With the last day of the year well and truly on the way in most parts of the world and almost finished in my part of the world it is probably a nice time to reflect a little bit on the year that was. Seems to be popular on the various news channels so it is only fair that we have our own.
On the vulnerabilities front there were of course the usual Microsoft one, culminating in MS11-100 yesterday which ensured all admins have a wonderful day. I guess the good news is that it is 6 less than last year? Adobe had its fair share throughout the year and is still a very popular target.
We saw some waves of different types of attacks. A lot of SSH brute force attacks as well as FTPattacks. We had quite a few reports of DDOSattacks throughout the year, some in the Gbps range. Malware of course is still one of the bigger problems and whilst users can and do click yes and Security products primarily use blacklists that will remain a problem.
We had some interesting issues with SSLthroughout the year, Apache and of course in the last few days ASP.net.
So what will 2012 bring us?
IPv4 allocations are no longer, so whether we like it or not IPv6 is going to be featuring on many of our future projects list for 2012. If you haven't looked at it yet, now is a good time to start reading and playing in the labs. Many security tools are not all that cool with IPv6 yet and some won't be until consumers start asking the question.
On the malware front I predict more of the same. The basic things are still working, so why change. Until the basic security controls are in place in most organisations as well as home computers most of the malware will continue to function without too much change in 2012. We might see more tailored attacks on oranisations and breaking in is as simple as one click in many cases.
On the security product front Ican't see to many changes. No doubt there will be more products in the cloud. Cloud computing will remain sexy in 2012 and until there is a major, major insertfavouritewordhere-up there probably will not be too many changes on that front. Don't get me wrong there is a place for cloud computing, but not for everything or everyone. There will probably be more of a push by firewall vendors into application awareness in their products. AV vendors already are and will continue to push into whitelisting applications rather than blacklisting. Hopefully people will start considering switching it on.
Anyway that is enough of my predictions. If you have a significant event for 2011 that you would like to contribute or a prediction for 2012 feel free to comment or submit via the contact form.
From all of us here at the Internet Storm Center all the best wishes for the new year.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.