Kaspersky has revealed its definitive list of security incidents that shaped 2013.
Cyber-espionage, spear-phishing, the rise of hacktivism and Bitcoins were among the key trends that defined the year.
But no security overview would be complete without mentioning Edward Snowden and the wider privacy implications of his revelations.
One of the first visible effects was the shutdown of encrypted e-mail services such as Lavabit and Silent Circle.
The reason was their inability to provide such services under pressure from law enforcement and other governmental agencies.
Another story which has implications over privacy is the NSA sabotage of the elliptic curve cryptographic algorithms released through NIST.
Almost 1800 organisation’s were victims of cyber-espionage in 2013, while the majority of campaigns that Kaspersky analysts noted were designed to steal data from governmental agencies and research institutions – Red October, NetTraveler, Icefog and MiniDuke all behaved this way.
The most widespread campaign of the year was the NetTraveler espionage campaign which affected victims from 40 countries all over the world.
For the first time, cyber-criminals harvested information from mobile devices connected to the victims’ networks – a clear recognition of the importance of mobile devices to hackers.
Red October, MiniDuke, NetTraveler and Icefog all started by ‘hacking the human’.
They employed spear-phishing to get an initial foothold in the organisations they targeted.
Costin Raiu, Director of Kaspersky Lab’s Global Research and Analysis team said these campaigns were part of an emerging trend that appeared in 2013.
“Attacks by small groups of cyber-mercenaries who conduct small hit-and-run attacks,” he said.
“Going forward, we predict that more of these groups will appear as an underground black market for ‘APT’ services begins to emerge.”
Hacker group ‘Anonymous’ claimed responsibility for attacks on the US Department of Justice, Massachusetts Institute of Technology and the web sites of various governments.
Those claiming to be part of the ‘Syrian Electronic Army’ claimed responsibility for hacking the Twitter account of Associated Press and sending a false tweet reporting explosions at the White House – which wiped $136 billion off the DOW.
For those with the relevant skills, it has become easier to launch an attack on a web site than to coordinate real-world protests, according to Kaspersky analysts.
In the wake of the surveillance stories of 2013, there is perhaps little surprise that people are looking for alternative forms of payment; increasing the popularity and value of the Bitcoin system.
The methods used by cyber-criminals to make money from their victims are not always subtle.
Apart from Bitcoins, which could potentially be stolen, ‘ransomware’ programs have become a popular means of making easy money – as is the case with the Cryptolocker Trojan.
