Here is my collection of security trends for 2012 from different sources:
Windows XP will be the biggest security threat in 2012 according to Sean Sullivan, security advisor at F-Secure: “People seem to be adding new systems without necessarily abandoning their old XP machines, which is great news for online criminals, as XP continues to be their favourite target.”
F-Secure also says also that it might not be long before the cyber criminals turn their attentions to tablet devices. Attacks against mobile devices have become more common and I expect this to continue this year as well.
Americans more susceptible to online scams than believed, study finds. A recent survey from The Ponemon Institute and PC Tools dives into this question and reveals a real gap between how aware Americans think they are of scams and how likely they actually are to fall for them.
Fake antivirus scams that have plagued Windows and Mac OSX during the last couple of years and now it seems that such fake antivirus scams have spread to Android. Nearly all new mobile malware in Q3 2011 was targeted at Android.. When antivirus software becomes a universally accepted requirement (the way it is on Windows is the day), has the platform has failed and missed the whole point of being mobile operating system?
Cyber criminals are developing more sophisticated attacks and the police will counterattack.
Mobile phone surveillance will increase and more details of it will surface. Last year’s findings have included Location data collecting smart-phones, Carrier IQ phone spying busted and Police Surveillance system to monitor mobile phones. In USA the Patriot Act lets them investigate anything, anywhere, without a warrant. Now they are on your devices and can monitor everything. Leaked Memo Says Apple Provides Backdoor To Governments: “in exchange for the Indian market presence” mobile device manufacturers, including RIM, Nokia, and Apple (collectively defined in the document as “RINOA”) have agreed to provide backdoor access on their devices.
Geo-location tagging in smartphones to potentially cause major security risks article says that geo-location tagging security issues are likely to be a major issue in 2012—and that many users of smartphones are unaware of the potentially serious security consequences of their use of the technology. When smartphones images to the Internet (to portals such Facebook or Flickr) there’s a strong chance they will also upload the GPS lcoation data as well. This information could be subsequently misused by third parties.
You need to find your balance between freedom and security (
Vapauden ja turvallisuuden tasapaino). Usernames poured out for all to see, passwords and personal identification numbers are published. A knowledge of access management is even more important: who has the right to know when and where the role of functioning? Access, identity and role management are essential for the protection of the whole system. Implementation of such systems is still far from complete.
When designing networked services, the development of safety should taken into account in the planning stage, rather than at the end of execution. Even a secure network and information system can not act as operating a vacuum.
Reliability of the server certificates will face more and more problems. We can see more certificate authority bankruptcies due cyber attacks to them. Certificate attacks that have focused on the PC Web browsers, are now proven to be effective against mobile browsers.
Stonesoft says that advanced evasion techniques (AET) will be a major threat. Stonesoft discovered that with certain evasion techniques (particularly when combined in particular combinations) they could sneak common exploits past many IDS/IPS systems (including their own, at the time last summer). Using the right tool set (including a custom TCP/IP stack) attackers could sneak past our best defenses. This is real and they foresee a not too distant future where things like botnet kits will have this as a checkbox feature.
Rise of Printer Malware is real. Printer malware: print a malicious document, expose your whole LAN says that sending a document to a printer that contained a malicious version of the OS can send your sensitive document anywhere in Internet. Researchers at Columbia University have discovered a new class of security flaws that could allow hackers to remotely control printers over the Internet. Potential scenario: send a resume to HR, wait for them to print it, take over the network and pwn the company. HP does have firmware update software for their printers and HP Refutes Inaccurate Claims; Clarifies on Printer Security. I wonder how many more years until that old chain letter, where some new insidious virus infects everything from your graphics card to your monitor cable, becomes true.
Unauthorized changes in the BIOS could allow or be part of a sophisticated, targeted attack on an organization, allowing an attacker to infiltrate an organization’s systems or disrupt their operations. How Do You Protect PCs from BIOS Attacks? The U.S. National Institute of Standards and Technology (NIST) has drafted a new computer-security publication that provides guidance for computer manufacturers, suppliers, and security professionals who must protect personal computers as they start up “out of the box”: “BIOS Integrity Measurement Guidelines,” NIST Special Publication 800-155.
According to Stonesoft security problems threaten the lives and the year 2012 may be the first time when we lose lives because of security offenses. According to the company does this happen remains to be seen, but the risk is due to industrial SCADA systems attacks against targets such as hospitals or automated drug delivery systems. I already posted around month ago about SCADA systems security issues.
849 Comments
Tomi Engdahl says:
US: We’ll drag cyber-spies into COURT from their hideouts
‘And Iran to prosecute American programmers for Stuxnet?’
http://www.theregister.co.uk/2012/12/20/prosecute_foreign_hackers_plan/
The US Department of Justice has floated a plan to advance criminal prosecutions against cyber-spies.
This is after the department’s agency, the Defense Security Service (DSS) reported* this week that the number of foreign cyberattacks aimed at snaffling US tech, intellectual property, trade secrets and classified information rose by 75 per cent in 2010-11.
Report after report has alleged that state-sponsored hackers from China are trying to steal intellectual property from US high-tech firms.
Tomi Engdahl says:
PGP, TrueCrypt-encrypted files CRACKED by £300 tool
http://www.theregister.co.uk/2012/12/20/elcomsoft_tool_decrypts_pgp/
ElcomSoft has built a utility that forages for encryption keys in snapshots of a PC’s memory to decrypt PGP and TrueCrypt-protected data.
Normally, the unencrypted content of these data containers is impossible to retrieve without knowing the original passphrase used to encrypt the volume. Vladimir Katalov, chief exec of ElcomSoft, said encryption technology, in the right conditions, can be circumvented thanks to human laziness
The main and only weakness of crypto containers is human factor. Weak passwords aside, encrypted volumes must be mounted for the user to have on-the-fly access to encrypted data.
No one likes typing their long, complex passwords every time they need to read or write a file. As a result, keys used to encrypt and decrypt data that’s being written or read from protected volumes are kept readily accessible in the computer’s operating memory.
Obviously, what’s kept readily accessible can be retrieved near instantly by a third-party tool.
Tomi Engdahl says:
Cyber attacks against Finnish media houses in recent days reveal the companies’ point of weakness: companies were not properly prepared for attacks
After Christmas, among other things, Iltalehti, Iltasanomat s and Yle have had to network attacks. Denial of service attacks have brought down the sites up to hours
Attacks are likely to have been motivated by the same party. The attacks have been made abroad, but it does not eliminate the possibility that the author would be Finnish.
Source: http://m.tietoviikko.fi/Uutiset/HS%3A+Verkkohy%C3%B6kk%C3%A4yksilt%C3%A4+suojautuminen+tiet%C3%A4%C3%A4+kallista+remonttia
Tomi Engdahl says:
Most unique viruses of 2012
http://www.net-security.org/malware_news.php?id=2367
PandaLabs outlined its picks for the most unique viruses of the past year.
Tomi says:
Stuxnet strikes again, Iranian official says
http://www.theverge.com/2012/12/25/3803216/stuxnet-strikes-again-iranian-official-says
Is Stuxnet back? A provincial defense official in southern Iran is claiming that one of the largest power plants in the country and other industrial sites were again targeted by the notorious virus reported to be the creation of the Israeli and American governments.
This recent Stuxnet attack was successfully defeated, according to local Iranian civil defense chief Ali Akbar Akhavan.
Stuxnet is a powerful worm that was written to attack industrial systems manufactured by global megabrand Siemens. The virus is introduced via an infected USB drive, then establishes communication with a remote server. Attackers can then copy data or take control of a plant’s monitoring system.
Aftermath: Security trends 2012 « Tomi Engdahl’s ePanorama blog says:
[...] Security trends 2012 I wrote in the beginning of the year a blog article Security trends for 2012 that tried to predict security trends for this year. No the year is near the ends, so here is my [...]
Tomi Engdahl says:
Iltalehti: HS: The police may install spyware
In 2014, the Finnish police can secretly install spyware on computers and phones of people suspected of committing a serious crime (requires court permission). The so-called Trojan enable the police to track the suspect using your computer and the sending of messages better than at present.
Security company F-Secure does not intend to develop spyware with the authorities. Research Director Mikko Hyppönen, the situation is schizophrenic.
- We have made various authorities of the countries with a lot of cooperation to expose the criminals. Suddenly, the authorities have themselves developed and used by malicious software
In his opinion, security companies, is designed to stop malware, regardless of whether they come from the Russians criminals or the police.
Source: http://www.iltalehti.fi/uutiset/2012123016500940_uu.shtml
Aftermath: Hot trends 2012 « Tomi Engdahl’s ePanorama blog says:
[...] This was right to the point. Check comments on Security trends for 2012. Check also How I’m Being Followed on [...]
Tomi Engdahl says:
Browser vendors rush to block fake google.com site cert
http://www.theregister.co.uk/2013/01/04/turkish_fake_google_site_certificate/
Google and other browser vendors have taken steps to block an unauthorized digital certificate for the ” *.google.com” domain that fraudsters could have used to impersonate the search giant’s online services.
According to a blog post by software engineer Adam Langley, Google’s Chrome team first discovered a site using the fraudulent certificate on Christmas Eve. Upon investigation, they were able to trace the phony credential back to Turkish certificate authority Turktrust, which quickly owned up to the problem.
It seems that in August 2011, Turktrust mistakenly issued two intermediate certificates to one of its customers, instead of the ordinary SSL certificates it should have issued.
Tomi Engdahl says:
Google, Microsoft, and Mozilla revoke two fraudulent Turkish certificates used in targeted attacks
http://thenextweb.com/google/2013/01/03/google-microsoft-and-mozilla-revoke-two-fraudulent-turkish-certificates-used-in-targeted-attacks/
Tomi Engdahl says:
Ruby on Rails has SQL injection vuln
http://www.theregister.co.uk/2013/01/03/ruby_on_rails_sql_injection_vuln/
The maintainers of Ruby on Rails are warning of an SQL injection vulnerability which affects all versions of the popular Web framework.
New versions have been released to eliminate the flaw, and the Ruby on Rails team also describes a workaround
They advise that users should immediately apply an upgrade
If the HMAC key for an application is known, an attacker can easily send fake credentials to the application
Tomi Engdahl says:
US Dept for Homeland Security shafted by trivial web bug
New year resolution: Go back to PHP school
http://www.theregister.co.uk/2013/01/07/nullcrew_dhs_hack/
A US government website was broken into by hackers exploiting a directory traversal vulnerability, according to security researchers.
Hacktivist group NullCrew announced it compromised studyinthestates.dhs.gov, a US Department of Homeland Security website, on Friday.
The website was vulnerable to a directory traversal vulnerability, a class of bug that allows visitors to poke around a website server’s file system and access sensitive files
Tomi Engdahl says:
US nuke lab drops Chinese networking kit
Report says Los Alamos ditched H3C kit over security concerns
http://www.theregister.co.uk/2013/01/08/us_nuke_lab_dumps_h3c_kit/
The Los Alamos National Laboratory, home of some US research into nuclear weapons, has replaced networking kit from Chinese vendor H3C over security concerns, according to Reuters.
Reuters says it has read internal correspondence suggesting the removal of the H3C devices was undertaken as part of a wider review of risks posed by equipment suppliers, but that no specific threat posed by the devices was identified.
Instead, the kit seems to have been replaced on the basis of suspicion alone.
If that’s the case, it signals a new level of paranoia for US government entities about Chinese networking equipment vendors, given that H3C is now in HP’s hands.
The removal of the kit from Los Alamos shows US authorities are keen on Congress’ assessment that Huawei and ZTE should not be allowed to sell their products from sea to shining sea.
Tomi Engdahl says:
Bank Hacks Were Work of Iranians, Officials Say
http://www.nytimes.com/2013/01/09/technology/online-banking-attacks-were-work-of-iran-us-officials-say.html?pagewanted=1&_r=2&pagewanted=all&
The attackers hit one American bank after the next.
But there was something disturbingly different about the wave of online attacks on American banks in recent weeks. Security researchers say that instead of exploiting individual computers, the attackers engineered networks of computers in data centers, transforming the online equivalent of a few yapping Chihuahuas into a pack of fire-breathing Godzillas.
The skill required to carry out attacks on this scale has convinced United States government officials and security researchers that they are the work of Iran, most likely in retaliation for economic sanctions and online attacks by the United States.
“There is no doubt within the U.S. government that Iran is behind these attacks,”
“The scale, the scope and the effectiveness of these attacks have been unprecedented,”
Since September, intruders have caused major disruptions to the online banking sites of Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC, Capital One, Fifth Third Bank, BB&T and HSBC.
They employed DDoS attacks, or distributed denial of service attacks, named because hackers deny customers service by directing large volumes of traffic to a site until it collapses. No bank accounts were breached and no customers’ money was taken.
Attackers used the infected servers to fire traffic simultaneously at each banking site until it slowed or collapsed.
By infecting data centers instead of computers, the hackers obtained the computing power to mount enormous denial of service attacks. One of the banks had 40 gigabits of Internet capacity, Mr. Herberger said, a huge amount when you consider that a midsize business may only have one gigabit. But some banks were hit with a sustained flood of traffic that peaked at 70 gigabits.
Tomi Engdahl says:
India: Tech Import Restrictions Are for Security
http://online.wsj.com/article_email/SB10001424127887324081704578231262464225242-lMyQjAxMTAzMDAwOTEwNDkyWj.html
India’s proposal to restrict imports of an array of high-tech products, a move that Western companies fear could significantly undermine their business plans in the country, is aimed at protecting the nation’s security while encouraging more local manufacturing, the government said Wednesday.
The Indian government’s draft regulations, which were reviewed by The Wall Street Journal, would require that a substantial percentage of technology hardware purchased by government agencies and some companies—ranging from Wi-Fi devices to network switches—come from India-based manufacturers
Tomi Engdahl says:
Nokia Admits Decrypting User Data Claiming It Isn’t Looking
http://yro.slashdot.org/story/13/01/10/1356228/nokia-admits-decrypting-user-data-claiming-it-isnt-looking
“Nokia has admitted that it routinely decrypts user’s HTTPS traffic, but says it is only doing it so it can compress it to improve speed. That doesn’t convince security researcher Gaurang Pandya, who accuses the company of spying on customers.”
Tomi Engdahl says:
Nokia Admits Decrypting User Data But Denies Man-in-the-Middle Attacks
http://www.techweekeurope.co.uk/news/nokia-decrypting-traffic-man-in-the-middle-attacks-103799
Nokia says it does decrypt some customer information over HTTPS traffic, but isn’t spying on people
Nokia has rejected claims it might be spying on users’ encrypted Internet traffic, but admitted it is intercepting and temporarily decrypting HTTPS connections for the benefit of customers.
A security professional alleged Nokia was carrying out so-called man-in-the-middle attacks on its own users. Gaurang Pandya, currently infrastructure security architect at Unisys Global Services India, said in December he saw traffic being diverted from his Nokia Asha phone through to Nokia-owned proxy servers.
Pandya wanted to know if SSL-protected traffic was being diverted through Nokia servers too. Yesterday, in a blog post, Pandya said Nokia was intercepting HTTPS traffic and could have been snooping on users’ content, as he had determined by looking at DNS requests and SSL certificates using Nokia’s mobile browser.
Nokia said it was diverting user connections through its own proxy servers as part of the traffic compression feature of its browser, designed to make services speedier. It was not looking at any encrypted content, even though it did temporarily decrypt some information. This could still be defined as a man-in-the-middle attack, although Nokia says no data is being viewed by its staff.
“The compression that occurs within the Nokia Xpress Browser means that users can get faster web browsing and more value out of their data plans,” a spokesperson said, in an email sent to TechWeekEurope.
Johnathan Baransky says:
computer security is of the utmost importance since we always want to protect our precious files..
Tomi Engdahl says:
Hack turns the Cisco phone on your desk into a remote bugging device
http://arstechnica.com/security/2013/01/hack-turns-the-cisco-phone-on-your-desk-into-a-remote-bugging-device/
No fix yet for attack that allows eavesdropping on private conversations.
Internet phones sold by Cisco Systems are vulnerable to stealthy hacks that turn them into remote bugging devices that eavesdrop on private calls and nearby conversations.
The networking giant warned of the vulnerability on Wednesday, almost two weeks after a security expert demonstrated how people with physical access to the phones could cause them to execute malicious code. Cisco plans to release a stop-gap software patch later this month for the weakness, which affects several models in the CiscoUnified IP Phone 7900 series. The vulnerability can also be exploited remotely over corporate networks, although Cisco has issued workarounds to make those hacks more difficult.
Tomi Engdahl says:
New Java vulnerability is being exploited in the wild, disabling Java is currently your only option
http://thenextweb.com/insider/2013/01/10/new-java-vulnerability-is-being-exploited-in-the-wild-disabling-java-is-currently-your-only-option/
A new Java 0-day vulnerability has been discovered, and is already being exploited in the wild. Currently, disabling the plugin is the only way to protect your computer.
Tomi Engdahl says:
A fourth of Android apps are high risk security threats, says Trustgo
Fourth quarter report finds growing number of risky apps
http://www.theinquirer.net/inquirer/news/2235678/a-fourth-of-android-apps-are-high-risk-security-threats-says-trustgo
MOBILE SECURITY OUTFIT Trustgo has found that over 25 percent of Android apps worldwide feature code that can leverage application permissions and create security vulnerablities.
Ten per cent of apps in the US and Western Europe had a high risk for causing security issues. While China was reported to have the most high risk apps available for download.
“Malware continues to be a problem around the world, but the real growth is happening in a category of apps we call ‘High Risk’,” said Trustgo founder and CEO Xuyang Li.
Tomi says:
Apple Blocks Java 7 Plug-in on OS X to Address Widespread Security Threat
http://www.macrumors.com/2013/01/11/apple-blocks-java-7-on-os-x-to-address-widespread-security-threat/
As noted by ZDNet, a major security vulnerability in Java 7 has been discovered, with the vulnerability currently being exploited in the wild by malicious parties. In response to threat, the U.S. Department of Homeland Security has recommended that users disable the Java 7 browser plug-in entirely until a patch is made available by Oracle.
Apple has, however, apparently already moved quickly to address the issue, disabling the Java 7 plug-in on Macs where it is already installed.
Tomi says:
Oracle’s Java vulnerability left open since October 2012 ‘fix’, now being used to push ransomware
http://thenextweb.com/insider/2013/01/11/latest-java-vulnerability-possible-since-oracle-didnt-properly-fix-old-one-now-pushing-ransomware/
After news broke on Thursday that a new Java 0-day vulnerability had been discovered, and was already being included in multiple popular exploit kits, two new important tidbits have come in on Friday. Firstly, this whole fiasco could have been avoided if Oracle had properly patched a previous vulnerability. Furthermore, not only is the vulnerability being exploited in the wild, but it is being used to push ransomware.
The 0-day code would not have worked if Oracle had properly addressed an old vulnerability,
We noted yesterday that the two most popular Web threat tools used by hackers to distribute malware, the BlackHole Exploit Kit (BHEK) and the Cool Exploit Kit (CEK), already included the latest Java exploit.
Tomi says:
Microsoft declares Windows RT Jailbreak tool is safe, says it ‘appreciates the work of researchers’
http://thenextweb.com/microsoft/2013/01/11/microsoft-is-investigating-windows-rt-jailbreak-tool-says-will-take-appropriate-action/
On Thursday, the Windows RT Jailbreak tool was released, opening the door further for a Microsoft Surface homebrew community.
Microsoft quickly issued a statement saying it does not consider the findings to be part of a security vulnerability, applauded the hacker for his ingenuity, and said it would “not guarantee these approaches will be there in future releases.”
Now that this tool is out, however, and there’s already a a growing list of homebrew apps, Microsoft is taking notice again.
Microsoft has two options here. The first is to ignore what is happening and quietly support the work of enthusiasts who ultimately promote their product, much like it did with Kinect. The other is to shut it all down, only to have someone figure out a fresh workaround.
en iyi yabanci hosting says:
Your web site is anybody to connect with without a doubt! My personal readers will most likely obtain a very good deal from this as well!
Aftermath: Telecom 2012 « Tomi Engdahl’s ePanorama blog says:
[...] Security trends were talked a lot in 2012 and discussion on them continues active on [...]
Jess Holiday says:
Hi Mate, I am writing from Fremantle Australia. We have had a lot of flooding lately and I’ve only just been able to connect to the web. Thanks so much for the great content. It helped me a lot with my college cooking essay
Keiko Rheingans says:
I found your article when I was searching online and it got my attention because of the big amount of information it provides about blackberry phone cases. This device becomes more common in the last few years and it has been utilized by thousands of people worldwide. So, it was pleasure to me to gain such important information like these. Thanks and keep writing.
MugshotRemoval says:
Informative post, gracias
Lucas Gomes says:
Check out this great deal on a make at home teslin card kit…
Dewitt Koshi says:
Hey, great site. I wonder if you manage your website with ?
polovni automobili says:
Greetings! Very useful advice in this particular article! It is the little changes that produce the biggest changes. Many thanks for sharing!
remote computer support says:
just what I needed thanks.
gangsta says:
Nice post. I used to be checking continuously this weblog and I am inspired! Extremely useful info specifically the last section I handle such information much. I was seeking this particular information for a very long time. Thanks and good luck.
Win on Quibids says:
I agree with a lot of what peoples comments are that I am reading here.
Download Top Eleven Hack No Survey Download Top Eleven Hack 2013 says:
My brother recommended I would possibly like this blog. He used to be entirely right. This put up truly made my day. You cann’t imagine simply how so much time I had spent for this info! Thank you!
Ricardo Brockington says:
Situated in Birmingham but pretending being local by publishing internet pages with key word in addition area. Simple internet spam. Incredibly helpful.
Jordan Hegwer says:
There are many ways of fooling search engines into sending additional traffic. This page works by using easy methods that lots of would advise are black hat.
Secret Lottery System says:
Great beat ! I would like to apprentice whilst you amend your site, how can i subscribe for a weblog web site? The account helped me a appropriate deal. I had been tiny bit familiar of this your broadcast offered brilliant clear concept
tomi says:
Use the provided RSS feeds
http://www.epanorama.net/blog/feed/
Albert Scotty says:
Thanks for your article on this weblog. From my own experience, there are times when softening upward a photograph might provide the photographer with a dose of an artistic flare. Sometimes however, this soft clouds isn’t what exactly you had at heart and can in many cases spoil a normally good image, especially if you thinking about enlarging this.
Laptop AMC says:
I have been exploring for a bit for any high-quality articles or blog posts in this sort of area . Exploring in Yahoo I eventually stumbled upon this site. Reading this info So i’m satisfied to convey that I’ve a very just right uncanny feeling I came upon exactly what I needed. I so much without a doubt will make certain to don?t disregard this website and give it a look on a continuing basis.
Sean Holland says:
It’s encouraging to me to read the posts so far. Extremely Good Blog. Keep up the good work!
Loraine Rollow says:
will give you list of completely of the nonexistent birdsong names and thena require you whether you lack to reparation the birdsong tags.
password generator says:
I just could not leave your website prior to suggesting that I really loved the usual information a person provide in your guests? Is gonna be again ceaselessly to check out new posts
ray bans sale says:
Its such as you learn my mind! You appear to grasp so much approximately this, like you wrote the e-book in it or something. I believe that you can do with some % to force the message home a bit, but instead of that, this is magnificent blog. An excellent read. I’ll certainly be back.
Top New York Secret Hotels ¦ Lastminute Secret Hotels in New York USA! says:
Incredible, wonderful site formatting! Just how long have you ever been running a blog for? you made writing a blog look quick. The full peek of one’s website is amazing, while beautifully as the written content!
inmate location tool says:
Fastidious dialogue. Personally, I have sometimes found it
hard to find someone in state prison. This link: inmate location tool that kind of pointed me in the
right direction for my search.
Garmin Gps Watch At Best Buy says:
Awesome website you have here but I was wondering if you knew of any
message boards that cover the same topics discussed here?
I’d really like to be a part of community where I can get responses from other experienced individuals that share the same interest. If you have any suggestions, please let me know. Cheers!
Here is my webpage … Garmin Gps Watch At Best Buy
Melita Tami says:
You ought to take part in a contest for one of the finest websites online. I will highly recommend this web site!
Aisha Kolacki says:
You have made some good points there. I looked on the internet for additional information about the issue and found most people will go along with your views on this website.