As we approach the holiday season and reflect on the year, we can review a number of sophisticated cyber attacks during 2013. The year 2013 was a star chamber of victims.
- In January, both The New York Times and the Wall Street Journal were infiltrated by Chinese hackers, apparently gathering information on upcoming stories about China and identifying reporters’ sources. Security consultants traced the Times attack to a group called APT-1, believed to be a unit of the Chinese military.
- Also in January, Twitter was compromised in a sophisticated attack that gave the attackers access to credentials of 250,000 users.
- In February, Apple came under attack when hackers used a watering hole attack on the mobile developer forum iphonedevsdk.com. That attack affected not just Apple but dozens of companies developing for iOS, including defense contractors.
- In August, The New York Times, Twitter and the Huffington Post UK suffered denial-of-service attacks in August from the Syrian Electronic Army (SEA), a pro-Syrian government group. SEA used spearphishing to hijack the Times’ DNS servers via a seemingly innocuous email to a US reseller for Melbourne IT, the domain registrar.
A few themes are emerging.
Attackers are becoming well organized and well funded - New York Times CIO Marc Frons remarked that the SEA is becoming increasingly skilled, comparing its earlier work to knocking over a local savings and loan while its August attacks were more like breaching Fort Knox.
The network perimeter has eroded - Enterprise networks are increasingly complex and intertwined. SEA targeted the Times through a vendor and hit The Washington Post the same way earlier in the year. At the same time, we are each connected with many devices so there are now more attack vectors. Five years ago we connected to our networks through just one device, and now we connect through an average of four a week, giving attackers numerous points of entry.
Traditional security protection is inadequate - In 2013, reports emerged about the ineffectiveness of signature-based malware, a claim supported by the effectiveness of zero day attacks in APTs. Additionally, appliance-based security is not well-positioned to provide security and visibility into mobile devices and employees, evidenced by the success of the Apple watering hole attacks.
There’s a lot of work to do. Next time we’ll talk about some of our predictions for 2014, including why we expect to see more DNS attacks.