2011 was the Year of the Hack. We saw an unprecedented rise in targeted attacks, ranging from the rather primitive (but effective) to the highly sophisticated.

While state sponsored attacks and cyber espionage have been occurring for decades, the level of disclosure and visibility of these attacks rose to new levels in 2011. Among just a few of the high profile attacks:

• With the RSA breach, we saw just how sophisticated and patient nation states can be when it comes to stealing intellectual property. In a scene reminiscent of a sci-fi movie, they attacked one corporation in order to get the keys to break into other corporations months later. It is estimated that the attack which hit RSA was actually used against over 700 other companies. This was not a smash-and-grab cyber attack, it was a lie-in-wait attack.

• With Operation Night Dragon, we saw a coordinated and wide scale attack on several energy companies across multiple continents. The cyber attack used multiple vulnerabilities and techniques in a coordinated campaign specifically against petroleum and energy companies. The attacks were traced back at least two years.

• With Operation Shady RAT, over 70 different companies across dozens of countries and different industry sectors were attacked using the same command and control server. The attacks spanned at least five years and included companies from energy, finance, real estate, technology, government, and even the International Olympic Committee. As common for targeted attacks, Shady RAT established its foothold through spear-phishing (targeted emails), using social engineering to trick users into opening malicious content.

• With Nitro, at least 48 different companies within the chemical and defense industries were targeted. In the Nitro attacks, a program was installed allowing the attacker remote control of the infected systems. Interestingly, the same servers used in these attacks were previously used in a campaign against human rights organizations and NGOs.

In total, thousands of different companies around the world were attacked in 2011, with no stone left unturned. If you have any data of value, regardless of your company size or industry, you are a potential target. All of these attacks were targeted and involved manual interaction, where humans were on the other end controlling the malware and all of these attacks have been linked, with various degrees of certainty to individuals or groups within China.

We are witnessing the greatest theft of intellectual property in history. Unfortunately, 2012 looks to be no better when it comes to organized state-sponsored attacks. Not only have the attackers been emboldened by their successes, there are currently no consequences for their activities.

As the 2011 examples demonstrate, energy and utility companies are a particularly ripe target. The SCADA (supervisory control and data acquisition) systems and ICS (industrial control systems) computers controlling our nation’s public and private infrastructure are woefully outdated when it comes to security. Until real progress is made in securing these systems, we will continue to see further breaches. Most concerning is that attacks on ICS systems can result in physical damage or even loss of life.

2011 also saw a dramatic increase in hacktivism – politically and socially motivated attacks with the aim of causing embarrassment to a target or simply make a public statement. We saw the rise, and sort-of-fall of LulzSec, as they used Sony as a punching bag for hacking. We saw Anonymous continue making social and political statements, aligning with movements like Occupy Wall Street. The internet is an integral part of the fabric of modern society; it is natural that it has become a common medium for protest.

It does not take a crystal ball to realize that the trend of hacktivism will continue, not just into 2012, but throughout the next decade at least. While the techniques used by hacktivists will get more advanced, they are generally and comparatively “low tech” today – using well known techniques for distributed denial of service (DDoS), SQL injection, and cross-site scripting to take down or deface web servers. From a security perspective, it is disheartening to see how successful such basic and well known attacks can be against even the largest of corporations. I would like to believe this year has been a wake-up call for companies to get their basic security house in order. Sadly, this is not the case and we will see more big names successfully “hacked” in the coming year.

2011 saw the rise of the smartphone. The number of smartphones sold in the last quarter of 2010 was greater than the number of personal computers, and this trend is continuing. The amount of malware targeting these devices has increased dramatically, with estimates ranging from four-fold to well over ten-fold. While this is still a game of small numbers, even a penny-a-day-doubled adds up very quickly.

Seventy-six percent (76%) of smartphone consumers use their devices for business purposes as well. These miniature computers contain not only our most personal information (e.g. contacts, text messages, geo-location, credit card and password information) they also contain confidential business information (e.g. corporate emails and documents). As our report on the most vulnerable smartphones of 2011 describes, most smartphones run out-of-date software with known vulnerabilities that leave users at higher risk.

In 2012, we will reach over one billion smartphones worldwide. This is a green field for attackers, as the technology has evolved faster than security. We will continue to see a rise in traditional malware targeted personal and financial information on these devices. Like the personal computer, we will begin to see targeted attacks on smartphones where the motivation shifts from financial to corporate espionage and IP theft. I will coin a new term here to describe the next generation of smartphone hacking – “smacking.” I predict 2012 will be the year of the “smack down,” as mobile devices earn their place as a critical corporate asset under cyber assault.