VIEWS: 4 PAGES: 2 POSTED ON: 7/29/2012
Monthly Cyber Security Newsletter January 2012 Volume 7, Issue 1 Cyber Security Emerging Trends and Threats for 2012 During 2011, cyber security incidents included theft access to data, along with posting of emails, of intellectual property and government data, credentials, credit card information and other hacktivism, malware targeting mobile devices and a sensitive exfiltrated information. resurgence of the Zeus Trojan, which targets financial information. Protecting against these Search Engine Optimization (SEO) Poisoning attacks was a key challenge for organizations of all Cyber criminals will continue to take advantage of sizes in both the public and private sectors. the 24-hour news cycle to target visitors searching on the most popular keywords or sites and infect What is in store for 2012? Below is a brief roundup users via sites designed to look like legitimate news of the cyber security threat landscape highlighting services, Twitter feeds, Facebook posts/emails, some of the challenges we can expect during the LinkedIn updates, YouTube video comments, and next 12 months. forum conversations. We expect cyber criminals to take advantages of notable news events such as Mobile Devices and Apps the London Olympics, U.S. presidential elections, The use of mobile devices will continue to grow in and Mayan calendar predictions. 2012, consequently, so too will the volume of attacks targeted to these devices. Every new smart Social Engineering phone, tablet or other mobile device provides Social engineering tactics—including the use of another window for a potential cyber attack. rogue anti-virus to entice users into clicking on Closely tied to the trend of more smart phones and malicious links—will continue. Experts also tablets being deployed in the enterprise will be the anticipate that in 2012 we will also see a growth in influx of new apps for those devices. Location- fake registry cleanup, fake speed improvement based mobile apps and games all pose potential software, and fake back-up software mimicking threats. The risks include access to information popular personal cloud services. such as physical location or contacts lists, as well as the ability for the apps to download malware, Advanced Persistent Threat (APT) such as keyloggers or programs that eavesdrop on APT refers to a long-term pattern of targeted phone calls and text messages. Hackers are hacking attacks using subversive and stealthy quickly learning how to harvest legitimate means to gain continual, persistent exfiltration of applications and repackage them with malicious intellectual capital. The entry point for espionage code before selling/offering them on various activities is often the unsuspecting end-user or channels to the unsuspecting user. weak perimeter security. APT is likely to remain high in 2012. Whether focused on exploiting Hactivism vulnerable networks for use as a storage location or Attacks carried out as cyber protests for a politically relay point, or to gain insider information, cyber or socially motivated purpose are expected to espionage will remain a consistent threat to increase, especially in light of the activist networks. movements continuing to take place across the country and around the globe. Common strategies Spear Phishing Attacks used by hactivist groups include denial of service Spear phishing is a deceptive communication (e- attacks and compromise of user credentials to gain mail, text or tweet) targeting a specific individual, 1 seeking to obtain unauthorized access to For More Information: confidential data. Spear phishing attempts are not • Verizon: typically initiated by "random hackers" but are more http://www.verizonbusiness.com/resources/r likely to be conducted by perpetrators seeking eports/rp_data-breach-investigations-report- financial gain, trade secrets or sensitive 2011_en_xg.pdf information. Spear phishing is often the nexus to • Symantec: cyber espionage and will continue to grow. http://www.symantec.com/content/en/us/ent erprise/white_papers/b- What Can You Do? symc_intelligence_qtrly_jul_to_sep_WP.en- By using sound cyber security practices, users and us.pdf organizations can strengthen readiness and • Websense: response to help defend against the myriad of http://www.websense.com/assets/reports/20 challenges and mitigate potential impacts of 12-Predictions-WS-Security- incidents: Labs.pdf?cmpid=prnr11.11.17 • Make sure that you have encryption and • SANS Institute: Security Predictions 2012 & password features enabled on your smart 2013: phones and other mobile devices. http://www.sans.edu/research/security- • Use strong passwords, ones that combine laboratory/article/security-predict2011 upper and lower case letters, numbers, and • Georgia Tech: Emerging Cyber Threats special characters, and do not share them Report: with anyone. Use a separate password for • http://www.gtisc.gatech.edu/doc/emerging_c every account. In particular, do not use the yber_threats_report2012.pdf same password for your work account on • Imperva: Security Trends 2012: any other system. http://www.imperva.com/docs/HI_Security_ • Properly configure and patch operating Trends_2012.pdf systems, browsers, and other software programs. For more monthly cyber security newsletter • Use and regularly update firewalls, anti- tips, visit: virus, and anti-spyware programs. • Do not use your work email address as a http://www.cio.ca.gov/OIS/Government/library/aw “User Name” on non-work related sites or areness.asp or systems. http://www.msisac.org/awareness/news/ • Be cautious about all communications; think The information provided in the Monthly Security Tips Newsletters is before you click. Use common sense when intended to increase the security awareness of an organization’s end communicating with users you DO and DO users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a NOT know. Do not open email or related home computer, the increased awareness is intended to help improve attachments from un-trusted sources. the organization’s overall cyber security posture. • Don't reveal too much information about This newsletter may be copied, used and/or referenced if (1) the yourself on social media websites. meaning of the copied text is not changed or misrepresented, (2) credit Depending on the information you reveal, is given to the Office of Information Security and any other referenced you could become the target of identity or sources of the subject material, and (3) all copies are distributed free of charge. property theft. • Verify Location Services settings on mobile Brought to you by: devices. • Allow access to systems and data only by those who need it and protect those access credentials. • Follow your organization's cyber security policies and report violations and issues immediately. • Learn to recognize a phishing website. Visit https://www.phish-no-phish.com to learn ways to identify a phished website. www.infosecurity.ca.gov 2
"Cyber Security Emerging Trends and Threats for"