Top 10 security stories of 2008

The level of technical knowledge needed to become an online fraudster lowered significantly this year, as savvy criminals took many of the IT industry's successful business principles and made them their own.

Malware-as-a-service was big this year, and it looks like 2009 this will become even more common as the credit crunch makes it more tempting for techies and ordinary users alike to make some good money by stealing data.

4 - Lessons to learn from a year of data breaches

It started in 2007 with the HMRC breach, and due to the uproar that followed, 2008 was the year that data breaches in the public and private sector began to be reported.

It was a gradual learning process, but it is only now that those in charge have started to realise their responsibilities in taking care of the private data that they hold.

According to research, the average cost of a data breach by record is 47. That's a lot when you consider the number of records that businesses and the private sector tend to hold. It's in all of our interests that data is kept as safe as possible from being lost, be it taken maliciously or accidentally.

3 - Kaminsky's DNS vulnerability

This was one of the big headline threats this year, as Dan Kaminsky found a problem at the very heart of the way the internet works with a problem with the Domain Name System (DNS).

This meant that if a managed to take advantage users could be transported to malicious made-up sites even if they typed legitimate addresses. This could also create serious problems with online transactions and email.

2 - Ten of the most infamous black hat hackers

Hacking was back in the news as Gary McKinnon desperately fought to avoid being extradited to the US for crimes against the military. As IT PRO revealed, he wasn't the first to have been involved in committing malicious acts online.

Interestingly only one of the hackers mentioned in the feature was doing it for financial gain the reasons for the other hackers included revenge, curiosity and even simply as pranks.

It's a whole different playground now, and the new generation of hacker is out there but they won't be silly enough to have their work as seen as public knowledge like these guys.

1 - Over 10,000 websites rigged with criminal code in massive attack

One of the biggest threats to surface this year was web-based malware which found its way to users via legitimate sites and drive-by downloads.

This particular incident was one of the largest attacks of its kind as criminals worked out that one of the best ways to get users to download malware was to target websites that people knew and trusted.

It's a clever way to get malware on machines, effectively piggy-backing' on the reputation of other sites.

Another example was with the Asprox' Trojan, which managed to infect thousands including the NHS website .

Trojan horses were a constant bane for the security and anti-virus vendors to deal with, and file sharing also became a problem, as McAfee reported what it claimed was the most significant malware outbreak in three years.

It was done using file sharing as users passed infected video and music files which were sent over peer-to-peer file sharing services.