2011 is turning out to be a busy year for those involved in information security, so far there have been the following incidents related to information security in the headlines during the first 5 months of the year:

February 2011 Hacking attack on HB Gary by the group known as Anonymous.

March 2011 RSA hack stole token data (attackers were allegedly advanced persistent threats).

April 2011 Sony hacks data theft that allegedly involves information related to 77 million accounts and 2.2 million credit cards.

April 2011 Epsilon hacked victim, email addresses stolen.

WikiLeaks-related attacks by the group known as Anonymous.

April 2011 Ritz-Carlton hotel guest data stolen in hacking attack.

April 2011 Amazon Web Services cloud outage (unavailable).

May 2011 Lockheed Martin (details not released).

May 2011 Woodside Petroleum (Australia’s largest oil company said the attacks were coming from everywhere).

May 2011 Public Broadcasting (a fake news story and lists of reporters’ accounts and passwords were posted on a PBS site).

May 2011 A congressman from New York reported that a lewd photo had been mailed when his Twitter account was hacked.

Hacking is a type of targeted attack typically executed by an external human using commercial methods to exploit accessible vulnerabilities and inflict damage. Protection methods are generally applied to limit the damage dealt during an attack, limit the duration of an attack, or deter an attacker. The effectiveness of any protection measure in use is clearly at stake when a successful attack occurs. Forensic tools and methods are used to analyze attacks, allowing lessons learned to be captured and documented. Data theft is often motivated by financial gain, focused on credit card data for sale to scammers or email addresses for sale to spammers.

Unavailability incidents occur for a variety of reasons, often not involving malicious activity. Such incidents can grow as related resources cascade and fail, a phenomenon with potentially widespread impact.

The Internet is often used to carry out the attack. The nature of giant public networks facilitates anonymity while being reliable and predictable.

The list does not include the large number of malicious code-based incidents that have become common events or the large number of incidents involving sensitive, typically government sites, that never make it to the press.

The rapidly evolving sophistication of hacking attacks is cause for concern. State sponsored activity involving “Advanced Persistent Threats” is emerging behind the curtains as a valid concern for businesses around the world. The press is unlikely to suffer from a shortage of headline material for the remainder of 2011.