Looking back in despair

Blogs
(Image: Stockfresh)

15 December 2014

September was a tough month for Android, as a browser vulnerability was found, capping a litany of problems from the Koler ransomware attacks, to the Blackphone credential stealer and a report exposing vulnerabilities in major Android apps.

September also saw the emergence of the Padding Oracle On Downgraded Legacy Encryption, or POODLE bug. The same month saw Shellshock emerge, exploiting vulnerabilities in the Bash command shell to run arbitrary commands.

October arrived with a PowerPoint flaw that allowed malicious code to be executed through a PowerPoint attachment.

November saw a return by an old favourite as Adobe’s Flash Player suffered yet another vulnerability that was quickly exploited.

When one adds to this the latest revelations in the games being played by governments, and the picture darkens even more.

The Regin malware, whose ‘dropper’ was detected three years ago, but has only been fully described by Symantec in recent weeks, is regarded as unusually sophisticated and not likely to be of either Chinese or Russian origin. In fact, the major infections are all in countries that are more closely monitored by governments closer to home. In fact, Symantec revealed in its report on Regin that Ireland was in joint third with Mexico of the most affected nations after China and Russia.

This all comes as further Snowden papers reveal that GCHQ has sought and in many cases gained access to Irish undersea telecommunications cables. According to a report in the Irish Times, the Solas, Hibernia and ESAT1 cables have all been tapped.

Looking back at all of these incidents, accidents, vulnerabilities, outages and revelations tells us one thing very clearly.

2014 has not been a good year for information security.

Our Inside Track this month on security, along with various news pieces, has reinforced the issue that Irish organisations are still neglecting the basics in information security. So irrespective of long buried bugs surfacing, international espionage employing APTs, or even a determined hacker after your secret sauce, many organisations in Ireland are leaving front doors open and stable doors unbolted.

Clearly the IT industry as a whole clearly needs to up its game to ensure that each organisation improves its posture to become a less attractive target. Like the old joke about outrunning a companion as opposed to a bear, the worry of becoming a target of an international cybercrime gang or innocuously named spy unit should not be ignored, but should be secondary to the normal run of the mill concerns, that include the stupid stuff: theft, loss, fat fingered operators, brain farts and the classic: ‘I was just trying to do my job’.

So here’s to a more secure 2015 the memory of which will hopefully not give you indigestion, putting you right of your turkey.

Read More:


Back to Top ↑

TechCentral.ie