Top 5 cybersecurity news stories of 2008

A look at the security stories dominating the news in 2008, including data breaches, SQL injection attacks, DNS dangers, Microsoft Vista adoption issues and the fight against spam.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.
Data breaches continued to make their very public mark on cybersecurity news in 2008. And this time it wasn't TJX making headlines. Despite being PCI compliant, Hannaford Bros. supermarkets announced that 4.2 million credit and debit card numbers were pilfered from its servers. We also learned in 2008 that attackers aren't necessarily becoming more sophisticated. The cause of many data breaches and the deluge of phishing, spam and malware attacks suggest something else is going on. Automated toolkits are being bought and sold in online forums fueling the scope of many attacks. Although it's an old-school method, SQL injection attacks work and hackers use them to pull off hundreds of thousands of successful attacks against vulnerable websites and their visitors. And finally, Dan Kaminsky signaled a dire warning about a major DNS cache-poisoning vulnerability. It wasn't the apocalypse, but the security researcher demonstrated that weaknesses exist in the fundamental way the Internet works.

SQL injection attacks
It's an old-school method of attack, but hackers have figured out that if it's easy and profitable, keep doing it. SQL injection reared its ugly head into the news in May. Researchers said they tracked a massive wave of SQL injection attacks that find coding errors in websites and then use those sites to infect visitor's PCs with malware. The attacks seem to have originated in China, and today millions of Web pages are infected. Experts say automated scanning and infecting tools have made it simple for less technically savvy hackers to exploit SQL injection vulnerabilities. Even legitimate websites are not immune. The problem is so pervasive that Microsoft has stepped in to try to limit the threat. The software giant issued a security advisory in June, outlining some tools available to improve Web-based software coding and discover holes in websites. Experts are warning that the threat will continue in 2009.

Hannaford Brothers supermarket breach
Hannaford Brothers Co. disclosed a massive data breach on March 17. They later told state and federal investigators that someone managed to place malware onto servers at all of Hannaford's nearly 300 grocery stores. The software ran in the background between Dec. 7 and Mar. 10, stealing up to 4.2 million credit and debit card numbers from the supermarket's payment systems. Despite at one time being compliant with the PCI Data Security Standard (PCI DSS), experts say the company did not have enough protection in place for data in motion during a credit card transaction. Hannaford announced plans to bolster encryption and conduct 24-hour network monitoring.

Dan Kaminsky and DNS dangers
He's got a style all his own, but Dan Kaminsky was doing more than just handing out his grandmother's cookies in July. Kaminsky would not be ignored when he loudly sounded the alarm about a major domain name system server flaw that affected dozens of vendors. A coordinated release of patches soon followed. But in an interview for Security Wire Weekly, Kaminsky admitted a mistake. The security researcher kept the details a complete secret, failing to let anyone validate his research. Kaminsky eventually shared the data with Thomas Ptacek and the team at Matasano Security LLC. "This is a serious problem; it merits immediate attention, and the extra attention it's receiving today may increase the threat. The Internet needs to patch this problem ASAP," Ptacek said. The security community pressed on and in days noted reverse engineer Halvar Flake correctly guessed the details. Flake hypothesized on his blog about how an attacker could conduct DNS cache poisoning by overloading the server with requests until a legitimate answer is received. Shortly after, H.D. Moore released the exploit for the vulnerability via his Metasploit Framework. After giving out his grandmother's cookies at the Black Hat conference, Kaminsky shed light on how he discovered the DNS cache poisoning flaw and what needs to be done to bolster the security of DNS.

Microsoft Vista adoption issues
We wrote a lot about the bolstered security in Microsoft Windows Vista, but for all the security features, end users haven't shown any excitement using the fledgling operating system. In February a survey of IT administrators showed little enthusiasm for the release of Vista Service Pack 1. Some IT administrators complained of configuration issues, others said they experienced driver and reboot problems. Ultimately the consensus was the service pack fell far short of what's needed for wider deployments. To make matters worse for Microsoft, several researchers demonstrated ways to poke holes in Vista's strengthened armor. At the Black Hat briefings in August, Mark Dowd and Alexander Sotirov demonstrated the new methods they found to get around Vista protections. The researchers used techniques, such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers. Then Ben Hawkes, a New Zealand-based independent security researcher, explained how to conduct attacks against the Vista heap allocator. So far Microsoft has been on a campaign to improve Vista's image among consumers, but we'll wait and see if they make any inroads with IT professionals or if Windows 7 will be the answer for many IT shops.

Slowing the spam surge
Spammers took a big hit in 2008, albeit very briefly. First, ICANN decided to de-accredit EstDomains, an ISP notorious in the security community for serving as a haven for malware authors and spammers. Then the upstream providers for McColo Corp. killed their connections to the hosting provider, which has been known in security circles as another home base for malware and spammers, as well as alleged child pornographers. The shutdown had an immediate impact on the Srizbi botnet, which was responsible for 50% of all spam globally. The result was a temporary reduction in overall spam volume. But experts correctly warned that the shutdown wouldn't stop spam or the spread of malware. MessageLabs, a managed messaging security services provider that tracks spam, phishing and Web-based attacks, said the annual average spam rate was 81.2% in 2008, a decline of 3.4% from a year ago. Recent reports from other vendors show that spam is returning to its earlier levels. Srizbi was designed to stay active and is quickly finding alternative hosting.

Other stories of note:

  • Linux Kernel attack code worries security experts: It may not be remotely exploitable, but security experts say Linux Kernel flaws could spell trouble for Linux-based IT shops. The release of attack code has heightened concern.
  • Microsoft addresses XSS in Internet Explorer: A cross-site scripting filter and additional security features for developers will help defend against attacks.
  • New attacks reveal fundamental problems with TCP: A pair of security experts explain several fundamental issues with the TCP protocol that can be exploited to cause denials of service and resource consumption on virtually any remote machine that has a TCP service listening for remote connections
  • Microsoft releases Windows patch to stop worm attack: Microsoft issued an out of cycle update, plugging a dangerous hole that could be used to craft a worm attack.
  • Dig deeper on Security Industry Market Trends, Predictions and Forecasts

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close