Cert-IST has published its 2011 annual report regarding security flaws and attacks

This report allows tracing the history of major events of the past year. It highlights the trends and characteristics of the evolution of threats and deals with other major phenomena of 2011, such as: cyber-activism, SCADA systems security and the rise threats related to smartphone devices.

The most outstanding event of 2011 is the multiplication of infiltration attacks. These attacks, also known as "APT" (Advanced Persistent Threat), stroke many organizations in 2011 (see the list given in our report) of which, for example, the French Ministry of Economy and Finances, or companies such as RSA and Areva. They all reveal a major change in the threat realm for the companies. After blind attacks (opportunistic attacks without a precise goal) in the beginning of the years 2000 (time of massive viral propagations like CodeRed or Sasser) and attacks aiming mainly at the general public (infection of home PC to build botnets), the 2011 attacks turned to aim at the enterprises. To answer to this increasing threat, the enterprise must reinforce its defenses. The year 2011 most probably marks the beginning of a new cycle of security reinforcement within the enterprises.

Download
This document is available in French and English on the following public web site