A Tough 2007 Gives Way to Promise of an Equally Difficult 2008

Carl Weinschenk

It's clear 2007 was an active year in the security sector. That's euphemistic for saying a lot of bad things happened.

This Dark Reading year-end review posits that there are three types of breaches: lost and stolen mobile devices that are soon forgotten, "hacks and mistakes" that have a moderate impact on the organization, and security breakdowns that make big news because of the cleverness of the hacker and/or the lameness of the security forces protecting the organization.

With that criteria in mind, the blogger lists the Storm botnet as the biggest security issue in 2007. The next two -- the loss of data by TJX and by Her Majesty's Revenue and Customs (HMRC) in the United Kingdom -- made most lists. Collectively, attacks on U.S. government labs such as the Department of Energy's Oak Ridge National Laboratory, the Los Alamos National Laboratory and the Lawrence Livermore National Laboratory were the fourth major security event. The U.S. Department of Energy's Counterintelligence Directorate's loss of 20 computers ranked fifth.

ComputerWorld's take on the worst in security in 2007 starts with TJX. The numbers are staggering: 45.6 million credit cards compromised by an intrusion that went undetected for 18 months. The fumbling of disks by HMRC also was huge: About 25 million records were lost. Other names to remember include TD Ameritrade (6.2 million records compromised) and Monster.com (the records of 1.6 million job seekers).

Security news this year went beyond the number of records lost. Here are some stories that, reported in the ComputerWorld piece, may have run a bit under the radar:

  • In February, phishers lured the Supervalu grocery chain into sending $10 million to two phony bank accounts;
  • In October, the House Judiciary Committee accidentally exposed information about whistleblowers who had used a committee Web site;
  • In August, a Microsoft error identified legitimate Vista and XP users as pirates.
  • In November, a former 3G Communications consultant admitted running a quarter-million PC botnet;
  • In May, a Symantec signature update crippled thousands of PCs in China;
  • In a case that became public in 2007, a DuPont scientist downloaded about $400 million worth of confidential information before leaving for a rival company;
  • A former civil engineer in North Carolina was sentenced in December to 110 years in prison in a disturbing scam involving young girls;
  • A former Unix sys admin for Medco pled guilty in September to planting a logic bomb that would have destroyed critical information on 70 servers;
  • A security research was indicted in September of hacking multiple computer networks of various financial institutions.

Things were no more sanguine in the eyes of Cisco unit IronPort. The company's vice president of marketing said that malware emerging during 2007 was so complex that it could only be the product of sophisticated research-and-development efforts.

 

In a striking statistic, IronPort said that during the past 13 months, information on about 60 million people has been exposed on the Internet and that cleanup and lost productivity costs have reached about $20 billion. The piece says spam has increased 100 percent and has moved from selling products to linking to nefarious sites. Viruses are increasing, but are operating under the radar. Finally, the writer says, the duration of attacks is decreasing.

 

In MessageLabs' look back, it saw a varied year, with spam -- which reached the 84.6 percent level -- still the predominant threat. Even so, about 10 percent of attacks used approaches not seen previously. The release references the Storm botnet and says that targeted attacks, the use of file attachments and malicious links grew. Social-networking sites became a much greater security risk during the year, the company added.

 

To some extent, companies have responded. Earlier this month Access Markets International (AMI) Partners said that spending on IT and telecom infrastructure and applications rose 16 percent between 2006 and 2007. Small businesses, the piece says, are focusing the security piece of that on antivirus and security services, while mid-size companies emphasized security services and hardware.

 


Clearly, 2007 was a tough year. Such deep-seated trends don't reverse themselves because the calendar changes. It's a safe bet that hackers will get smarter and make securing the enterprise even tougher in 2008.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.