2010: Looking back at a year in information security

Opinion by Dan Raywood

It doesn't seem like 12 months since I was looking forward to 2010 and looking back at 2009.

It doesn't seem like 12 months since I was looking forward to 2010 and looking back at 2009.

Naturally the look forward was generally doom and gloom, with predictions made that ‘botnets will grow in their sophistication', that ‘hybrid malware, combining the use of web and email to carry out sophisticated attacks, will become even more prevalent in 2010' and that there will be ‘an increase in non-English language spam‘. All correct so far then.

Looking back at 2010, the threat landscape has been prevalent in all of our minds although nothing really has stood out. Yes there was the Stuxnet virus that gathered some national newspaper headlines, but we did not have a major consumer scare story like 2009 did with Conficker.

Paul Wood, senior analyst at Symantec Hosted Services, said: “It is difficult to look back and say it was the ‘year of that'. What we have seen is many attempts to disrupt botnets and not record a great deal of cyber crime. We have seen dents like with BredoLab, but we are still seeing attacks related to that. The biggest thing to happen in malware was Stuxnet.

“From an evolutionary ladder it is based on malware that has gone before and we are seeing much more sophistication in the botnet with Stuxnet. It is the tip of the iceberg in terms of development. A botnet has more kernel drivers and the way the command and control expanded at the end of 2009 and could be used for hosting a type of material to go on something like Twitter.”

In agreement on how the threat has increased was Ron Gula, CEO of Tenable Network Security, who noted that 2010 has seen advanced persistent threats increasingly become a key feature of the security scene.

“It is against this backdrop of constantly evolving and increasingly sophisticated threats that IT managers have needed to ensure they implement a holistic approach to security that aligns closely to business objectives,” he said.

“As the collaboration between business processes and security continues, the industry will realise the benefits that enterprise IT can provide; 2010 has already seen the security sector respond to the rise of tablet devices and smartphones with the launch of an iPhone application that remotely connects to IT servers. Moving into 2011 we expect to see this trend continue with security professionals expecting more flexibility from their software and service providers.”

Simon Heron, internet security analyst at Redscan also referred to 2010 as ‘the year of the botnet' with the vast majority of spam and malware being distributed by botnets and compromised hosts during 2010, a trend that started as far back as late 2008.

Tony Dyhouse, director of the cyber security programme at the Digital Systems Knowledge Transfer Network, pointed to the change of government as a key theme of the past 12 months, particularly with the support of cyber security as part of the National Security Review.

The review promises a £650 million fund for the provision of cyber security investigation and Dyhouse admitted a large problem was in how it should be spent. He said: “It will not make the problem go away as most departments are having their budgets cut. This is essential to cost in the UK as while there is cyber fraud visible and businesses do not know how to spot it, there has to be effectiveness in order to do it and there has to be support at a national security level.”

Also highlighting this was Maitland Hyslop, managing director of ISP Internet Central. He said that looking at the change in cyber security from five years ago to now is interesting, as it is now acknowledged by government.

With regard to the £650 million fund, he pointed out that the government has awarded £830 million to improve broadband speed over five years, while £20 billion was being spent on Trident – more than 20 times what is spent on cyber security. “While there are attacks on intelligence and on banks and shops, there is nothing for Trident to do and what do they spend on? The critical thing is the need for information, to protect government, the transportation system and large fund transactions,” he said.

Back in March I met with Eugene Kaspersky to talk about industry trends and predictions, and one prediction that he made was that ‘very soon computers and the internet will disappear and they will be replaced with smartphones and mobile networks and 5G'. There is no doubt that mobile trends have been building throughout 2010, with smartphone usage massively increasing, more concern about how to securely add personal devices on to corporate networks and with many predictions that specific mobile malware is getting worse.

Mobiles have even been used to deliver a malicious application by SMS with a link embedded, while vulnerabilities in handsets have become a much more serious matter. Research by AdaptiveMobile found that malicious targeting of smartphones increased by a third in 2010 with malware engineered for the Google Android mobile platform rising most significantly.

It claimed that the sharp rise comes as cyber criminals shift their focus towards those technologies and platforms that are likely to see the most widespread adoption in coming years. Smartphones running Java-based applications saw the second highest increase in malware reports, up 45 per cent on 2009, while reported exploits aimed at the Apple iPhone declined and new Symbian malware also fell by 11 per cent.

Gareth Maclachlan, chief operating officer at AdaptiveMobile, said that there appears to be a wider understanding of the broader opportunities for cyber crime. “The phone is now an extension of the wallet and in a mobile sense you do not want to become infected for it to do small transactions that are not spotted. This is an issue for operators more than handset manufacturers,” he said.

In a year that saw the launch of the Apple iPad, the Windows 7 phone and the increasing popularity of the Google Android operating system, the challenge for the IT manager of the consumerisation of devices has increased in 2010 and is expected to increase into 2011.

Maclachlan said that there are now four billion handsets deployed and while there is opportunity for malware to infect devices, there is a marked change in the awareness around the operator for security and the challenge is how to get people to trust their phone.  

Another key growth area of 2010 has been with vulnerability disclosure, Alan Bentley, SVP international at Lumension commented that this year has seen a more concerted effort from the industry to identify and release updates for new vulnerabilities, with the combination of Microsoft and Oracle delivering one of the biggest patch loads on record.

“The hacking community is continuing to advance its techniques in order to breach the defences of organisations. Businesses and governments have found themselves caught up in all-out cyber warfare and are racing to protect themselves,” he said.

He also commented on the rising consideration of the ‘insider threat' that moved from employees leaving laptops on the train to employees leaking information for political or monetary purposes. “This escalating threat-level has thrown the hacking community into the media spotlight and with all eyes on them, attacks will continue to gather momentum,” he said.

Looking at these perspectives, it is interesting to see the range of opinions on what spokespeople deem to have been the most interesting or challenging part of the past year. Overall what has been the most notable incident is a personal thing depending on your duties and perceptions, but hopefully one of more of the aforementioned will ring true with your experiences.

Listen to views on the online threat landscape from Websense from SC Magazine's online summit - http://www.brighttalk.com/webcast/23650. SC webcasts are available here - http://www.scwebcasts.tv/.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events