Top 10 Cyber Security Threats of 2011 and Beyond
The next decade portends new threats that surpass those of years past in both intensity and impact.
Earlier this week, FBI Director Robert Mueller testified that cyber threats against the country are going to surpass terrorism as the top threat facing the United States. Those cyber threats could come in the form of cyber espionage, threats against critical infrastructure like utilities or transportation systems, or even computer-based crime.
I mostly agree with Mueller's thoughts, except I do think that cyber threats have already surpassed terrorism, but most people don't realize it. Terrorism is a tangible thing to everyone; all we have to do is look back at the 9/11 attacks or even the feeling of celebration many Americans had after the death of Bin Laden. Cyber threats are still emerging.
Government agencies are being attacked by cyber threats, but those threats seem to be floating under the major news wires at this point. For example, one such threat is an email attack against defense organizations around the world. Help Net Security reported two security companies, Zscaler and Seculert, have issued a warning about a bogus email meant to trick users into loading malware. According to the Zscaler blog:
The threat arrives in phishing emails with a PDF attachment, possibly related to conferences for the particular targeted industry. The PDF exploits a vulnerability within Adobe (for example, a 0-day exploit was used against CVE-2010-2883) which then drops a series of files to begin communicating with the command and control (C&C).
These aren't new attacks, Help Net Security pointed out, and they are believed to be executed by the same criminal group for the past 2 years. However, the article continued:
The general purpose of the dropped malware is to exfiltrate important information from the companies' systems, and given the targets, it's not far-fetched to assume that a nation-station is likely to be behind these attacks.
As I continued to read the ABC News article about Mueller's testimony before the Senate Select Committee on Intelligence, as well as testimony by National Intelligence Director James Clapper, I admit I had to check the date of the article several times to make sure that it wasn't testimony from several years ago. Clapper was quoted in that article, saying:
We foresee a cyber-environment in which emerging technologies are developed and implemented before security responses can be put in place.
Based on conversations I've had with security experts over the past few years, Clapper's comments are old news. However, to many, this idea of a dangerous cyber environment is news, something they've never had any reason to think about before.
When I listen to experts speak of terrorist attacks, one of the points stressed over and over again is that the threat was always there, but we either didn't take it seriously or pretended not to see it. We should remember that when it comes to cyber threats and cybersecurity.