The year in security: Hacktivists, botnets and smartphones

Cyber criminals don't work to annual deadlines, but December nevertheless offers us a chance to look back at the past 12 months and identify the year's major themes and trends. As with most areas of tech, the things we're talking about this year in information security may seem familiar, but they are no less relevant.

Hacktivism
Probably the biggest shock to the information security world this year has been the dramatic rise of Anonymous and its splinter groups LulzSec, TeamPoison and others. Quite simply, no-one could have predicted quite how big an impact they would have on the industry. Whether it was hacking the News International servers to post a fake story on The Sun's web site claiming Rupert Murdoch had died, to allegedly stealing the details of hundreds of millions of Sony customers, to breaching the IT systems of the FBI, CIA and Soca, no-one was safe in 2011.

The groups seemed to have taken a hit when high-profile police raids in the UK, US, Spain and elsewhere captured what were claimed to be key leaders, although their very disparate nature means they will be impossible to shut down altogether. If nothing else, it's one more thing for the IT security boss to worry about, although their hacking techniques expose fairly common flaws such as SQL injection. There's sure to be more to come next year, despite Anonymous apparently branching into more legitimate concerns with its Analytics research arm and campaigns to support the Occupy protests.

Industrial control systems
Last year may have been the year that Stuxnet was discovered, but the fallout has been felt throughout 2011 as researchers and malicious actors turned their attention to industrial control systems. The security by obscurity defence which had protected these systems for so long was proved no defence after several high-profile incidents, culminating in the discovery of 'son of Stuxnet' malware dubbed Duqu.

Security failings at Siemens, which makes the Scada systems targeted by Stuxnet, could lead to future attacks, NSS Labs researchers claimed, after the technology giant refused to co-operate when presented with evidence of further flaws. The US government chimed in, warning that hacktivists could soon begin targeting such systems, and 52 new Scada threats were discovered in April.

With much of Stuxnet's code found in Duqu, 2012 could be a make or break year for security chiefs in power plants, water facilities and other industries that rely on Scada systems.