December 26, 2014
This report explains the threats surrounding information systems these days based on the expertise and insights of the 10 Major Security Threats Committee, which consists of 117 people, such as researchers and corporate IT staff, in the field of information security.
It has 3 chapters:
- Chapter 1: Threat Category and Trend
Chapter 1 categorizes threats by the attacker’s intention to attack and characteristics of the targets, and social backgrounds that have created these threats.
- Chapter 2: 10 Major Security Threats 2014
Chapter 2 shows the ranking and description of the 10 major security threats observed in 2013 selected by the 10 Major Security Threats Committee.
- Chapter 3: Emerging Threats and Concerns
Chapter 3 discusses about 3 threats that could potentially have a big impact on the society and would grow into more apparent threats within coming years.
IPA hopes this report will help the public understand the situation surrounding information security these days and take necessary actions, and be leveraged in security training and education programs at the companies.
Download the Report:
10 Major Security Threats 2014
~ Information Security Is Getting Increasingly Complex… What Threats Are YOU Facing? ~
Summary of the 10 Major Security Threats (Chapter 2)
Those that have been ranked in the 10 Major Security Threats observed in 2013 are listed below:
1st: Espionage Operations through Targeted Attack
Espionage Operations to steal classified information through the Internet are booming. Those attacks are targeting a wide range of organizations from government agencies to companies and becoming an issue of concern that threatens national interests and corporate management.
2nd: Unauthorized Login and Use of Services
In 2013, unauthorized login and consequent unauthorized use of services or information leakage occurred frequently. One of the causes of unauthorized login is reuse of passwords at the various websites. Users should use a different password for each website.
3rd: Website Hacking
2013 witnessed the increase in Website hacking. Website hacking is used as part of attack schemes to spread virus infection. Website administrators should keep in mind that the ultimate victim of website hacking is the visitors to their website, and, thus, take necessary security measures to prevent that.
4th: Leakage of User Information from Web Services
During the first half of 2013, a number of membership-based web services suffered hacking attacks and a large volume of user information was stolen. If information leakage occurs at web services sites where a huge amount of personal and sensitive information like credit card data is stored, the ramifications are very huge. Thus, the services need to take adequate security measures.
5th: Unauthorized Online Banking Transfer
2013 saw the largest-ever number of unauthorized online banking transfer cases and the largest-ever losses, and such transfer drew public attention. The transfer involves theft of the user’s credential with phishing scam or virus, impersonation of a bank account holder and fraudulent wire transfer.
6th: Malicious Smartphone Applications
There have been a series of incidents where smartphone applications which seem attractive but in fact contain malicious code steals information stored in a smartphone, such as the address book data without the owner’s knowing. The secondary damage has also been confirmed in which the stolen personal information is abused in cybercrimes such as spam operations and billing frauds.
7th: Careless SNS Posting
With the prevalence of SNS, more and more people have come to post their private information on the Internet easily. On the other hand, there were the cases where imprudent employees posted work-related information to SNS, and as a result, their employers (companies and organizations) suffered serious damage.
8th: Information Leakage through Loss of Devices and Misconfiguration of Settings
Information leakage through loss of laptop PCs or USB memory sticks continue to occur. It was and still is one of the most common security incidents. Meanwhile, due to the prevalence of smartphones and cloud computing services, the methods, media and places to store data have become diverse. Accordingly, risk of information leakage has increased.
9th: Fraud/Extortion with Virus Attacks
Virus attacks with which the attacker uses ransomware that holds the user’s PC hostage and demands money to free the hostage PC have been increasing. If the PC is infected with ransomware, the user cannot access the data on his or her PC in some cases, which has a big impact on the user’s work and inflict severe psychological damage on the user.
10th: Denial of Service
In 2013, the data at several Korean companies and government agencies were destroyed by virus, which rendered the systems unusable. Also, DDoS attacks that exploit open DNS resolvers to make them an attack platform have been a serious problem.
IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)