As we close out 2012, there is no doubt that this year will go down as epic in the history books of information security professionals. Looking back on the year it’s not hard to find a laundry list of security programs that have been overrun by nefarious perpetrators or to see how dramatically different the risk landscape is today than just a year ago. Taking stock of it all, the following are some of the most notable attacks:

• Jan - Feb 2012 – Group Anonymous attacks various Israeli sites leaving, among others, the Israeli Stock exchange in operational duress for a moment
• March 2012 – Operation Global Blackout – Group Anonymous threatens to take out the internet by attacking the DNS infrastructure of the world
• July – Aug 2012 – Admin.HLP Trojan wreaks havoc in wild
• Aug 2012 – AT&T suffers a near day long outage originating from an attack on their DNS infrastructure
• Sept – Oct 2012 – Operation Ababil launched against US banking and financial institutions. The vast majority of US banks suffer various degrees of outages, attacks leverage new SSL tool
• Nov – Dec 2012 – OpIsrael & OpZionism launched against various Israeli interests as a result of ongoing political struggles.

While these are just a few of this year’s attack profiles, there are more than enough lessons to be learned from each event to teach security professionals for months and years to come.

So, what did we learn from this year of carnage? I think we would be fooling ourselves if we believed that the overall success of this past year’s attacks could be attributed to luck or isolated to a few obscure examples. These attacks were by-and-large effective across a multitude of technologies, geographies and industries.

The attacks seemed to have little correlation on the surface as their effectiveness seemed to be felt without regard to the size of the company, geographic operations, the security technologies these organizations had in place or the amount of people studying the problem (e.g. security professionals, risk assessment results, etc).


However, if we are honest with ourselves, not all of the attacks have been successful thus far. There have been notable security programs that have weathered the storm by-and-large intact. Although they shall remain nameless to protect them from undue future attention, these programs were indeed different from the ones that suffered outages.

The people behind these programs are really the unsung heroes of 2012. These security professionals have provided us with a stable model of defense going forward. Let’s look at what they’ve taught us.

Security blind spots

Overall, the programs that were most effective against cyber attacks have taught us that they are doing something other (failed) programs are not. In the vernacular of security professionals, the difference between an effective program and an ineffective program is called a ‘security blind spot’.