Information Security is a perpetually relevant topic for organizations in this digital age. The lurking threat of cyber attacks and the ever-growing need for data protection have been important areas of focus over the past years. And with cyber criminals becoming increasingly adept at bypassing traditional security controls, 2013 saw some of the most disturbing trends in information security. Here are the top 5 IT security stories of the past year:
- Wi-Fi Hacking, a Growing Threat: White-Hat hackers brought to the forefront, the fact that it is now considerably easy to hijack public Wi-Fi hotspots and sniff people’s usernames, passwords, contact lists, details of e-commerce accounts and banking details. White-Hat hackers from First Base Technologies conducted two tests in partnership with Trend Micro, a security firm to illustrate some of the ways in which data is compromised through Wi-Fi hijacking.
- Digitally Signed Malware Threat Growing Rapidly: According to security researchers, digitally signed malware, aimed at bypassing whitelisting and sandboxing security controls, is a fast-growing threat in the cyber world. McAfee research conclude that signed malware accounted for only 1.3% of all new malware in 2010, but increased to 2.9% in 2011 and 6.6% in 2012.
- Increase in Spear Phishing Attacks: Using a specially crafted mail, these attacks trick recipients into unknowingly triggering a malware function, or disclosing credentials, or both.
- Watering Hole Attacks on the Rise: Cyber criminals and some nation states were seen using watering hole attacks to launch various campaigns or track those who spoke in support of a certain cause. This type of attack was seen skyrocketing in 2013. One of the largest watering hole attacks was targeted at employees of facebook, Apple, and Twitter.
The year 2013 witnessed a growing need for stronger security controls both for organizations as well as nations. With newer and more sophisticated attack techniques making their way into the cybercrime scene, 2014 will have to dedicate much more focus and efforts towards building stronger breach prevention and data protection solutions.