Page 4 - index
P. 4
How We Can Learn From Cybersecurity’s Past
By Todd Weller, VP, Corporate Development, Hexis Cyber Solutions
Within the past decade, IT security buzzwords such as “data breaches” “malware” and
“cyberterrorism” have been splattered across media mediums across the entire world. On any
given week, it’s become more and more likely that a security-related incident will make
headlines, causing concern for organizations of all sizes within any given industry. Looking back
over the years, there have been a number of security-related events, both big and small, that
have affected our industry as a whole, shaped end-user buying behavior, impacted our
response strategies and ultimately resulted in increased innovation and product advancement.
This October, we recognize National Cyber Security Awareness Month; initially having started
out as a small campaign to bring together industry experts, this effort has grown exponentially
by gaining followers and supporters from corporations of all sizes and industries, including start-
ups, universities, government organizations, financial institutions and many others. In light of
this year’s campaign theme- “Our Shared Responsibility,” – it is important that we look back at
three events we feel as though truly impacted the security world as a whole: Operation Aurora,
Stuxnet, and the 2013-2014 point-of-sale (POS) retail breaches.
Operation Aurora
In 2009, a high-profile information security attack against Google, Adobe and many other high-
profile companies was dubbed “Operation Aurora” by security firm McAfee. Using
unprecedented tactics that combined encryption, stealth programming and an unknown hole in
Internet Explorer, security experts viewed this as one of the first incredibly sophisticated cyber-
attacks.
Former government officials with insight on this colossal breach said attackers successfully
accessed a database that flagged Gmail accounts that had been marked for court-ordered
wiretaps. A few years later, a total of 34 companies would come forward claiming that they too
had been a victim of Aurora; industry leaders such as Adobe, Juniper, Rackspace, Symantec,
Northrop Grumman, Yahoo and Morgan Stanley were just a few. This highly sophisticated and
targeted attack was linked back to China. This attack not only gave insight into FBI and
government agency files, but was also speculated to be a trick designed by Chinese intelligence
agencies to dupe U.S. intelligence agencies into believing false or misleading information.
The Operation Aurora attacks served as the foundation for what is now referred to as an
“advanced persistent threat” (APT). Since Aurora and the many more that followed, industry
vendors are developing solutions that better protect high-value assets such as customer data,
intellectual property and critical infrastructure.
4 Cyber Warnings E-Magazine – October 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide