Posted on 30 Dec 2011
Risks are getting more complicated and security technology "needs a reboot, quite frankly," said Dave Marcus, director of advanced research and threat intelligence for Intel's McAfee security unit. The offensive, he says, "has outpaced the defensive."
On a continually leveling playing field, McAfee Labs expects cybercriminals in 2012 will target unprepared utility systems, hackers will increasingly prove they can control hardware — like cameras or cars — via embedded software, and countries will try cyberwar posturing if not more actual skirmishes.
The latest worry to arise involves the apparent breach by Chinese hackers of the U.S. Chamber of Commerce. They got access to everything stored on its systems including data on the business lobbying group's 3 million members, the Wall Street Journal reported Dec. 21, citing people familiar with the matter. It was a complex operation — involving 300 or more Internet addresses — discovered and shut down in May 2010, the paper said.
"It has become standard operating procedure to send someone a phishing email that ends up compromising the person's machine and getting a network compromised," Marcus said. A lot is still in motion about this case but "it looks very much directed" to go after the Chamber specifically, he said.
Some of the more intriguing security issues for 2012 are "going to be around industrial attacks, hacktivism and embedded threats," Marcus said. "That's where some real dangers lie — when you talk about knocking a utility company offline, that's a big deal."
The 2010 Stuxnet worm was one attack that showed how hackers could control industrial hardware.
"When you want to make a political point you knock people's power offline or affect their transportation grid — it's real world, not theoretical, and it's been happening in greater frequency the last several years," Marcus said. "Look at it in conjunction with hacktivism, which goes back to the 1980s."
Utilities have some work to do now that they've made their systems more vulnerable by connecting them to the Internet, he says.
"A lot of what they need to do is things the enterprise world has been doing for years — penetration testing, red-team testing, asking questions like 'How are we vulnerable to attack? Give me 10 scenarios that could take us offline,'" he said.