Looking back, I have to say that January brought some security industry setbacks, highlighted by Operation Aurora and the publicity surrounding Google’s claims of highly coordinated attacks from China. Particularly relevant to us in these attacks is the fact that application whitelisting would have stopped the attacks while anti-virus was once again helpless to prevent new and targeted attacks. As always, I appreciate your readership and hope that this blog continues to bring value and insight to what we as security professionals are up against in 2010. So without further delay, here were some of the top stories from January 2010.
Operation Aurora – Google responds to attacks
Operation Aurora received a significant amount of press in January due to the high profile nature of Google’s response to the attacks. Not only did Google indicate that the attacks had originated from China, but that they were targeting theft of e-mail credentials of Chinese dissidents. Google responded publicly on their blog and indicated the potential that they may move out of China all together:
“These attacks and the surveillance they have uncovered — combined with the attempts over the past year to further limit free speech on the web — have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.”
Operation Aurora – More than just Google affected
Operation Aurora impacted more than just Google. The Washington Post reported that the “Google China cyberattack part of vast espionage campaign,” They went on to report:
“Computer attacks on Google that the search giant said originated in China were part of a concerted political and corporate espionage effort that exploited security flaws in e-mail attachments to sneak into the networks of major financial, defense and technology companies and research institutions in the United States, security experts said.
At least 34 companies — including Yahoo, Symantec, Adobe, Northrop Grumman and Dow Chemical — were attacked, according to congressional and industry sources.”
This is one of the most blatant instances of coordinated targeted attacks taking advantage of a zero day attack against main stream businesses.
Operation Aurora – Application whitelisting would have stopped it
The foundation of the attacks was the installation of a Trojan horse that allowed for remote control of the infected system. Because it was a targeted attack taking advantage of a zero day vulnerability (one that had not yet been disclosed) it bypassed traditional endpoint security solutions, but for any system protected by application whitelisting it would have prevented the malware from executing.
Data breach costs continue to rise in 2009
I came across this interesting report of a study from Ponemon on data breaches. In their survey of 45 companies, they experienced average data losses of $6.75 million in 2009. Interestingly enough, they attribute a mere 24% of the data breach losses to malware. Since this data was self reported, I question whether this really gives an accurate picture of how much data is being lost to cyber attacks. One thing we do know is that the largest data breach in history, of Heartland Payment Systems, was a result of cyber attack and it’s not a stretch to assume that many more are attributed to similar attacks.
Protection of our critical infrastructure remains a hot topic
Two articles highlighted the continued need for security against attacks on our critical infrastructure.
- Vanson Borne conducted a research report titled “In the Crossfire: Critical Infrastructure in the Age of Cyberwar.” This report was based on interviews of 600 IT and security executives at critical infrastructure enterprises and points to their growing concern of cyber attack and readiness.
- The U.S. Department of Energy announced that they would set up a national energy cyber security organization to help focus on protecting our national power grids.
So 2010 has picked up where 2009 left off and the need for strong protective endpoint security remains top of mind for almost all world businesses. Awareness continues to grow of the power of application whitelisting and we expect 2010 to be a break through year for this technology.