One month into 2014 and we have already faced landmark data breaches of major U.S. retailer Target Corp. and online search turned media company, Yahoo. The extent of both attacks is further reaching than first (publicly) thought in December. Target admits that it faced a malware attack that exposed the credit and debit card data of 40 million, make that 70 million, no wait, it's 110 million customers. The fallout continues as the public at large gives a collective shrug and considers returning to cash when they shop at the once-beloved retailer.
These advanced threats will keep on coming in 2014. "Defending a network has never been harder," says Johannes B. Ullrich, dean of research at the SANS Technology Institute and the Internet Storm Center. Ullrich examines the advanced threat techniques to watch out for this year. High on his list, more watering hole attacks and sophisticated spear phishing, driven by social engineering and automation to produce mass customization of emails as malware lures.
Meanwhile, global scanning services and reputation management techniques are evolving to help security organizations head off advanced threats and heed earlier warning signs. "Because these systems are collecting data from actual Internet traffic, they can serve as better early warning systems when new infections start moving across the globe," writes technology journalist, David Strom, who reports on advanced malware detection techniques this month.
Some consumers are going back to cash; others are using Bitcoin.
Some consumers are going back to cash, others are using Bitcoin. Security veteran Adam Rice dives beneath the surface and explores the underbelly of the deep Web. Facilitated by Tor Networks and Bitcoin (coming soon to an ATM near you), "employee participation in unapproved activities on the deep Web can take many forms," warns Rice.
We also welcome a new column on mobile security authored by Kevin Johnson, founder and CEO of Secure Ideas, to help you evaluate all those gadgets that showed up at work after the holidays.
About the author:
Kathleen Richards is the features editor of Information Security magazine. Follow her on Twitter @RichardsKath.
Send comments on this column to firstname.lastname@example.org.