Computer and network security is a perpetual game of cat and mouse. Attackers are often adept at both following technology and social trends, and adapting attacks to exploit weak points. As 2010 comes to a close, let's take a look back at some of the biggest security trends from the year.
Targeted Threats
The year began with a bang with a targeted attack and breach affecting Google and many other known companies. Google accused the government of China of being responsible for the attacks--even involving the United States Department of State in the matter.
Dubbed Operation Aurora, or Hydraq, depending on which source you use, the attack was unique in being allegedly state-sponsored. China denied any involvement, but a WikiLeaks leak months later suggested there might be something to the theory. The other unique aspect of the Operation Aurora attack, though, was the way the affected parties joined forces--sharing details of the attack and working collaboratively to get to the bottom of things.
A state-sponsored attack against a high-profile tech target is one variation of a targeted attack. The Stuxnet worm, however, demonstrates that there are more insidious targeted attacks to watch out for as well (it is worth noting, though, that Stuxnet is alleged to be state-sponsored as well). Gary Egan, director of Symantec Security Response, explains, "It is quite possible that Stuxnet has ushered in the next evolutionary shift in malware: a new class of threat that is weaponized to cause real-world damage. It is also one of the most complex threats ever seen."
The Stuxnet worm exploited four separate zero-day vulnerabilities, utilized cutting-edge techniques to evade detection, and is the first rootkit known to be specifically engineered to impact programmable logic controllers (PLCs) like those used in manufacturing and production plants. Egan exclaims, "The political and societal implications of Stuxnet are far reaching."
Playing in the Sandbox
2010 can't take credit for introducing the concept of the sandbox as a security control, but it does seem to be the year that it became more widely adopted and entered the mainstream vocabulary. Products such as the Google Chrome Web browser and Adobe Reader software both embraced sandboxing as a means of preventing attacks and exploits.
The sandbox is basically a safe zone that is segregated from the rest of the application or PC. Code--such as Javascript--is allowed to run within the sandbox, but can not infect or impact the rest of the system. Using a sandbox as a security control helps these applications prevent many of the most common attacks.
Sandboxing may move beyond individual applications, though. A spokesperson for Invincea commented to say, "Fully virtualized sandboxing solutions are making their way onto the market, specifically to address Web-borne attacks that defeat even application sandboxes, including trust-based exploits against users, e.g., fake antivirus, poisoned SEO, and kernel exploits."
Banner Year for Microsoft
