2010: The IT Security Year in Review
Looking back over the major security stories of 2010, there's no one incident you could point to that summed up the state of affairs: Attacks and mistakes were many and varied, showing us all that good security is, indeed, a process ... not a destination.
Throughout 2010, there seemed to be a never-ending barrage of transgressions, small and large, that kept security software vendors and their customers constantly on edge. Hospitals and universities were tagged with dozens of data breaches that exposed millions of sensitive files. The supposedly secure data networks of Fortune 500 companies were infiltrated on a regular basis and even the U.S. government found itself exposed and embarrassed in front of an international audience.
Here's a look back at a small, but significant sampling of the biggest security stories of 2010, each of which portends even larger threats and potential damage in 2011:
In January, senior executives at the three of the world's largest oil companies admitted they were victimized by a sophisticated malware campaign that targeted specific executives in customized emails designed to extract proprietary corporate data.
Top-tier executives at ExxonMobil, ConocoPhillips and Marathon Oil acknowledged that, as far back as 2008, custom spyware that went undetected by antivirus software was installed on employee computers and used to garner critical data, including research and development plans for future oil and natural gas reserves.
Nation-Sponsored Attacks Increase
Google and about two dozen other U.S. companies, including Intel and Adobe Systems, were tagged by a sophisticated hacking attack known as Operation Aurora in which hackers based in China managed to exploit a zero-day vulnerability in Microsoft's Internet Explorer browser to access and steal files.