Targeted Threats

The year began with a bang with a targeted attack and breach affecting Google and many other known companies. Google accused the government of China of being responsible for the attacks--even involving the United States Department of State in the matter.

Dubbed , or Hydraq, depending on which source you use, the attack was unique in being allegedly state-sponsored. China denied any involvement, but a WikiLeaks leak months later suggested there might be something to the theory. The other unique aspect of the Operation Aurora attack, though, was the way the affected parties joined forces--sharing details of the attack and working collaboratively to get to the bottom of things.

A state-sponsored attack against a high-profile tech target is one variation of a targeted attack. The Stuxnet worm, however, demonstrates that there are more insidious targeted attacks to watch out for as well (it is worth noting, though, that Stuxnet is alleged to be ). Gary Egan, director of , explains, "It is quite possible that Stuxnet has ushered in the next evolutionary shift in malware: a new class of threat that is weaponized to cause real-world damage. It is also one of the most complex threats ever seen."

The Stuxnet worm exploited four separate zero-day vulnerabilities, utilized cutting-edge techniques to evade detection, and is the first rootkit known to be specifically engineered to impact programmable logic controllers (PLCs) like those used in manufacturing and production plants. Egan exclaims, "The political and societal implications of Stuxnet are far reaching."