Finkle, J. (2011, October 20). Nasdaq hackers spied on company boards. Retrieved from http://www.reuters.com/article/2011/10/20/us-nasdaq-hacking-idUSTRE79J84T20111020
Hackers
who infiltrated the Nasdaq's computer systems last year installed
malicious software that allowed them to spy on the directors of publicly
held companies, according to two people familiar with an investigation
into the matter. The new details showed the cyber attack was more serious than previously thought, as Nasdaq OMX Group had said in February that there was no evidence the hackers accessed customer information.
Georgia Tech Information Security Center. (2011). Emerging cyber threats report 2012. Retrieved from http://bit.ly/pnxp3E
In the past year, we have witnessed cyber attacks of unprecedented sophistication and reach. These attacks demonstrate that malicious actors have the ability to compromise and control millions of computers that belong to governments, private enterprises and ordinary citizens. If we are going to prevent motivated adversaries from attacking our systems, stealing our data and harming our critical infrastructure, the broader community of security researchers—including academia, the private sector and government—must work together to understand emerging threats and to develop proactive security solutions to safeguard the Internet and physical infrastructure that relies on it. [Related article from Scientific American / Video of 2011 Georgia Tech Cyber Security Summit, featuring remarks from Admiral William J. Fallon, Equifax's Tony Spinelli, and others.]
Mell, P., & Grance, T. (2011, September). The NIST definition of cloud computing. NIST Special Publication 800-145. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
This publication describes how cloud computing is a model for enabling
ubiquitous, convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly provisioned and released
with minimal management effort or service provider interaction. This
definition characterizes important aspects of cloud computing and is
intended to serve as a means for broad comparisons of cloud services and
deployment strategies, and to provide a baseline for discussion from
what is cloud computing to how to best use cloud computing [released 10/20/11.]
Symantec. (2011, October 20). W32.Duqu: The precursor to the next Stuxnet. Retrieved from http://bit.ly/ohGb1b
Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors, or those that have access to the Stuxnet source code, and appears to have been created after the last Stuxnet file we recovered. Duqu’s purpose is to gather intelligence data and assets from entities such as industrial infrastructure and system manufacturers, amongst others, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on various industries, including industrial control system facilities.
