Blog dedicado al estudio de la Seguridad de la Información - Privacidad - Seguridad Informatica - Auditoria informática.
(Recopilación de principales noticias, eventos, politicas de seguridad, guías de buenas practicas, normas, estándares, herramientas, otros)
jueves, 19 de enero de 2012
Cert-IST has published its 2011 annual report regarding security flaws and attacks
This report allows tracing the
history of major events of the past year. It highlights the trends and
characteristics of the evolution of threats and deals with other major
phenomena of 2011, such as: cyber-activism, SCADA systems security and
the rise threats related to smartphone devices.
The most outstanding event of 2011 is
the multiplication of infiltration attacks. These attacks, also known as
"APT" (Advanced Persistent Threat), stroke many organizations in 2011
(see the list given in our report) of which, for example, the French
Ministry of Economy and Finances, or companies such as RSA and Areva.
They all reveal a major change in the threat realm for the companies.
After blind attacks (opportunistic attacks without a precise goal) in
the beginning of the years 2000 (time of massive viral propagations like
CodeRed or Sasser) and attacks aiming mainly at the general public
(infection of home PC to build botnets), the 2011 attacks turned to aim
at the enterprises. To answer to this increasing threat, the enterprise
must reinforce its defenses. The year 2011 most probably marks the
beginning of a new cycle of security reinforcement within the
This document is available in French and English on the following public web site