Obviously, the attackers are getting serious about getting paid, and organizations everywhere are having to come to grips with the reality that users and systems are at risk from willful and destructive actions should the attackers’ demands not be met. One company, Code Spaces, even went out of business from failing to pay an attacker that had compromised their infrastructure in Amazon Web Services. Many enterprise computing users fell prey to this type of malware, with files and operating system directories getting encrypted and/or deleted against their will unless a ransom was paid to the attackers. Speaking of malware, 2014 really introduced us to the next generation of “ransomware,” namely in the form of CryptoLocker and CryptoWall. 2014 also saw an enormous number of breaches - from Home Depot in retail to eBay online, and finally the unbelievable Sony attacks happening right here in December, things could hardly get worse…or could they? The attackers are getting smarter, and malware is definitely getting more sophisticated. Add in POODLE and other SSL/TLS flaws, and you’ve got a real mess on your hands. Heartbleed was the start of all this, but we saw one of the first really trivial remote code execution flaws in recent memory with Shellshock…all due to open source issues. To start with, we’ve been forced to reckon with staggering numbers of legacy platforms and code, primarily open source libraries that are embedded in just about every system and product we have. Join Dave for a closer look at the year in security, and learn what you can do to prepare for 2015, with this upcoming webinar.Ģ014 has been one heck of an insane year for information security professionals. Dave Shackleford is a SANS Instructor and founder of Voodoo Security.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |