By all indications 2011 will be known as a historic year in information security as threats added a whole new category of motive to attack profiles. This new “Hacktivism “category will go down in the record books as one of the most active periods of cyber attacks in the history of information security. Moreover, given the current efficacy of these ideological-based multi-vulnerability attacks such as WikiLeaks revenge attacks (December 2010) and Sony DDoS & MySQL attacks (May / June 2011), etc, we believe this will only serve to encourage even more actors to enter the picture and spawn a vicious cycle of future malicious activity.
No one can say for certain how all of this will play out, however given the increased frequency, directed attacks, and effectiveness of the techniques, we can safely assume the following are the key activities heading into 2012:
1. Cyber attacks go mainstream for activists and for financially motivated criminal organizations. Attackers’ motivation has evolved and from publicity and vandalism they are looking for financial gain or protest without going out of their homes.
2. Reassessing the risk – your organization is likely a target. For example eCommerce sites, which were the prime target for financially motivated attackers, become now also targets for hacktivism.
3.Cyber weapon of Mass Disruption deploy multi-vulnerability DoS & DDoS attacks. This turns traditional network security measures useless, as they typically can detect and defend only some of the attack vectors.
4 The need for complementing security technologies. Mitigating multi-vulnerability and multi-vector attacks requires more than one security technology in place, adding behavioral analysis technologies on top traditional signature detection and rate based protection.
5.Architecting the perimeter for DDoS attack mitigation. Deployment of complementing network security technology requires rethinking of perimeter security.
6. Counterattacks are needed! Defense mitigation strategies are also evolving and now include active counterattack strategies.