Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
KyleAdams

Top Trends in Cyber Attacks 2012

by Juniper Employee ‎12-19-2012 03:14 PM - edited ‎12-19-2012 03:14 PM

As the year draws to a close, we at Juniper thought it would be useful to reflect on some of the most interesting developments in the threat landscape in 2012. Are the same attack methods taking center-stage or have new approaches entered the scene? How are companies responding to data breaches?

 

To find out, let’s review the biggest trends in cyber attacks based on our security research and conversations with key customers, partners and friends in the industry.

 

1. Simple attack methods on web applications remain effective

Many of the large public companies compromised in the last year fell victim to web application vulnerabilities like SQL Injection and Cross Site Scripting. These types of attacks have been known about for several years and remain a popular hacking method because of the relatively low level of sophistication needed and the potential difficulty in preventing them. For instance, the Yahoo breach earlier this year was a result of a federated SQL Injection attack. The attack was easy and quick to carry out, yet destructive in nature.

 

2. Mobile malware and application-centric threats continue to pose a risk to enterprise data

With the continued adoption of Bring Your Own Device policies in the workplace, the risk of mobile malware and invasive applications infiltrating critical corporate data continues to be a top concern. Indeed, 2012 saw a significant increase in the amount of malware and invasive apps aimed at mobile users with a 350 percent increase in mobile malware from Oct. 2011-Oct. 2012, and free applications being four times more likely to track user location and three times more likely to access address books than paid apps.

 

3. Increased transparency about data breaches

As the frequency of data breaches continues to increase, companies are judged more on how they handle incidents than if they experience an issue. It seems that many companies, who in the past would have hidden a breach, are now being open and honest about it with the public and their customers. Many companies are still not providing extreme detail about the nature of a breach, but they are taking a publicity risk by acknowledging their existence. Ultimately, this is a very promising development in the industry because it will help raise awareness about the importance of security.

 

4. Increase in politically motivated attacks

Following the success of Anonymous and Lulz Security to capture the public’s attention, 2012 saw several new politically motivated actors enter the threat landscape. Several new groups have entered the scene including a group based in the Middle Eastern that claimed responsibility for attacks of Saudi Aramco. Team Ghost Shell exposed information for several government agencies and trolling group GNAA were also successful in spreading a worm through Tumblr.

 

5. Botnets take a beating

Building on earlier success, public/private partnerships were successful in taking down several prominent botnets responsible for everything from spam to the Zeus banking Trojan. Through a combination of forensic security research and novel legal arguments, researchers were able to block the command and control systems of some of the most infamous botnets. 

 

6. Sophisticated mobile NFC vulnerabilities exposed

Possibly the most interesting development in the mobile security space is several vulnerabilities exposed related to the use of Near Field Communication (NFC) technology. NFC has been around for a decade, but 2012 marked an upswing in the U.S. with mass availability of financial and “mobile wallet” apps using the technology. And, it’s already proven to be a popular use case for demonstrating potential security hacks. At Black Hat this year, security researchers demonstrated how easy it is to remotely control a device by exploiting NFC. While an actual hack has yet to occur on a NFC-based mobile application, the technology will remain a likely target as consumer adoption increases.

 

7. Advanced Attacks Targeting Government Infrastructure

While the existence of state-sponsored cyberattacks and espionage on critical government and business systems has existed for years, 2012 saw a significant uptick in sophisticated malware and other attacks. We learned about several new attacks aimed squarely at key government interests in the Middle East including recent Flame and Gauss cyber-espionage malware. Responding to these threats, we’ve seen several countries invest in new cybersecurity capabilities, including the U.K. and Hong Kong. 

 

These are just a few top trends we noticed, but realize there are several others. What are some of the most interesting cyber security trends you saw in the last year?

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Erin K. Banks
Senior Technical Marketing Manager

Profile | Subscribe

Ajay Bharadwaj
Product Manager

Profile | Subscribe

Paul Bristow
Senior Director
Product Management

Profile | Subscribe

Michael Callahan
Vice President
Product Marketing

Profile | Subscribe

Henrik Davidsson
Director
Security Sales

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Mora Gozani
Senior Manager
Product Marketing

Profile | Subscribe

Steve Hanna
Distinguished Engineer

Profile | Subscribe

Ashur Kanoon
Sr. Manager
Technical Marketing

Profile | Subscribe

Seema Kathuria
Manager
Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director
Product Management

Profile | Subscribe

Dave Killion
Software Engineer

Profile | Subscribe

Rebecca Lawson
Senior Director
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Erin O'Malley
Manager
Product Marketing

Profile | Subscribe

Galina Pildush
Strategy & Planning
Architect

Profile | Subscribe

Edward Roberts
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Troy Vennon
Software Engineer

Profile | Subscribe

Brad Woodberg
Product Manager

Profile | Subscribe

Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.