Skip to main content

Review of Information Security Threats 2011

Release Date: 3 Jan 2012 5320 Views

Over the year Information Security threats are continuously growing, we summarized and recapped it below. We can learn from the past and equipped ourselves to fight off the new challenge next year.

  1. New Dimension of Motivations of Cyber Attack

Since 2005, the dominating motivation of cyber attacks is financial. Attackers are organized cybercriminals who control millions of compromised computers (or the botnet) to make money.

 

In 2011, two new dimensions of attacks become more prevalent: (1) hacktivism and (2) targeted attacks on critical infrastructure.

 

Hacktivists are internationally collaborated activists who use hacking to make well publicized protests. Anonymous and Lulsec hacktivist groups are typical examples. In January 2011, Anonymous launched DDoS attack against Amazon and other companies which acted against Wikileaks. Lulsec had targeted Sony1, Sega, CIA, U.K.-based Serious Organized Crime Agency. Their objective was to steal and leak any classified government and high profile institution (e.g. bank) information. Because of the high profile attack, some members of the two groups were arrested in 2011. However, they had already set an example to hacktivism.

 

Stuxnet, a complex computer worm discovered in 2010, was reported to have infiltrated into the Iranian nuclear plants and caused disruption. In October 2011, a similar worm Duqu was found. Its link with Stuxnet was confirmed by security researchers. Stuxnet and Duqu were made to exploit the vulnerability in Supervisory Control and Data Acquisition (SCADA) and critical infrastructure systems.2 The complexity and use of stolen digital certificates mark the professionalism and organization behind. The threat is escalated to the national level and some have pointed out that these are state sponsored attack and we are at the eve of cyber war.

 

The critical infrastructure for the trust the Internet was also challenged in 2011. More than ten Certificate Authorities (CA) were comprised this year. Certificates issued by the comprised CA cannot be trusted. This affected more than 500 web sites including Google, Microsoft and others.3

  1. Botnet

Botnet continues to be the launch pad of distributed denial-of-service (DDoS) attacks, phishing, malware hosting and spam mail. They enabled cybercrime as a service and have greatly impacted the health and safety of the Internet. The size and complexity of Botnet are increasing.

 

On the other hand, we have seen very successful botnet takedowns in 2011. Law enforcement, security researchers, CERTs, software vendors collaborated to take down the command and control centres of a number of major botnets: Rustock (March), Coreflood (April) and Kelihos (September). 4 The amount of spam mail was found to drop significantly immediately after the takedowns, indicating the power of the collaborative efforts. Of course, the uncleaned bots machines are still around and needed to be found out. HKCERT and CERTs around the world are working hard to proactively locate those compromised computers and assist the owners to clean up their machines.

  1. Highlighted Cyber Attacks to Hong Kong

The most significant cyber attack to Hong Kong was the DDoS attack against the News web site of Hong Kong Stock Exchange (HKEx) in August. The attack caused disruption of that web service. HKEx had to suspend trading of seven stocks.5 It was believed that the attack was careful planned and coordinated.

 

Phishing attacks continue to increase rapidly. It masquerades as a real email or SMS from a legitimate financial institutes and lures user to enter their account information, such as username and password. More than ten phishing emails and fraudulent bank web sites cases were published by Hong Kong Monetary Authority this year.6

 

From a third party source Zone-H, there were more than 1000 web site defaced in Hong Kong in 2011.7

 

In July and August, there was a large scale code injection attack targeting osCommerce, a web shopping cart application. HKCERT observed that over 45,000 web pages in Hong Kong were infected as we used Google to search for  infected web pages. The infected web sites were injected scripts to direct users to malware hosting websites.

  1. Data Leakage

Data leakage has been the public concern in the previous years due to data breaches via Foxy, lost or stolen USB drives. The concern is increasing with the rising popularity of social networking sites and mobile application.
 

In 2011 there are still a lot of data leakage incidents in public and private organization being reported. Although we have seen a lot of efforst on developing guidelines and promoting awareness education, it seems that more ongoing efforts are still required. Foxy, once a popular P2P software, was shut down by the order of court in Taiwan in October.8 However, alternative Foxy download sites in simplified Chinese and English versions are still active.

  1. Malware

This year mobile malware is apparently increasing and especially targeting the Android system because of the lack of checking mechanism in the official Android Market. Malware infects mobile devices such as smart phone and handheld tablet devices. The malware collect personal information and send to the attacker via SMS. When malware were found in Android Market, Google removed it right away and suspended the associated developer accounts.9

 

For PCs, rogue security software is still popular. The type of malware pretends to be legitimate software to help users protecting their computer system. Actually it installs malicious software on computers to steal personal information or corrupt users computer system.10

  1. Cloud Computing

Cloud computing is a very hot topic this year. It not only provides lower cost and flexibility for user and SME, but also opens up an easy channel for cybercrime. The availability and confidentiality of cloud services are big concerns for end users.

Attackers are using cloud as a platform to host malware and to crack passwords. Cloud vulnerabilities are also reported under attack in 2011.

 

  • Vulnerability in Amazon Web Services was discovered and allowed hacker to take control of the systems.11

 

  • Vulnerability in Dropbox security allowed the data of all Dropbox user accessible to all users.12

 

References

 

1.   Sony Hacked Again, 1 Million Passwords Exposed

http://www.informationweek.com/news/security/attacks/229900111

Sega says 1.3 million users affected by cyber attack

http://www.reuters.com/article/2011/06/19/us-sega-hackers-idUSL3E7HJ01520110619

 

2.   U.S. probes cyber attack on water system

http://www.reuters.com/article/2011/11/21/us-cybersecurity-attack-idUSTRE7AH2C320111121

Two-thirds of energy firms at risk from Stuxnet-like Scada attack

http://www.v3.co.uk/v3-uk/news/2041556/-thirds-energy-firms-risk-stuxnet-scada-attack

US CERT warns of critical bug in industrial facilities' systems

http://www.theregister.co.uk/2011/05/12/critical_iconics_scada_bug/

SCADA manufacturers infected by new malware Duqu

http://www.theregister.co.uk/2011/10/18/son_of_stuxnet_disclovered/

http://www.zdnet.com/blog/security/stuxnet-20-researchers-find-new-cyber-surveillance-malware-threat/9647

http://www.v3.co.uk/v3-uk/news/2118124/focus-2011-mcafee-dissects-duqu-targeted-attack

 

3.   Certificate Authority Breached in 2011

http://paulsparrows.wordpress.com/2011/12/10/another-certification-authority-breached-the-12th/

The impact of Diginotar on Certificate Authorities and trust

http://isc.sans.edu/diary.html?storyid=11560

 

4.   MS claims credit for Rustock botnet takedown

http://www.theregister.co.uk/2011/03/18/ms_claims_credit_for_rustock_botnet_takedown/

FBI and Justice Department shut down Coreflood botnet

http://www.v3.co.uk/v3-uk/news/2043377/fbi-doj-raid-datacentres-shut-coreflood-botnet

 

5.   Hack on Hong Kong Stock Exchange disrupts trading

http://www.theregister.co.uk/2011/08/10/hong_kong_stock_exchange_hack/

Ming Pao Finance News

http://www.mpfinance.com/htm/Finance/20110812/News/ea_gaa1.htm

Hong Kong stock exchange (HKEx) website hacked, impacts trades

http://nakedsecurity.sophos.com/2011/08/10/hong-kong-stock-exchange-hkex-website-hacked-impacts-trades/

 

6.   Press Releases of HKMA

http://www.hkma.gov.hk/eng/key-information/press-releases/2011/

 

7.   Zone-H

http://www.zone-h.org/archive/filter=1/domain=.hk/fulltext=1/page=50

 

8.   Yahoo News

http://hk.news.yahoo.com/%E7%94%A8%E6%88%B6%E6%B3%84%E5%AF%86%E5%A4%B1%E6%8E%A7-foxy%E8%A2%AB%E5%8B%92%E4%BB%A4-%E9%97%9C%E9%96%80-223000978.html

Foxy engine shut down by Taiwanese court

http://law.lexisnexis.com/webcenters/hk/Asia-Legal-News/Foxy-engine-shut-down-by-Taiwanese-court

 

9. Trend Micro: A Chinese Android malware operated under blog control

http://www.theregister.co.uk/2011/10/06/trend_discovers_more_android_malware/

Google's Android wears big bulls eye for mobile malware

http://www.zdnet.com/blog/btl/googles-android-wears-big-bulls-eye-for-mobile-malware/45733 

http://www.zdnet.com/blog/open-source/google-kind-of-sort-of-addresses-android-malware/8409

More Malware Found in Official Android Market

http://www.esecurityplanet.com/mobile-security/more-malware-found-in-official-android-market.html

 

10. Rogue Antivirus security threat

http://www.microsoft.com/security/pc-security/antivirus-rogue.aspx

 

11. Crypto boffins uncover rogue task risk on Amazon cloud

http://www.theregister.co.uk/2011/10/27/cloud_security/

 

12. Drop box web interface was WIDE OPEN for some time yesterday

http://forums.dropbox.com/topic.php?id=40113

Dropbox Security Breach Highlights Cloud Risks

http://www.softwaretechadvocate.com/blog/archives/40