2012-01 Monthly Security Tips 1 |
Previous | 1 of 2 | Next |
|
small (250x250 max)
medium (500x500 max)
large ( > 500x500)
Full Resolution
All (PDF)
|
This page
All
|
State of Oklahoma
Monthly Security Tips
NEWSLETTER
January 2012
Volume 7, Issue 1
Cyber Security Emerging Trends and Threats for 2012
From the Desk of CPT Jeff Elliott, Oklahoma Office of Homeland Security
During 2011, cyber security incidents included theft of intellectual property and government data, hacktivism,
malware targeting mobile devices and a resurgence of the Zeus Trojan, which targets financial information.
Protecting against these attacks was a key challenge for organizations of all sizes in both the public and private
sectors.
What is in store for 2012? Below is a brief round up of the cyber security threat landscape highlighting some of
the challenges we can expect during the next 12 months.
Mobile Devices and Apps
The use of mobile devices will continue to grow in 2012, consequently, so too will the volume of attacks targeted
to these devices. Every new smart phone, tablet or other mobile device provides another window for a potential
cyber attack. Closely tied to the trend of more smart phones and tablets being deployed in the enterprise will be
the influx of new apps for those devices. Location-based mobile apps and games all pose potential
threats. The risks include access to information such as physical location or contacts lists, as well as the ability
for the apps to download malware, such as keyloggers or programs that eavesdrop on phone calls and text
messages. Hackers are quickly learning how to harvest legitimate applications and repackage them with
malicious code before selling/offering them on various channels to the unsuspecting user.
Hactivism
Attacks carried out as cyber protests for a politically or socially motivated purpose are expected to increase,
especially in light of the activist movements continuing to take place across the country and around the globe.
Common strategies used by hactivist groups include denial of service attacks and compromise of user
credentials to gain access to data, along with posting of emails, credentials, credit card information and other
sensitive exfiltrated information.
Search Engine Optimization (SEO) Poisoning
Cyber criminals will continue to take advantage of the 24-hour news cycle to target visitors searching on the
most popular keywords or sites and infect users via sites designed to look like legitimate news services, Twitter
feeds, Facebook posts/emails, LinkedIn updates, YouTube video comments, and forum conversations. We
expect cyber criminals to take advantages of notable news events such as the London Olympics, U.S.
presidential elections, and Mayan calendar predictions.
Social Engineering
Social engineering tactics—including the use of rogue anti-virus to entice users into clicking on malicious links—
will continue. Experts also anticipate that in 2012 we will also see a growth in fake registry cleanup, fake speed
improvement software, and fake back-up software mimicking popular personal cloud services.
Advanced Persistent Threat
Advanced Persistent Threat (APT) refers to a long-term pattern of targeted hacking attacks using subversive
and stealthy means to gain continual, persistent exfiltration of intellectual capital. The entry point for espionage
activities is often the unsuspecting end-user or weak perimeter security. APT is likely to remain high in 2012.
Whether focused on exploiting vulnerable networks for use as a storage location or relay point, or to gain insider
information, cyber espionage will remain a consistent threat to networks.
Spear Phishing Attacks
Spear phishing is a deceptive communication (e-mail, text or tweet) targeting a specific individual, seeking to
obtain unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random
Object Description
| Okla State Agency |
Homeland Security, Oklahoma Office of |
| Okla Agency Code | 'HOM' |
| Title | State of Oklahoma monthly security tips newsletter, 1/2012, v.7 no.1 |
| Alternative title | Monthly cyber security tips |
| Authors |
Oklahoma. Office of Homeland Security. |
| Publication Date | 2012-01 |
| Publication type |
Newsletter |
| Purpose | Cyber Security Emerging Trends and Threats for 2012 |
| For all issues click | H2540.6 C994 |
| Digital Format | PDF, Adobe Reader required |
| ODL electronic copy | Downloaded from agency website: http://www.ok.gov/homeland/Cyber_Security/Monthly_Cyber_Security_Bulletins/index.html |
| Rights and Permissions | This Oklahoma government publication is provided for educational purposes under U.S. copyright law. Other usage requires permission of copyright holders. |
| Language | English |
| Date created | 2012-02-08 |
| Date modified | 2012-04-30 |
Description
| Title | 2012-01 Monthly Security Tips 1 |
| Full text | State of Oklahoma Monthly Security Tips NEWSLETTER January 2012 Volume 7, Issue 1 Cyber Security Emerging Trends and Threats for 2012 From the Desk of CPT Jeff Elliott, Oklahoma Office of Homeland Security During 2011, cyber security incidents included theft of intellectual property and government data, hacktivism, malware targeting mobile devices and a resurgence of the Zeus Trojan, which targets financial information. Protecting against these attacks was a key challenge for organizations of all sizes in both the public and private sectors. What is in store for 2012? Below is a brief round up of the cyber security threat landscape highlighting some of the challenges we can expect during the next 12 months. Mobile Devices and Apps The use of mobile devices will continue to grow in 2012, consequently, so too will the volume of attacks targeted to these devices. Every new smart phone, tablet or other mobile device provides another window for a potential cyber attack. Closely tied to the trend of more smart phones and tablets being deployed in the enterprise will be the influx of new apps for those devices. Location-based mobile apps and games all pose potential threats. The risks include access to information such as physical location or contacts lists, as well as the ability for the apps to download malware, such as keyloggers or programs that eavesdrop on phone calls and text messages. Hackers are quickly learning how to harvest legitimate applications and repackage them with malicious code before selling/offering them on various channels to the unsuspecting user. Hactivism Attacks carried out as cyber protests for a politically or socially motivated purpose are expected to increase, especially in light of the activist movements continuing to take place across the country and around the globe. Common strategies used by hactivist groups include denial of service attacks and compromise of user credentials to gain access to data, along with posting of emails, credentials, credit card information and other sensitive exfiltrated information. Search Engine Optimization (SEO) Poisoning Cyber criminals will continue to take advantage of the 24-hour news cycle to target visitors searching on the most popular keywords or sites and infect users via sites designed to look like legitimate news services, Twitter feeds, Facebook posts/emails, LinkedIn updates, YouTube video comments, and forum conversations. We expect cyber criminals to take advantages of notable news events such as the London Olympics, U.S. presidential elections, and Mayan calendar predictions. Social Engineering Social engineering tactics—including the use of rogue anti-virus to entice users into clicking on malicious links— will continue. Experts also anticipate that in 2012 we will also see a growth in fake registry cleanup, fake speed improvement software, and fake back-up software mimicking popular personal cloud services. Advanced Persistent Threat Advanced Persistent Threat (APT) refers to a long-term pattern of targeted hacking attacks using subversive and stealthy means to gain continual, persistent exfiltration of intellectual capital. The entry point for espionage activities is often the unsuspecting end-user or weak perimeter security. APT is likely to remain high in 2012. Whether focused on exploiting vulnerable networks for use as a storage location or relay point, or to gain insider information, cyber espionage will remain a consistent threat to networks. Spear Phishing Attacks Spear phishing is a deceptive communication (e-mail, text or tweet) targeting a specific individual, seeking to obtain unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random |
| Date created | 2012-02-08 |
| Date modified | 2012-02-08 |
