Technology Sectors
The state of information security: What government agencies can expect in 2012
 |
|
Adam Powers |
By Adam Powers
From WikiLeaks to Anonymous, 2011 has been marked by an explosion of high-profile cyber attacks. With so many types of attacks to keep track of, it has become difficult to delineate between various threat vectors and determine which ones should be of most concern.
In the past, attacks were often classified by the method used -- virus, botnet, etc. However, due to their ever-increasing sophistication, it is now more valuable to think in terms of the motivation behind attacks to better evaluate their risk.
The sections below classify and describe today’s most prominent types of attacks based on their risk levels, and also examine how risk will evolve in 2012.
Advanced persistent threats
2012 Forecast: Trending Up
While advanced persistent threats (APTs), also known as targeted attacks, began to surface a few years back, 2011 has certainly brought them to the forefront. This year saw an explosion of APTs launched against government agencies worldwide.
How They Work
APTs are extremely targeted and backed by high levels of motivation. Those launching APTs infiltrate specific government entities over long periods of time to steal sensitive data or make a political statement.
Risk: Very High
Even government agencies with a hardened exterior are at great risk and can suffer tremendous losses in credibility and/or finances as a result of an APT. The targeted attacker will keep going after an agency until they find a hole through which they can gain access.
Examples
One widely discussed APT discovery this year was Operation Shady Rat. An AntiSec attack was also recently launched against Blue Coat Systems.
Insider Threats
2012 Forecast: Trending Up
According to a study by Verizon, 90 percent of insider breaches in 2009 were the result of deliberate and malicious activity.
How They Work
The insider threat originates from a trusted entity that has been granted access to an internal network. Intentions are malicious, often involving the theft of valuable information to make a profit.
Risk: Very High
Since they occur within the network and by privileged users, insider attacks are not easily thwarted by traditional security measures that detect attacks from the outside.
Example
By far the most high-profile insider attack in recent history involved WikiLeaks and Bradley Manning.
Industrialized attacks
2012 Forecast: Stable
Though they have been around for several years now, industrialized attacks no longer represent the peak of sophistication in the world of cyber threats. However, due to their profitability, they will not be disappearing anytime soon.
How They Work
Industrialized attacks are orchestrated by well-organized groups of cyber criminals with a sharp focus on ROI and are launched against a wide range of targets. Whereas targeted attacks can be compared to carefully calculated sniper fire, industrialized attackers shoot rapidly, but inaccurately, much like a machine gun.
Risk: High
Industrialized attackers are intent on gaining access to resources that result in real-world dollars. The good news, however, is that they typically focus on softer targets.
Examples
Recent examples of industrialized attacks include the SpyEye banking malware, as well as the Kelihos botnet recently taken down by Microsoft.
Employee misuse and abuse
2012 Forecast: Stable
With IT consumerization on the rise, employee misuse and abuse is a problem that is not going away anytime soon.
How They Work
Employees purposely circumvent corporate restrictions on IT practices to make their work lives more convenient, but do not mean to cause harm to the agency.
Risk: High
Because these actions can open the corporate network up to attack, they should be considered a fairly high risk.
ExampleThe user’s agency does not permit access to Facebook.com, so the user sets up a MiFi connection and accesses the Internet directly, bypassing the corporate proxy server.
Fully Automated Attacks
2012 Forecast: Trending down
Although they are still in use, “drive-by” automated attacks, or traditional viruses and worms, have definitely been trending down over recent years, and will continue to do so in 2012 and beyond.
How They Work
Automated attacks are designed and “set free” by the attacker with the hopes that the malware will propagate automatically with little to no direct management by the author. The primary goal is notoriety rather than financial gain.
Risk: Low
Easily detected with conventional security technologies, the primary concern with automated, indiscriminate attacks is business downtime and loss of worker productivity.
Example
