In early January 2014, companies large and small scrambled to better understand and analyze a major retail breach that left them asking whether or not their own security measures would survive the next storm. Before spring was barely in motion, we had our first taste of the “designer vuln”—a critical vulnerability that not only proved lethal for targeted attacks, but also had a cleverly branded logo, website and call-name (or handle) that would forever identify the disclosureroute by slowly and stealthily morphing into new variants that now target petrochemical sellers and suppliers, as well as password management software.
These designer vulns appeared within long-held foundational frameworks used by the majority of websites, and they continued throughout 2014, garnering catchy name after catchy name — Heartbleed, Shellshock, POODLE, and into 2015, Ghost and FREAK. This in and of itself raises the question of what it takes for a vulnerability to merit a marketing push, PR and logo design, while the other thousands discovered throughout the year do not. Breaches and security incidents were being announced so rapidly in 2014 that many struggled to keep up. By the end of the year, we began to see that this digital storm of attacks would not cease, but instead would likely become larger, grow more encompassing, and raise increasingly important personal privacy concerns, as evidenced by the breach at Sony. However, data breaches and security incidents did not take all the limelight in 2014. We also continued to see new usage of familiar, “old” malware, which quickly became the tool of choice for cybercriminals. Citadel financial malware—historically a spawn of Zeus configurations—took a less noisy approach. Send your comments to the Cloud and Cyber Security Center today.
No comments:
Post a Comment