This week, SC Magazine published its list of top security topics and stories for 2010. Among the various lists the staff compiled for the article, “IT security: The year in lists,” was the year’s “Top Five Threats”. What’s interesting is that this particular list is a mirror-image of what we’ve been blogging about all year — and that all five are threats that CoreTrace’s Bouncer application whitelisting solution help thwart.

Starting in January, we’ve written specific blogs on four of the top five threats mentioned. And the one that we haven’t blogged on, we know Bouncer can help defeat. Here is the recap:

• 1. Stuxnet: Starting in June, numerous SCADA systems were reportedly hit by the AutoRun-spreading worm. In July, we demonstrated how CoreTrace’s BOUNCER application whitelisting solution proactively stops the virus from executing on a system. If you are interested in learning more, feel free to join us for a Dec. 14th webinar where cyber warfare expert, Richard Stiennon, will lead the lively discussion, “Stuxnet: Variations Coming to Your Computers Soon!” The webinar starts 2:00 p.m. EDT/11:00 a.m. PDT.
• 2. Aurora: Google, along with more than 30 other high-profiled companies like Yahoo, Symantec, Adobe, and Dow Chemical, disclosed that their corporate systems were infiltrated by the targeted attacks. Though the Trojan horse bypassed traditional endpoint security solutions, we blogged in January how application whitelisting would have prevented the malware from executing in the first place.
• 3. Zeus: The malware extended its masterful ambush on mostly small and midsize businesses to steal banking credentials and dump out hundreds of thousands of dollars from legitimate accounts into those belonging to so-called money mules. Here’s another one we discussed in early January. While the dangers with Zeus are evident, another layer of protection such as application whitelisting helps block unapproved code intended to steal login information and access their bank accounts.
• 4. Here you have: In a year dominated by threat sophistication, a rapidly spreading email worm did little damage but clogged inboxes impacting corporations across the country. More recently, I talked about how the security recommendations to the worldwide outbreak seemed more like a retreat than a solution against the malware. Again, application whitelisting would have stopped all malicious code to eliminate similar threats such as mass-mailing emails, drive-by downloads and DLL hijackings.
• 5. Iranian Cyber Army: The hacker group responsible for defacement attacks against Twitter and Baidu appears to be adjusting its modus operandi to amass a mighty botnet. While we haven’t blogged on this specifically, much like Zeus and the recent Ares threat, application whitelisting blocks all attempts malicious software and other malware variants make to run on a machine.

There you have it. It doesn’t matter how long the list is, CoreTrace’s BOUNCER application whitelisting solution continues to successfully defend networks against all types of security threats year round.

Operation Aurora – Google responds to attacks

Operation Aurora received a significant amount of press in January due to the high profile nature of Google’s response to the attacks. Not only did Google indicate that the attacks had originated from China, but that they were targeting theft of e-mail credentials of Chinese dissidents. Google responded publicly on their blog and indicated the potential that they may move out of China all together:

“These attacks and the surveillance they have uncovered — combined with the attempts over the past year to further limit free speech on the web — have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.”

Operation Aurora – More than just Google affected

Operation Aurora impacted more than just Google. The Washington Post reported that the “Google China cyberattack part of vast espionage campaign,” They went on to report:

“Computer attacks on Google that the search giant said originated in China were part of a concerted political and corporate espionage effort that exploited security flaws in e-mail attachments to sneak into the networks of major financial, defense and technology companies and research institutions in the United States, security experts said.

At least 34 companies — including Yahoo, Symantec, Adobe, Northrop Grumman and Dow Chemical — were attacked, according to congressional and industry sources.”

This is one of the most blatant instances of coordinated targeted attacks taking advantage of a zero day attack against main stream businesses.

Operation Aurora – Application whitelisting would have stopped it

The foundation of the attacks was the installation of a Trojan horse that allowed for remote control of the infected system. Because it was a targeted attack taking advantage of a zero day vulnerability (one that had not yet been disclosed) it bypassed traditional endpoint security solutions, but for any system protected by application whitelisting it would have prevented the malware from executing.

Data breach costs continue to rise in 2009

I came across this interesting report of a study from Ponemon on data breaches. In their survey of 45 companies, they experienced average data losses of $6.75 million in 2009. Interestingly enough, they attribute a mere 24% of the data breach losses to malware. Since this data was self reported, I question whether this really gives an accurate picture of how much data is being lost to cyber attacks. One thing we do know is that the largest data breach in history, of Heartland Payment Systems, was a result of cyber attack and it’s not a stretch to assume that many more are attributed to similar attacks.

Protection of our critical infrastructure remains a hot topic

Two articles highlighted the continued need for security against attacks on our critical infrastructure.

• Vanson Borne conducted a research report titled “In the Crossfire: Critical Infrastructure in the Age of Cyberwar.” This report was based on interviews of 600 IT and security executives at critical infrastructure enterprises and points to their growing concern of cyber attack and readiness.
• The U.S. Department of Energy announced that they would set up a national energy cyber security organization to help focus on protecting our national power grids.

So 2010 has picked up where 2009 left off and the need for strong protective endpoint security remains top of mind for almost all world businesses. Awareness continues to grow of the power of application whitelisting and we expect 2010 to be a break through year for this technology.

These attacks also illustrate the growing need for, and strength of, application whitelisting solutions. As Aurora first gained access by attacking an endpoint within Google’s network to trick a user into installing malware, even leading antivirus software designed to detect such viruses and malicious code couldn’t stop it from running within the network.

There couldn’t be a better illustration of the reactive nature of patching and antivirus. In order to defend our IT resources we must move to an endpoint security tool that both protects against attacks we have never seen and makes up for security deficiencies in software that can lead to vulnerabilities. In this, the outcry has been against Internet Explorer, but these types of attacks aren’t unique to one application or vendor as long as our endpoint security remains reliant on after the fact detection of weaknesses, patching, and signatures. We posted a blog on this topic last week titled: “The French and German governments agree… And they are both wrong” that has generated a lot of discussion between security professionals.

This is where application whitelisting fills the gaps of other endpoint security tools. With traditional AV technologies constantly playing catch-up with new and more complex forms of Web-based malware, whitelisting shuts the door on any unauthorized application from launching in the first place. Along with its industry-wide and political ramifications, Operation Aurora is yet another example of why application whitelisting is becoming a critical component of any endpoint security strategy.