One of the 'worst' quarters ever for security?

A new report from Panda calls the first part of 2011 one of the worst on record. On the surface it sure seems that way. But in many ways, only the names and publicity tactics have changed.

The report itself doesn't really tell us anything new, but it does put things in perspective. It's also a good by-the-numbers snapshot of the activity as one lab recorded it.

Some excerpts:

In the last quarter, malware of all kinds has spread substantially, with PandaLabs observing 42 new malware strains created every minute. Once again, Trojans accounted for most of the new threats, comprising nearly 70 percent of all new malware created, followed by viruses (16 percent) and worms (12 percent). A graph depicting the types of new malware samples received by PandaLabs is available at

As recorded by Panda Security's online scanner, Panda ActiveScan, Trojans were responsible for 69 percent of infections, followed once again by viruses (10 percent) and worms (8.53 percent). Adware, which only represents 1.37 percent of all malware, accounted for more than 9 percent of all the infections, indicating the substantial effort malware writers are taking to promote this type of malicious code. Fake anti-virus programs, which are included in the adware category, have also continued to grow. A graph of malware infections by type is available at

Panda does a good job presenting bite-sized snapshots of 2011 so far:

LulzSec and Anonymous: A new hacker group LulzSec emerged this quarter, specializing in stealing and posting Personally Identifiable Information (PII) from companies with poor security as well as carrying out denial of service attacks (against the CIA website, for example). They also released a full list of PII data they had previously stolen such as email addresses and passwords, which has led to account hijacking and other forms of identity theft. At the end of June, LulzSec teamed up with Anonymous for "Operation: Anti-Security," encouraging supporters to hack into, steal and publish classified government information from any source. On June 26, LulzSec released a statement on Twitter announcing the end of their activities. Nevertheless, they urged hackers to carry on with operation Anti-Security (#Antisec) and join the Anonymous IRC channel.

Corporate Breaches: RSA, the security division of EMC Corporation, announced in mid-March it had suffered a breach on its network systems that exposed proprietary information about its two-factor hardware-based authentication system, SecurID. In May, Lockheed Martin, the largest provider of IT services to the U.S. government and military, suffered a network intrusion stemming from data stolen pertaining to RSA. It seems that the cyber-thieves managed to compromise the algorithm used by RSA to generate security keys. RSA will have to replace the SecurID tokens of more than 40 million customers around the world, including some of the world's biggest companies.

Sonygate: The most infamous attack that occurred this quarter was the one Sony suffered. Everything started with the theft of data from their PlayStation Network (PSN), affecting 77 million users worldwide. Not only was this the biggest data theft on record, but the situation was also poorly communicated to customers by the company, which hid the problem for days. When Sony finally made it public they simply said there was evidence that some user data could have been compromised, even though they knew the situation was far more serious.Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!

We've written a lot about these events this year. It's obvious at this point that security vendors getting attacked and "hactivist" groups launching loud self-publicized assaults is the new normal.

You could also argue that it's in a security vendor's best interests to frame events in the worst-case-scenario category. The Panda report, once outlining the nasty state of affairs, offers the following advice:

"As always, PandaLabs advises all users to ensure their computers are adequately protected. With this in mind, Panda offers a series of free tools including Panda Cloud Antivirus and Panda ActiveScan."

I don't fault them for this. Every vendor that releases any kind of report will always tie the findings back to the things their products are designed to do for you to keep safe. And while it's always foolish to take individual reports as the complete Gospel, each one does offer a snapshot with bits of truth. Put them together with other studies and you start to see a bigger picture.

But in this particular case, I'm not sure I buy the argument that we are seeing the worst attacks ever.

We're captivated by each news item about the latest LulzSec or Anonymous exploit, but what they have been doing is only slightly different from the attacks against Estonia four years ago or the month of (pick your vendor or app)bugs that everyone seemed to be doing just a couple years ago.

I think the attackers may simply be getting better at their own PR.

The oldest story dressed to look like news, in my opinion, is the case of Sony. Sony's incompetence with security is an old story to anyone who remembers the rootkit scandal five-plus years ago.

For a group looking for some easy publicity, Sony was an easy target.

It's like the days when speakers at a security confab could get applause simply by saying something bad about Microsoft security.

Names change, as do the nature of attacks.

But in a lot of ways, the song is the same.

But if it entices more organizations to take their own security seriously, there's value to be had.

--Bill Brenner

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Healthcare records for sale on Dark Web