2010 tech snapshot: IT security

This year has seen an almost unparalleled buzz of activity in the security space, from big name mergers and acquisitions activity to allegations of state-sponsored attacks and most recently, the rise of the hacktivist. Alongside this are the continued threat of spam, the growing sophistication of malware and changing trends among the workforce such as mobile working and the use of social networking, which are exposing the enterprise to new and dangerous threats.

State-sponsored attacks
The year began as it was destined to go on, with the first serious revelation of state-sponsored hacking. It was Google that dropped the bombshell, pulling its operations out of mainland China after revealing that it and countless other firms had been the subject of a hacking attack on its systems. Although falling short of accusing the Chinese government, it later emerged via the WikiLeaks scandal that the attacks were carried out by government officials, private companies and individuals hired for their hacking skills.

Later in the year Stuxnet emerged, a game-changing attack that was found to have been specially crafted to target what experts presume are specialist uranium enrichment facilities in Iran. Not only did the attack exploit an unheard of four zero day vulnerabilities, leading many to believe its sophistication indicated state involvement, but it also demonstrated how cyber attacks can be used to actually affect physical machines – in this case, Siemens Supervisory Control And Data Acquisition (Scada) systems.

WikiLeaks and hacktivism
Just as state-sponsored hacking went largely unnoticed until the Google China story broke, so the rise of the hacktivist had a relatively low profile until the WikiLeaks scandal. The release of hundreds of thousands of sensitive US diplomatic cables set in motion a chain of events that saw distributed denial-of-service attacks carried out by both supporters and opponents of the whistle-blowing site.

First it was the turn of pro-US military hacker ‘The Jester’, who took WikiLeaks down for "endangering the lives of our troops, 'other assets' and foreign relations". Then web vigilantes the Anonymous group stepped up to extend their Operation Payback campaign against creative industries to those firms, such as PayPal, MasterCard and Visa, who had tried to “impair WikiLeaks’ ability to function”.

The scourge of the botnet
Most malicious activity online continues to be made possible by botnets, those networks of compromised PCs set up to enable malware attacks, spam campaigns and distributed denial-of-service attacks. As with previous years, the key for most attacks is for the malware to remain hidden, allowing more information and/or money to be pilfered by the cyber crooks.