Aug 27, 2013
This report explains the threats surrounding information systems these years based on the insights and opinions of the 10 Major Security Threats Committee, which consists of 117 people in the field of information security like researchers and corporate IT staff. It has 3 chapters.
- Chapter 1: History of Information Security
Chapter 1 looks back the history of information security from 2001, where security was beginning to take roots in the society, to 2012.
- Chapter 2: List of 10 Major Security Threats 2013
Chapter 2 gives the rank and description of the 10 major security threats in 2012 selected by the 10 Major Security Threats Committee by vote.
- Chapter 3: Rising Threats
Chapter 3 discusses about 3 threats as the threats that would grow more and more apparent within coming years based on the voting of the 10 Major Security Threat Committee members.
IPA hopes this report will help the public understand and respond to the situation surrounding information security these days and be leveraged in security training and education programs at the companies.
Download the Report:
Download the Report:
10 Major Security Threats 2013
~ They Are About To Get You and You Just Don’t Know Yet ~
Summary of the 10 Major Security Threats (Chapter 2)
The rank order and summary of the 10 major security threats selected by the 10 Major Security Threats Committee by vote are the following:
1st :Attacks Exploiting Vulnerability in Client Software
By exploiting vulnerability in client software, an attacker could inflict damage, such as infecting PCs with virus and stealing information stored in the affected PCs and systems. Users are required to keep the client software up-to-date.
2nd :Targeted Espionage Attacks
Just like 2011, the attacks against government agencies and aerospace industry were reported by the media, and it is suspected that classified government information and special technologies might be stolen. It was addressed in the policy council meetings and has even become an issue that affects the national interest.
3rd :Malicious Applications Targeting Smart Devices
Techniques to collect personal information are growing in sophistication. The cases are increasing where the malicious applications that make the users believe they offer a very attractive feature steal personal information like the address book data, targeting the rapidly-increasing users of smart devices, such as smartphones and tablets.
4th :PC Hijack with Remotely Controlled Virus
Malware-infected PCs have been exploited in spamming and DDoS Attacks. In 2012, a remote attacker posted murder notice and threatening messages on the message boards by remotely controlling the PCs the attacker had infected with the so-called Remote Control Virus and the owners of the infected PCs were mistakenly arrested.
5th :Malware Aiming to Steal Money
Since about 2011, the cases have begun to be reported abroad where the credential for internet banking services was stolen by virus and that caused financial loss. Since 2012, the incidents using the same techniques have been confirmed in Japan as well.
6th :Unforeseen System Outage
While the use of cloud computing is spreading, in 2012, we saw a large scale failure occurred at a rental server service caused by human error. As the risk of system outage due to natural disaster was highlighted by the 2011 Tohoku Earthquake, organizations are required to prepare for unforeseen circumstances.
7th :Attacks Targeting Websites
Even though attacks targeting websites have been known for quite some time, there seems to be regrettably no end to a line of victims. They steal personal information handled by websites and/or infect the visitors’ PC with virus through website breach, impacting both organizations and individual users.
8th :Password Cracking
As online services increase, users need to manage multiple passwords. As a result, many users have been increasingly reusing the same ID/passwords again and again, and in turn, password breach at one website could make them a victim of spoofing at multiple websites.
9th :Internal Attacks
The incidents like information leak or malicious use of the systems conducted intentionally by internal users have been reported. Since they are a legitimate, authorized user, it is difficult to prevent and the damage tends to be larger.
In 2012, phishing attacks impersonating major banks were widely observed and banks and security vendors called for caution. If the password for internet banking is stolen through phishing, it is possible that money is taken away from the user’s account without knowing.
IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)