Computer and network security is a perpetual game of cat and mouse. Attackers are often adept at both following technology and social trends, and adapting attacks to exploit weak points. As 2010 comes to a close, let's take a look back at some of the biggest security trends from the year and try to learn a thing or two from the past year that we can use to defend our PCs better in 2011.
The year began with a bang with a targeted attack and breach affecting Google and many other known companies. Google accused the government of China of being responsible for the attacks--even involving the United States Department of State in the matter.
Dubbed Operation Aurora, or Hydraq, depending on which source you use, the attack was unique in being allegedly state-sponsored. China denied any involvement, but a WikiLeaks leak months later suggested there might be something to the theory. The other unique aspect of the Operation Aurora attack, though, was the way the affected parties joined forces--sharing details of the attack and working collaboratively to get to the bottom of things.
A state-sponsored attack against a high-profile tech target is one variation of a targeted attack. The Stuxnet worm, however, demonstrates that there are more insidious targeted attacks to watch out for as well (it is worth noting, though, that Stuxnet is alleged to be state-sponsored as well). Gary Egan, director of Symantec Security Response, explains, "It is quite possible that Stuxnet has ushered in the next evolutionary shift in malware: a new class of threat that is weaponized to cause real-world damage. It is also one of the most complex threats ever seen."
The Stuxnet worm exploited four separate zero-day vulnerabilities, utilized cutting-edge techniques to evade detection, and is the first rootkit known to be specifically engineered to impact programmable logic controllers (PLCs) like those used in manufacturing and production plants. Egan exclaims, "The political and societal implications of Stuxnet are far reaching."
Playing in the Sandbox
2010 can't take credit for introducing the concept of the sandbox as a security control, but it does seem to be the year that it became more widely adopted and entered the mainstream vocabulary. Products such as the Google Chrome Web browser and Adobe Reader software both embraced sandboxing as a means of preventing attacks and exploits.
Sandboxing may move beyond individual applications, though. A spokesperson for Invincea commented to say, "Fully virtualized sandboxing solutions are making their way onto the market, specifically to address Web-borne attacks that defeat even application sandboxes, including trust-based exploits against users, e.g., fake antivirus, poisoned SEO, and kernel exploits."
Banner Year for Microsoft
Microsoft broke a variety of records in 2010 when it comes to identifying and patching software vulnerabilities. Some will debate that it is a function of sloppy development and poor attention to detail, while others suggest that Microsoft has simply become much more effective at finding flaws and vulnerabilities, and much more responsive about dealing with them.
Microsoft set a few monthly high marks for the number of security bulletins released each Patch Tuesday, and compiled a formidable total of security bulletins for the year. Symantec's Egan says, "Related to the number of security bulletins released is the number of individual vulnerabilities fixed by Microsoft in 2010, which was nearly 100 more than what they discovered and corrected last year. By our count, the 2010 tally is 261; last year, the company patched 170 vulnerabilities."