
Smartphones dominated the headlines in the tech world this week, turning the heads of enterprise IT security managers still trying to prepare for the inevitable onslaught of security issues stemming from the consumerization of IT.
However, one especially high-profile strain of malware was able to steal the industry's attention this week. In what appears to have become a weekly occurrence of late, news broke of another military-focused strain of malware, this one dubbed Duqu. The researchers who discovered it have made claims that the Trojan is an evolved variation of the infamous Stuxnet virus, which was discovered in 2010 after having infiltrated and damaged the computer infrastructure that maintained Iran's nuclear resources.
Malware expert Sergey Golovanov said in a recent interview with Forbes that researchers "are pretty sure [Duqu] is the next generation of Stuxnet." Because 99 percent of Duqu's software rules are the same as those of Stuxnet, according to Forbes, researchers have speculated that it is a new variation of the virus that is considered a historic milestone in the security industry.
The Duqu issue was just the latest in a long series of events that have raised concerns over cyberwarfare. Two weeks prior, similar concerns abounded after anonymous sources from the U.S. Air Force came forward in a Wired report about a virus that had successfully infiltrated the computer systems of a drone aircraft. The virus wsd found to be benign, but the discovery itself reverberated throughout both the technology and military worlds.
Duqu, however, appears to be anything but benign. The Trojan was initially discovered on September 1 by a Hungarian blogger, and was since found to have infected several different targets in random areas across the globe. According to Forbes, Golovanov's research shows that the virus' victims are not related, which differs from Stuxnet's strategy of targeting one individual system. That does not mean, though, that Duqu is less effective, according to Golovanov.
"It took months before Stuxnet was activated that it started infecting computer systems. Within days of discovering Duqu, it was already causing damage," the researcher told Forbes. He added that the researchers are "pretty sure that Duqu is a government cybertool and are 70 percent sure it is coming from the same source as Stuxnet."
However, others have chimed in and warned against jumping to conspiracy conclusions over Duqu. In a blog post, security practitioner Bill Brenner acknowledged that the two share similarities, but also pointed out that the researchers who first discovered Duqu still need to complete a full audit of the code. Once that is complete, more details can come forward and a clearer picture of the situation can be painted. Until then, Brenner warned, researchers and security experts will be doing the industry no favors by making claims of a repeat Stuxnet attack, at least until more evidence exists in favor of it.
In either case, the issue will make for interesting headlines in the weeks and months to come. With these kinds of implications, Duqu also reopens the investigation into Stuxnet, the discovery of which celebrated its one-year anniversary just weeks ago.
However, if Duqu is really that similar to Stuxnet, more information will be difficult to come by. Even after investigating and studying Stuxnet for one year, researchers still have little information as to its source.
Some have speculated that it was created by the U.S. government, while others have pointed the finger at Israel. However, if the connection between Stuxnet and Duqu turns out to be real, the latter could be a major lead on a globally significant investigation.
Meanwhile, in the private sector, enterprise IT experts made note of what appeared to be a major turning point in the evolving consumerization trend.
It started with massive outages suffered by the already struggling BlackBerry mobile operating system. Research In Motion issued an apology and is offering a handful of free apps and services to both consumer and enterprise customers.
However, the efforts may turn out to be too little, too late for the long-time enterprise mobility industry leader.
Some customers were not able to make phone calls or send email for days. Even worse, analysis of the issue found that it was specific to BlackBerry's OS, meaning it couldn't actually happen to those using smartphone platforms developed by Apple or Google.
That issue, in particular, came at an inconvenient time for both RIM and companies whose employees have been assigned BlackBerry phones. The Canadian smartphone vendor has been on a downward slide for the past couple of years, steadily losing market share as its competitors grow. The latest comScore statistics show that RIM's market share dropped from 24.7 percent in May to just 19.7 percent in August. Meanwhile, Apple and Google have risen head and shoulders above it, and continue to look up.
Now, it seems, a rapidly growing number of consumers are purchasing smartphones of their own. The comScore report showed the total number of U.S. smartphone users reached 84.5 million in August. As a result, many companies are dealing with support and security issues as more employees use their personally owned devices to access the company network.
Growing mistrust in BlackBerry will only drive this trend further and faster. Research on the BlackBerry outage shows that this development may be reaching a tipping point. Market researcher Yougov released its stats on the effects of the service issues, showing that consumer confidence in the BlackBerry brand plummeted in the days following the outage. Yougov uses a point system to track brand image, upon which BlackBerry dropped 52 points between October 12 and October 14.
The shakeup coincides with two major steps forward for Apple and Google, RIM's two consumerization-driving competitors.
The latest edition of Apple's iPhone, the 4S, sold more than 4 million units in its first weekend on the market. That figure could grow to 25 million by December, according to Piper Jaffray analyst Gene Munster.
For businesses, especially those that still support BlackBerry phones for their employees, that figure is a sign of the growing odds that employees will forgo the device provided to them and instead access the corporate network with unsupported iPhones.
However, managing consumerization may not be as easy as just focusing on the iPhone and whatever security threats may accompany it. Google also unveiled the next generation of its Android mobile operating system, nicknamed Ice Cream Sandwich. Considering Google remains at the top of the global smartphone market, growing 5.6 percent in the third quarter to reach 43.7 percent mobile OS market share, the introduction of a new platform only paints a more Android-heavy picture of the future of enterprise mobility.
Security News from SimplySecurity.com by Trend Micro