigiNotar DUQU Carrier IQ Costin Raiu
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.