Archive for the ‘Security’ Category
Monday, May 20th, 2013
A large and sophisticated cyber-attack infrastructure appears to have originated from India, says a new report from Norman Shark, the global security leader in malware analysis solutions for enterprises, service providers and government.
The attacks, conducted by private threat actors over a period of three years and still ongoing, showed no evidence of state-sponsorship but the primary purpose of the global command-and-control network appears to be intelligence gathering from a combination of national security targets and private sector companies.
“The data we have appears to indicate that a group of attackers based in India may have employed multiple developers tasked with delivering specific malware,” commented Snorre Fagerland, head of research for Norman Shark labs in Oslo, Norway.
Extreme diversity of sectors targeted
“The organization appears to have the resources and the relationships in India to make surveillance attacks possible anywhere in the world. What is surprising is the extreme diversity of the sectors targeted, including natural resources, telecommunications, law, food and restaurants, and manufacturing. It is highly unlikely that this organization of hackers would be conducting industrial espionage for just its own purposes—which makes this of considerable concern.”
While it’s probably unrelated, here at the TechJournal, we had to block India’s access due to continued and repeated attacks on our WordPress blog (that you’re reading right now). We regret that, because we also received legitimate traffic from India. We also had to block China, Hong Kong and Russia. Anyone else finding continual attacks from these countries?
The investigation revealed evidence of professional project management practices used to design frameworks, modules, and subcomponents. It seems that individual malware authors were assigned certain tasks, and components were “outsourced” to what appear to be freelance programmers. “Something like this has never been documented before,” Fagerland added.
The discovery is currently under investigation by national and international authorities.
The discovery began on March 17th when a Norwegian newspaper reported that Telenor, one of the world’s largest mobile phone operators, a member of the world’s top 500 companies, and Norway’s major telecommunications company, had filed a criminal police case for an unlawful computer intrusion. Spear phishing emails targeting upper management appeared to be the source of the infection.
The behavior pattern and file structure of malware files made it possible, for security analysts at Norman Shark, to search internal and public databases for similar cases utilizing Norman’s Malware Analyzer G2 automatic analysis systems.
The amount of malware found by Norman analysts and their partners was surprisingly large and it became clear the Telenor intrusion was not a single attack, but part of a continuous effort to compromise governments and corporations worldwide.
Norman Shark titled the report “Operation Hangover” after one of the cyber espionage malwares most frequently used in this case.
Victims in more than a dozen countries
Based on an analysis of IP addresses collected from criminal data stores discovered during the investigation, it appears that potential victims have been targeted in more than a dozen countries. Specific targets include government, military and business organizations.
Attribution to India was based on an extensive analysis of IP addresses, website domain registrations, and text-based identifiers contained within the malicious code itself.
Despite all of the recent media attention on so-called “zero day” exploits encompassing brand new attack methods, Operation Hangover appears to have relied on well-known, previously identified vulnerabilities in Java, Word documents, and web browsers.
“This type of activity has been associated primarily with China over the past several years but to our knowledge, this is the first time that evidence of cyber espionage has shown to be originating from India,” Fagerland concluded. “Our study, available on the Norman website (www.norman.com) provides assistance in what security teams need to look for.”
Friday, May 10th, 2013
Reports of high profile cyber security breaches at major companies have become almost routine despite studies showing that they are extremely costly to the firms invovled.
In a recent survey, the majority of corporate risk managers and senior executives expressed concern about cyber risks. Yet many U.S. companies do not have a network security or privacy liability insurance program to protect themselves.
In other words, they feel vulnerable but aren’t sure what to do about it. A new report by Lockton illuminates the issue, along with the solution to managing cybersecurity in a world where business often depends on technology.
The report, co-authored by Lockton’s Michael Schmitt and Lisa Phillips , is entitled “Cybersecurity: Most Companies Know Enough to Worry, But Not Enough to Take Action.”
“How an organization responds to a data breach can either cause or prevent lost customers, regulatory fines and investigations,” Schmitt said.
Preparation and testing essential
Phillips added that preparation and testing are essential for any responsible organization. She writes that it starts with an assessment of the type of data held, including where it is stored, who has access to it and whether there are proper security measures in place to protect it.
After analyzing risk and implementing security measures, the next step is to create and test a data breach response plan with participation from IT, Legal, HR, Risk Management, Finance and Customer Service. Lockton also suggests involving data breach experts outside the company who can provide insight and guidance.
If a breach does occur, the data breach response team must be ready to move quickly to verify, investigate and communicate internally – and with customers, as appropriate.
The Lockton experts also recommend speaking with an insurance professional about what may be covered and what breach response services may be available through an insurance policy.
Tuesday, May 7th, 2013
A cloud security survey by NetQ commissioned through IDG Connect, revealing that while companies have become increasingly comfortable with the security of third-party cloud service providers, data security – particularly at the end user level – as well as concerns over meeting compliance requirements, remain top-of-mind among cloud adopters.
Fifty-one percent of IT executives surveyed believe that the cloud increases data security overall. However, almost 70 percent of respondents indicated that consumer cloud services pose a risk to sensitive data in their organizations and 45 percent are not fully confident that their cloud provider’s security processes and programs meet their data security requirements.
Additional findings found a mix of concern and confidence in cloud security:
- Forty-five percent do not have full visibility and control of their cloud-based data when users sign up on their own.
- Only 46 percent train end users on how they should securely access data in the cloud.
- Forty-two percent of organizations are not fully confident that they demonstrate regulatory compliance concerning sensitive information/assets in the cloud.
- Fifty-nine percent are very confident in their ability to control and manage access from mobile devices to cloud services.
“These survey findings demonstrate that IT executives are feeling more confident in the execution of their cloud security strategies and programs. However, this confidence may be at odds with the concerns security teams have while addressing an ever-increasing number of threats to corporate information,” said Geoff Webb , director, Solution Strategy at NetIQ.
“Data-centric security programs remain the most targeted and effective way to build security programs ready to embrace the complexities inherent in adopting cloud. Identifying sensitive data, applying appropriate layers of protection around that data, and tracking who is accessing it remain the best ways to respond to threats, meet regulatory requirements and minimize organizational risk.”
This survey was conducted on behalf of NetIQ by IDG Connect to understand perceptions about cloud security worldwide. Researchers interviewed IT executives at companies with 500 or more employees. Sixty-one percent of respondents occupied director-level or higher roles within their organization.
The overall number of respondents was split between those from North America(36 percent), EMEA (36 percent) and APAC (28 percent). Full survey results are available at http://cloudreadyzone.com/.
Thursday, May 2nd, 2013
Now here’s a paradox – while most industries saw fewer security vulnerabilities in 2012, IT web sites actually had the highest number ov vulnerabilities per site. You would think that IT would be on the forefront of best practices, but that doesn’t appear to be so.
That’s according to WhiteHat Security, the Web security company, in the 2013 edition of the WhiteHat Security Website Security Statistics Report.
“Website security is an ever-moving target, and organizations need to better understand how various parts of the SDLC affect the introduction of vulnerabilities, which leave the door open to breaches,” said Jeremiah Grossman , co-founder and CTO of WhiteHat Security.
“This report – comprising survey and website vulnerability data – is the first time we can correlate various software security controls and SDLC behaviors to vulnerability outcomes and breaches. The results are both insightful and complex.”
The Current State of Website Security
In 2012, the average number of serious* vulnerabilities per website continued to decline, going from 79 in 2011 down to 56 in 2012. Despite this, 86 percent of all websites tested were found to have at least one serious vulnerability exposed to attack every single day of 2012.
Of the serious vulnerabilities found, on average 61 percent were resolved and only 18 percent of websites were vulnerable for fewer than 30 days in 2012. On average, resolving these vulnerabilities took 193 days from the first notification.
WhiteHat Security designated each tested site by industry, and a closer look revealed that:
- With the exception of sites in the IT and energy sectors, all industries found fewer vulnerabilities in 2012 than in past years.
- The IT industry experienced the highest number of vulnerabilities per website at 114.
- Government websites had the fewest serious vulnerabilities with eight detected on average per website, followed by banking websites with 11 on average per website.
- Entertainment and media websites had the highest remediation rate (the average percentage of serious vulnerabilities resolved) at 81 percent.
- In years past, the banking industry had the fewest vulnerabilities and fixed the most vulnerabilities of any industry. This year, banking came in second with 11 average serious vulnerabilities found per website and a below average remediation rate of 54 percent (average is 61 percent across all industries).
Top Ten Vulnerability Classes
The two most prevalent vulnerability classes in 2012 were Information Leakage and Cross-Site Scripting, identified in 55 percent and 53 percent of websites respectively.
The next eight most prevalent include: Content Spoofing – 33 percent; Cross-site Request Forgery – 26 percent; Brute Force – 26 percent; Fingerprinting – 23 percent; Insufficient Transport Layer Protection – 22 percent; Session Fixation – 14 percent; URL Redirector Abuse – 13 percent; Insufficient Authorization – 11 percent.
SQL Injection continued its downward slide from 11 percent in 2011 to 7 percent in 2012, no longer making the Top 10.
Best Practices May Not Result in Better Security
In correlating the survey results with vulnerability data, WhiteHat Security could see how software security controls, or “best practices” impacted the actual security of organizations. Some of the findings include:
- 57 percent of organizations surveyed provide some amount of instructor-led or computer-based software security training for their programmers. These organizations experienced 40 percent fewer vulnerabilities, resolved them 59 percent faster, but exhibited a 12 percent lower remediation rate.
- 39 percent of organizations said they perform some amount of Static Code Analysis on their websites underlying applications. These organizations experienced 15 percent more vulnerabilities, resolved them 26 percent slower, and had a 4 percent lower remediation rate.
- 55 percent of organizations said they have a Web Application Firewall (WAF) in some state of deployment. These organizations experienced 11 percent more vulnerabilities, resolved them 8 percent slower, and had a 7 percent lower remediation rate.
Best practices may not be enough
Some of this data implies that best practices such as software security training are effective, yet some of the statistics clearly show that following best practices does not necessarily lead to better security.
The correlated data revealed that compliance is the primary driver for organizations to resolve vulnerabilities, but also the number one reason organizations do not resolve vulnerabilities. In other words, vulnerabilities are fixed if required by compliance mandates; however, if compliance does not require a fix, the vulnerability remains, despite possible implications to the overall security posture of the site.
“This collective data has shown that many organizations do not yet consider they need to proactively do something about software security. It is apparent that these organizations take the approach of ‘wait-until-something-goes-wrong’ before kicking into gear unless there is some sense of accountability,” said Grossman.
“This needs to change, and we believe there is now an opportunity for a new generation of security leaders to emerge and distinguish themselves with an understanding of real business and security challenges. Our hope is that they will address these issues we have identified and base their decisions on a foundation of data to improve the state of Web security over time.”
To view the complete report, visit https://www.whitehatsec.com/resource/stats.html.
Wednesday, May 1st, 2013
A smart phone can contain a lot of information that its owner would rather keep private. But 39 percent of the more than 100 million American adult smart phone owners fail to take even minimal security measures, such as using a screen-lock, backing up data, or installing an app to locate a missing phone or remotely wipe its data, according to Consumer Reports’ Annual State of the Net survey.
At least 7.1 million smart phones were irreparably damaged, lost, or stolen and not recovered last year, Consumer Reports projects. Yet 69 percent of smart phone users hadn’t backed up their data, including photos and contacts. Just 22 percent had installed software that could locate their lost phone.
“When you take your smart phone into your confidence, so to speak, you’re also taking in a host of parties, including app developers, your wireless carrier and phone manufacturer, mobile advertisers, and the maker of your phone’s operating system,” said Jeff Fox , Technology Editor, Consumer Reports.
Take basic precautions
“We recommend that all smart phone users take the basic precautions we outline in this report to ensure that their phones are secure from wireless threats.”
The full report can be found in the June 2013 issue of Consumer Reports and online at ConsumerReports.org.
The report revealed that though most smart-phone users haven’t suffered serious losses because of their phone, there are wireless threats that merit concern.
Among them: malicious software. Last year, 5.6 million smart-phone users experienced undesired behavior on their phones such as the sending of unauthorized text messages or the accessing of accounts without their permission, CR projects. Those symptoms are indicative of the presence of malicious software.
Location tracking can lead to trouble
The location tracking feature that all smart phones have can also leave users vulnerable to wireless threats. One percent of smart phone users told Consumer Reports that they or a person in their household had been harassed or harmed after someone used such location tracking to pinpoint their phone.
CR also projects that at least 5.1 million preteens use their own smart phones. In doing so, they may unwittingly disclose personal information or risk their safety.
A smart phone can be quite secure if users take a few basic precautions, Consumer Reports found. Those precautions include:
- Using a strong pass code. A four-digit one, which 23 percent of users told CR that they used, is better than nothing. But on Android phones and iPhones earlier than the iPhone 5, a thief using the right software can crack such a code in 20 minutes, according to Charlie Miller , security engineer for Twitter. A longer code that includes letters and symbols is far stronger.
- Install apps cautiously. Malicious apps may not lurk around every corner, but they’re out there and can be tricky to spot. For example, CR projects that 1.6 million users had been fooled into installing what seemed to be a well-known brand-name app but was actually a malicious imposter.
- Turn off location tracking. Disable it except when it’s needed, such as for driving directions. Only one in three smart phone owners surveyed by CR had turned it off at times during the previous year.
Wednesday, April 24th, 2013
Results of new remote access security research show half of companies with a remote workforce had their websites compromised in 2012, over a third had passwords hacked, and twice as many companies with remote users were victims of SQL injection attacks.
Conducted by Webroot, a leader in Internet security as a service, the new study indicates that data theft is the primary goal in new types of mobile attacks. Scenarios include malicious threats that use e-mail, SMS and mobile Web browsers to launch an attack, then silently record and steal data.
Top-level corporate study findings:
- 64% of companies allow remote access to servers for 25% to 100% of employees
- 90% of companies agree that managing the security of remote users is extremely challenging
- 71% of Web security professionals who say managing remote users is highly challenging experienced Web-borne phishing attacks in 2012
The proliferation of mobile devices for business use and the need to grant remote user access exposes corporate networks to high rates of malware threats, including phishing attacks, spyware, keyloggers and hacked passwords.
While allowing such devices to access company resources aids productivity, the potential for new exploits to compromise businesses creates significant security risks to the organization and private data. Enabling remote access to corporate servers requires sensible policies and controls to ensure network security.
The study, which surveyed Web security decision-makers in the United States and United Kingdom, found that companies with 25% or more of their workforce using remote access experience higher rates of Web attacks due to a lack of such protection measures.
“These days, there is so much risk involved from a corporate perspective that remote access protection must be part of all basic tool kits. Vulnerabilities in mobile Web browsers pose a major threat to mobile device security and our latest study shows that they have led to an increasing number of successful attacks in 2012,” said David Duncan , Chief Marketing Officer at Webroot.
“Mobile browser security is essential to reduce the vulnerabilities from websites containing malware and stop phishing attacks. This should be mandatory if employees are to have remote access to any corporate network or other corporate online resources via their mobile devices.”
What can organizations do?
The new “Remote Users Expose Companies to Cybercrime” report provides a comprehensive analysis of the current mobile Web browser vulnerabilities and includes steps to secure browser controls and reduce the risks associated with mobile browsing. You can view the full report at http://www.webroot.com/remote-security-report-2013 or visit Webroot at InfoSecurity Europe 2013, held in London in booth #D60, April 23 through 25, 2013 for a complimentary copy.
Tuesday, April 23rd, 2013
According to Trend Micro’s (TYO: 4704; TSE: 4704) Q1 2013 Security Roundup Report, the company’s researchers raised the alarm about zero-day vulnerabilities in addition to concerns about the recent concentrated attack in South Korea.
Collectively, these events demonstrate that zero-day vulnerabilities remain a threat while attack innovations are growing in sophistication, intensity and severity.
Trend Micro’s synopsis of prominent Q1 threats, includes:
New attacks against Oracle’s Java and Adobe’s Flash Player, Acrobat and Reader reveal that vulnerabilities are emerging faster than they can be patched and are quickly being incorporated into professional attack kits such as the “Black Hole Exploit Kit.”
“Of course Java is cross-platform and that is somewhat attractive to criminals, but what is really attractive is its vulnerabilities and its ubiquity,” said Rik Ferguson , Trend Micro’s VP, Security Research.
“This definitely won’t be the last zero-day vulnerability in Java and it won’t be the end of the vast attack surface that it currently offers to criminals.”
It’s still a good idea to disable Java in your browsers, security experts say. If you don’t actually need it, you may want to uninstall it from your devices entirely.
Attacks on South Korea
The high-profile attacks executed in South Korea this March reinforce that theft is no longer the sole focus of hacking efforts, but rather these breaches are also designed to cripple critical networks via innovative techniques including:
- Multiplatform focus such as UNIX and LINUX
- Specific countermeasures for installed security software
- Hijacking of patch management systems
“Given the capability of what took place in South Korea, it is likely that increasingly destructive attacks will continue to be a threat,” said Tom Kellermann , VP, Cyber Security. “With each quarter, attacks are becoming bolder and more targeted, pointing to concerns far beyond the compromise of personal data.”
For the complete report, please visit: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt-zero-days-hit-users-hard-at-the-start-of-the-year.pdf.
Thursday, April 18th, 2013
If you’re not carefully protecting your customers’ private information, a security breach could cost your firm dearly. A global study of consumer attitudes towards company stewardship of personal data conducted by the Economist Intelligence Unit (EIU) shows that data breaches can cause major damage to the business of the companies affected.
The study, written by the EIU and entitled “Privacy Uncovered: Can private life exist in the digital age?”, was sponsored by Beazley. It reflects the views of more than 750 consumers around the world, exploring in detail the link between trends in privacy and data security with businesses’ use of consumer data. The EIU’s report also includes commentary from regulators and business leaders on the study’s findings.
Customers desert firms after a data breach
More than 32% of respondents in the study said they “strongly agreed” with the statement that, in the event of a data breach, they would cease to do business with the organisation concerned.
When they were asked whether they had personally suffered a data breach in the past two years, 23% of respondents said they had. Describing how they had reacted to a breach, 38% said they no longer did business with the organisation concerned “because of the data breach.”
Personally, we’ve been lightly affected by security breaches on the part of firms we do business with, but deserted one that required us to get a new credit card and remain wary of those we hear about suffering them. A business that’s too busy to take care of our private data is too busy for us to do business with them.
“Consumers clearly feel very strongly about the perceived betrayal of trust that a data breach represents,” said Paul Bantick , who heads Beazley’s Technology, Media and Business Services team in London.
A wide ripple effect
“The ripple effects can be very wide – the EIU research also found that 46% of respondents that had suffered a data breach had advised friends and family to be careful of sharing data with the organisation.
“There appears to be a strong willingness not just to cease doing business with a company that loses your data but to tell your family and friends about it – so there’s a clear multiplier effect in terms of the reputational damage that can be inflicted,” said Mr Bantick.
Regulation poorly understood
The study also revealed widespread unease about the stringency of regulation concerning the misuse of customer data.
More than 70% of respondents in Europe and the US said that regulation was not strong enough, as did 69% of respondents in Asia. Incentives for businesses to protect personal data were seen as inadequate by nearly 70% of respondents, with little variation among European, American and Asian respondents.
“It is clear that one of the biggest problems is transparency and complexity,” Nellie Kroes , the European Commissioner for the Digital Agenda in Europe, is quoted in the report as saying. “People may even be protected [legally], but may not know because [the regulations or contracts] are too complex.”
The European Commission is seeking to strengthen regulation in this area and has proposed the adoption throughout the European Union of a General Data Protection Regulation to make the rights and protections of citizens clearer.
Confidence in data security varies depending on organisation holding data
Most secure organizations
The EIU study suggests that perceptions of data security at various organizations vary widely. For example, only 10.6% of respondents thought their data “very secure” with online retailers, versus 17.2% with healthcare providers such as doctors and hospitals, and 17.6% with the government or government agencies.
By a large margin, the most secure organisations were perceived to be banks and other financial institutions, with more than 41% of respondents perceiving them as “very secure,” 49.8% as “moderately secure,” and only 6.6% as “not secure at all.”
“We keep on hearing how banks in the US and Europe have lost consumers’ trust,” said Bantick. “In some respects that may be the case, but when it comes to stewardship of private customer data the research suggests they still enjoy a far higher level of trust than other organisations.”
Wednesday, April 17th, 2013
The cybercriminal organization called the Winnti group has been attacking companies in the online gaming industry since 2009 and is currently still active, says a detailed research report from Kaspersky Labs that analyses a its sustained cyberespionage campaign.
The group’s objectives are stealing digital certificates signed by legitimate software vendors in addition to intellectual property theft, including the source code of online game projects.
The first incident that drew attention to the Winnti group’s malicious activities occurred in the autumn of 2011, when a malicious Trojan was detected on a large number of end-user computers across the globe. The clear link between all of the infected computers is that that they were used to play a popular online game.
Shortly after the incident, details emerged that the malicious program which had infected the users’ computers was part of a regular update from the gaming company’s official server.
Installed by accident on user computers
Infected users and members of the gaming community suspected the computer game publisher was installing the malware to spy on its customers. However, it later became clear that the malicious program was installed on the players’ computers by accident, and the cybercriminals were actually targeting the video game company itself.
In response, the computer game publisher that owned the servers which spread the Trojan to its users asked Kaspersky Lab to analyse the malicious program. The Trojan turned out to be a DLL library compiled for a 64-bit Windows environment and used a properly signed malicious drive.
It was a fully functionally Remote Administration Tool (RAT), which gives attackers the ability to control a victim’s computer without the user’s knowledge. The finding was significant as this Trojan was the first malicious program on a 64-bit version of Microsoft Windows that had a valid digital signature.
More than 30 companies were infected
Kaspersky Lab’s experts began analysing the Winnti group’s campaign and found that more than 30 companies in the video industry had been infected by the Winnt group, with the majority being software development companies producing online video games in South East Asia. However, online gaming companies located in Germany, the United States, Japan, China, Russia,Brazil, Peru, and Belarus were also identified as victims of the Winnti group.
In addition to industrial espionage, Kaspersky Lab’s experts have identified three main monetisation schemes that could be used by the Winnti group to generate an illegal profit:
- Manipulate the accumulation of in-game currency, such as “runes” or “gold,” that’s used by players to convert the virtual money into real money.
- Use the stolen source code from online game servers to search for vulnerabilities inside games to augment and accelerate the manipulation of in-game currency and its accumulation without suspicion
- Use the stolen source code from servers of popular online games in order to deploy their own pirated servers.
Currently the Winnti group is still active and Kaspersky Lab’s investigation is ongoing. The company’s team of experts has been diligently working with the IT security community, online gaming industry and certificate authorities to identify additional infected servers while assisting with the revocation of stolen digital certificates.
Monday, April 15th, 2013
CEB (NYSE: CEB), a member-based advisory company, says its latest Executive Guidance indicates that 72 percent of companies are hindering peak performance with outdated and overly restrictive approaches to information security.
In today’scollaborative work environment, ability to access and leverage information is more critical than even before to drive productivity and growth.
Unfortunately, most companies are working with outdated policies that limit this access, resulting in as much as $20 million in performance drag annually for large organizations.
In a study of 3,000 executives and more than 220,000 employees, CEB found that companies must change the way they think about information risk shifting from a “reduction” to a “management” mindset in order to maximize productivity and achieve business goals.
Given that 81 percent of senior executives report that new uses of information are central to their growth strategy and 93 percent of employees admit to violating information security policies because they prevent them from doing their jobs effectively, organizations must learn to balance the risks and rewards of information access as a necessary cost of doing business.
“Most risk managers mistakenly believe their role is to reduce risk. Instead, the primary goal of information risk management must evolve from risk reduction to maximizing the business value of information,” said Jeremy Bergsman , managing director, CEB.
“Business unit leaders need to manage information risk differently to taking accountability for decision making. Risk management functions, including information security, legal and enterprise risk management, must work jointly to define the scope to be managed and the set of activities necessary for business leaders to successfully share responsibility.”
Business leaders seeking to manage risk effectively should stop risk managers from focusing on risk reduction, and instead direct them to empower business unit leaders to share in the risk management process.
By redefining information risk management as maximizing the business value of information, organizations can make responsible decisions that increase productivity and drive growth.
To learn more about the challenges of information risk management, visit CEB’s Executive Guidance.
Monday, April 15th, 2013
If you’re not protecting your mobile devices from malware, you’re headed for trouble from such things as “smishing.”
Mobile malware threats are rapidly increasing and quickly growing smarter.
According to a new security report released today by NQ Mobile Inc. (NYSE: NQ), a leading global provider of mobile Internet services, mobile malware threats increased 163% to more than 65,000 in 2012.
The company warns, however, that the problem is becoming more complex as smarter mobile malware can better target connected devices.
Malware Grows and Becomes Smarter
Nearly 95 percent of all mobile malware discovered in 2012 targeted the Android OS. The top three methods for delivering malware in 2012 were app repackaging, malicious URL, and smishing. NQ Mobile estimates that these forms of malware helped infect an estimated 32.8 million Android devices in 2012 — an increase of over 200 percent from 2011.
What are these threats?
App repackaging: Concealing malicious malware in a seemingly legitimate app
Malicious URLs: Fake URLs masquerading as legitimate URLs such as, banking websites
Smishing: Phishing by way of SMS messages
In the first quarter of 2013 mobile malware threats continued to grow and have become smarter. In February of this year, a new type of mobile malware was discovered that could jump from an Android device to infect a PC when they were connected via the USB port.
Although only a few Android devices were infected, this attack illustrates the growing need to keep private data secure in an increasingly interconnected device ecosystem.
Mobile Hackers Sell Private Information to Cybercriminals
NQ Mobile Security Labs, a team of over 250 mobile security professionals around the world who proactively monitor the mobile landscape for new malware threats and mobile hacking methods, have been also been observing increased collaboration between mobile hackers and cybercriminals.
These unlawful collaborations can have disastrous effects on consumers. Mobile hackers are using malware to capture consumers’ private information and then selling this information to cybercriminals who are in turn using social engineering tactics to gain access to the consumers’ finances.
“The security industry’s ‘discover-first-and-inoculate-second’ strategy is no longer enough,” said Omar Khan , Co-CEO, NQ Mobile. “We need smarter systems that can discover threats before they infect consumers as well as more education so consumers can better spot and avoid these new mobile scams.”
- Over 32.8 million Android devices were infected in 2012 vs. 10.8 million in 2011 – an increase of over 200 percent
- The top five markets for infected mobile devices were China (25.5%), India (19.4%), Russia (17.9%), United States (9.8%) and Saudi Arabia (9.6%)
- 65% of malware discovered in 2012 falls into a broader category of Potentially Unwanted Programs (or PUPs). PUPs include root exploits, spyware, pervasive adware and Trojans (surveillance hacks)
- 28% of mobile malware discovered in 2012 was designed to collect and profit from a user’s personal data
- 7% of malware was simply designed to make a user’s device stop working (i.e., “bricking” their phones)
- Looking ahead, NQ Mobile estimated that over 10 million devices have already been infected in the first quarter of 2013
NQ Mobile’s 2012 Security Report is based on insights from NQ Mobile’s Security Labs, as well as data collected from NQ Mobile’s global malware database, scanning engines and its network of hundreds of millions of registered users.
To view a full copy of NQ Mobile’s 2012 and 1Q 2013 Mobile Security Reports, including charts and additional information on malware discoveries, please visit NQ Mobile’s blog at: http://www.nq.com/2012_NQ_Mobile_Security_Report.pdfhttp://www.nq.com/Q1_2013_NQ_Security_Dashboard.pdf
Thursday, April 11th, 2013
If you’re looking for a video game hack, you might want to reconsider. The AVG Viruslab Research Group has identified more than 90% of all unauthorized ‘hacks’ for major computer games are infected with malware.
These hacks take many forms, including cheats, patches and ‘keygens’ that enable use of pirated games, but all are designed to appeal to players looking to either accelerate their in-game process or get something for free.
However, while the hacks may appear attractive at first glance, most are created by cybercriminals looking to pry, disrupt or steal.
Although only a small percentage of those gamers will go looking for a hack, the top 5 games are played by an aggregate total of around 330 million players worldwide, meaning the potential target market for the cybercriminals is still huge – even if just 0.1% of players go looking for a hack, that could mean 330,000 gamers are at risk of falling victim to the malware.
To read the full AVG Insight on the AVG Media Center, or to download a PDF copy, please click here.
Monday, April 8th, 2013
Retail Reputations: A Risky Business, a report from McAfee says the industry is facing growing risks with both legacy and newer point of sale systems (POS).
The report discusses how the retailing industry’s reliance on third parties for service and support is creating security vulnerability and privacy issues. Today’s advanced security threats mean that a retailer needs to be more than just PCI DSS compliant in order to protect customer information beyond credit cardholder data.
“The industry is very fragmented with a large base of smaller merchants utilizing secondary market or used point of sale systems,” said Kim Singletary, director of retail solutions marketing at McAfee.
“Merchants who do not have a broader security and privacy focus are leaving themselves vulnerable to susceptible systems and processes. If security, compliance and privacy adherence were more transparent to consumers, then retailers could look at these things as business differentiators rather than obligations.”
Need to be concerned
System integrators in the retail industry are being asked to be certified by the PCI Council as a key component to the technology and service supply chain to resolve the inconsistent attention to security and vulnerable configuration issues that could lead to security compromise.
Retailers need to be concerned with how they evolve customer engagement and ensure their security strategy and plans address the growing threat landscape. Securing POS systems from basic system functions to newer applications that utilize customer information is essential to protecting the retailer’s brand and reputation.
The McAfee report reveals that POS systems are updated too infrequently, creating vast windows of opportunities for criminals to find and exploit vulnerabilities.
Once a new vulnerability is located, businesses using the same types of systems can be easily identified and targeted for attack. The vulnerabilities with POS systems that are not regularly updated increase the likelihood that consumers’ cardholder and personal data is at risk.
“Retailers have worked hard not to store cardholder data, however, they still maintain a great deal of specific proprietary customer data on their networks that are a potential treasure trove for criminals and identity thieves,” said Greg Buzek, founder and president of IHL Consulting Group. “When a security breach occurs, retailers are at risk of losing their customers’ trust and business.”
Invest in protecting consumer information
The report calls attention to the need for retailers to invest in protecting consumers’ information. McAfee recommends retailers implement higher levels of security to defend against advanced security threats such as:
The report also recommends retailers use orchestrated security management solutions for POS systems to reduce the burden of distributed system security monitoring and policy management.
Personally, if a retailer has a security problem that affects us, we’re quite likely to stop shopping with that retailer. These things need to be handled proactively, not after a security breach.
To download a copy of McAfee’s retail reputation report visit http://www.mcafee.com/us/resources/reports/rp-retail-reputations.pdf
Monday, April 1st, 2013
A new study of over 1,400 consumers, from market research firm Chadwick Martin Bailey, finds that while one-half of smartphone owners are familiar with mobile wallets; many who are familiar have reservations about adopting.
The research also reveals that beyond allaying security concerns, mobile wallet providers must do more to articulate the advantages of the technology over more traditional forms of payment. Additional insights include:
Mobile wallet providers who guarantee fraud and theft protection are well positioned to drive adoption among mainstream consumers—Concerns over security remain a significant barrier to adoption, but the promise of 100% fraud protection substantially increases willingness to adopt.
Notably, these security-conscious smartphone users are the most likely to identify banks and credit card companies as their preferred mobile wallet provider.
Ways to gain an advantage
Customers find the benefits of location-based services appealing, but privacy and battery life remain concerns. Respondents indicate location-based services that facilitate information gathering, like showrooming, drive adoption, but too many alerts and offers are unappealing. Providers willing to allow users to customize the number and type of offers they receive may have an advantage.
While banks and credit card companies are the clear choice for the security conscious, opportunities exist for other providers.
Convenience, features, and usability are compelling attributes for many current and prospective mobile wallet users; while banks win on security, the feature-conscious prefer tech giants—with Amazon and Google topping the list as their preferred mobile wallet provider. For those who value convenience, credit card companies hold the advantage.
“These findings reveal that consumers are still in the early stages of understanding the uses and benefits of mobile wallets—there remain many elements (players, features, positioning, etc.) that will evolve over the next 12 to 18 months,” says Jim Garrity, SVP of Chadwick Martin Bailey’s Financial Services practice.
“With security concerns a key hurdle to adoption, banks are well-positioned as trusted providers of secure financial services, but this window of opportunity won’t remain open for very long. Consumers already have the technology at their fingertips; and as familiarity increases, other entrants are proving that they are secure, reliable, and offer clear advantages that drive adoption.”
Friday, March 29th, 2013
A new Web security study finds that the vast majority of organizations that allow employees to freely access the Web are experiencing high rates of malware threats, including phishing attacks, spyware, keyloggers and hacked passwords.
Conducted by Webroot,which sells Internet security as a service, the study reveals that Web-borne attacks are impacting businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities.
We hate to harp on a single theme, but more and more studies show that cyber security is overwhelming many businesses as a nearly unbroken string of prominent hacks, security breaches and loss of information by major companies, organizations and even government agencies shows.
To mitigate these significant business risks a properly layered defense with effective endpoint and Web security and monitoring needs to be in place.
Top-level corporate study findings:
- 8 in 10 companies experienced one or more kinds of Web-borne attacks in 2012
- 88% of Web security administrators say Web browsing is a serious malware risk
- Phishing is the most prevalent Web-borne attack, affecting 55% of companies
The study, which surveyed Web security decision-makers in the United States and United Kingdom, found an overwhelming 79% percent of companies experienced Web-borne attacks in 2012.
These incidents continue to represent a significant threat to corporate brands. Results show that almost all of the Web security administrators agreed that Web browsing is a serious malware risk to their companies.
We’re online so much here at the TechJournal that we backup our own cloud-based antivirus program with regular scans by Malware Bytes (which has repeatedly found and deleted trojans and other malware missed by our other protection). We also use Spybot , which will immunize your system against many threats, and SuperAntispyware, which is very good at removing third party tracking cookies.
Despite the obvious awareness of the risks, only 56% of participants said they had implemented Web security protection and more than half of companies without Web security had Web sites compromised.
“Protecting against Web-borne malware should be a high priority for all organizations since once inside a network, the propagation of malware can take down the entire company, effectively disabling an organization,” said Sara Radicati , President and CEO at Radicati Group.
“Finding a balance between providing employees Web access and ensuring corporate information security requires a solid Web security solution and is an essential requirement for companies to avoid this costly liability.”
The major trends that are driving businesses and information technology today—mobility, social networking, BYOD and cloud computing—are also making organizations more susceptible to security attacks.
More than ever, cybercriminals are taking advantage of these Web-based vulnerabilities, making the threat landscape more challenging. According to the results, phishing represents one of the fastest-growing causes of breaches and data loss as cybercriminals become progressively adept at luring users into divulging sensitive corporate data.
“It’s no surprise that the latest study shows that attacks are increasing in frequency, complexity and scale. Organizations need to implement layered defenses from the endpoint to the network to understand not only what is happening but where the attacks are manifesting from and when,” said David Duncan , Chief Marketing Officer at Webroot.
“Given that instantaneous attacks are morphing constantly and are eluding traditional detection mechanisms, organizations require a cloud-based solution that is effective in this new environment, as well as easy to deploy, quick to respond and flexible to address today’s sophisticated cyber-threats.”
What can organizations do?
The new “Web Threats Expose Business to Data Loss” report provides a comprehensive analysis of the current Web-based vulnerabilities, and includes steps to reduce the risks associated with this rapidly changing threat landscape. The full report is available at http://www.webroot.com/web-security-report-2013.
Thursday, March 28th, 2013
Denial of service attacks against a spam-fighting organization by anonymous users of a Dutch Internet service provider known for hosting spammers has drawn attention to a problem that can be solved.
The DDOS (Distributed Denial of Service) attacks against antispam group Spamhaus and the company it hired to help it fight off the attacks, CloudFlare, was so powerful it slowed internet service for many users early this week.
Salon offers this: Yeah, we broke the Internet.
According to new research from International Data Corporation (IDC), these attacks render servers and/or network resources unavailable by overwhelming them with traffic.
The evolution from hacktivism to financial gain to disguising more targeted attacks is evidence of a re-emerging trend that exploits the weaknesses and vulnerabilities of some of the world’s largest and most powerful organizations, IDC says.
In 2012, there was a sharp increase in the frequency, bandwidth volume, and applications orientation of these attacks. “As these attacks surged in prevalence and sophistication, organizations were often caught unaware.Embedded capabilities were quickly overwhelmed and outages were readily apparent on the Web.”
This is driving the need for proactive solutions to protect customer’s infrastructure from current and future attacks,” said Christian A. Christiansen, Vice President, Security Products & Services research at IDC.
As detailed in the IDC forecast, the worldwide market for DDoS prevention solutions (including products and services) will grow by a compound annual growth rate (CAGR) of 18.2% from 2012 through 2017 and reach $870 million.
Many in the Internet community hope these prominent attacks knock the complacency out of service providers before the capability of mounting ever larger, more massive assaults cause even more harm.
Best practices could limit attacks
These attacks could also be stopped if Internet companies and organizations followed a set of best practices described by the Internet Engineering Task Force, a voluntary group of Internet and telecom engineers.
However, the New Times has noted that those best practices are used only by a relatively small number of companies.
There is hope in the Internet engineering community that the recent high profile attacks may wake up ISPs and others so that they invest the time, effort and money necessary to implement best practices to help create a “peaceful Internet.”
Wednesday, March 27th, 2013
More than 80% of IT security professionals believe that corporate employees deliberately ignore security rules issued by the IT department.
The survey, which looked at the attitudes of nearly 250 IT security professionals, also discovered that more than half of those who think that workers deliberately ignore IT security directives do not believe end-users would listen more even if these mandates were issued by executive management.
These findings are despite the fact that more IT security professionals and vendors are insisting that in order to improve IT security within organizations, strategic guidance must be issued from the board level.
Commenting on the research, Philip Lieberman, CEO of Lieberman Software, said: “These figures highlight the fact that most end-users are still not taking IT security seriously and are unnecessarily putting corporate data — and potentially customer information — at risk.
And these behaviors are continuing even after it has been proven that human error is the leading cause of data breaches. Organizations need to implement better cyber security training that properly instructs staff about the consequences of data breaches.
“IT groups must also look beyond conventional security products and invest in technology like privileged identity management (PIM),” continued Lieberman. “PIM products ensure that powerful privileged accounts found throughout the enterprise in large organizations are available only to authorized IT personnel with limited-time, audited access. This ensures that end-users are not able to accidentally or maliciously change configuration settings, access systems with sensitive data, or perform other actions that are not required of their jobs.”
The survey was conducted in February at RSA Conference 2013 in San Francisco.
For more information on the survey, seewww.liebsoft.com/2013_information_security_survey.
Monday, March 25th, 2013
Traditional antivirus solutions are not identifying the vast majority of malware infecting networks via real-time applications such as web browsing, according ot the Modern Malware Review.
The Modern Malware Review is the first industry report to examine the behavior of unknown malware throughout its entire lifecycle, beginning when it enters the network, how it behaves once it is on the infected device and finally the outgoing traffic it generates.
We write a lot about security these days here at the TechJournal. We’ve wrestled with our own security problems with WordPress and our personal and business equipment. It’s a daily battle to stay ahead of the bad guys. Just over the weekend we had to use three different programs to root out two different Trojans buried on a laptop.
Key findings include:
- 94 percent of the fully undetected malware found on networks was delivered via web browsing or web proxies.
- 70 percent of malware left identifiers in their traffic or payload that can be used by security teams for detection.
- 40 percent of seemingly unique malware are actually repackaged versions of the same code.
- FTP is a highly-effective method for introducing malware to a network. 95 percent of malware delivered via FTP went undetected by antivirus solutions for more than 30 days.
- Modern malware is highly adept at remaining undetected on a host device. The review identified 30 different techniques for evading security and more than half of all malware behaviors were focused on remaining undetected.
Not enough to detect malware
“It’s not enough to simply detect malware out there that is evading traditional security. Enterprises should come to expect more comprehensive prevention from their vendors,” said Wade Williamson , senior research analyst, Palo Alto Networks.
“That’s what the Modern Malware Review is signaling – analyzing undetected malware in real networks has enabled us to arm IT security teams with actionable information for reducing their exposure against threats they might have otherwise missed.”
The review provides recommended policies that can help security managers better protect their networks against malware attacks.
Relocated, repackaged malware code
For example, by knowing that the majority of malware is simply relocated and repackaged versions of the same code, such as Zeus botnets, security teams can use a variety of indicators to identify it and create security policies that can automatically block it.
“Security managers are bombarded almost daily with alerts about the latest malware threats, and manually examining each threat to develop policy to stop it would overwhelm any security team,” said Phil Cummings , security administrator, Health Information Technology Services of Nova Scotia.
“Reports like Palo Alto Networks’ Modern Malware Review provide the kind of real-world data and actionable policy recommendations that make my job easier.”
The Modern Malware Review analyzes malware collected by Palo Alto Networks between October and December 2012 via its WildFire malware analysis service. The review identified 26,000 different malware samples on networks that had gone completely undetected by their antivirus solutions.
To download the Modern Malware Review, please visit: http://www.paloaltonetworks.com/mmr.
Friday, March 15th, 2013
Most vulnerabilities 986%) discovered in the most popular 50 programs in 2012 were in non-Microsoft (or “third-party”) programs.
The Secunia Vulnerability Review findings support that the primary threat to endpoint security for corporations and private users alike comes from non-Microsoft programs, and that vulnerability and patch management efforts must span much wider than to just deal with the familiar interfaces of Microsoft software and a few usual suspects from other vendors.
Microsoft vulnerabilities much lower share
The identified 86% represent an increase from 2011, when non-Microsoft programs represented 78% of vulnerabilities discovered in the Top 50 most popular programs.
The remaining 14% of vulnerabilities were found in Microsoft programs and Windows operating systems – a much lower share compared to 2011, indicating that Microsoft continues to focus on security in their products.
Number of vulnerabilities is on the increase
“Companies cannot continue to ignore or underestimate non-Microsoft programs as the major source of vulnerabilities that threaten their IT infrastructure and overall IT-security level.
The number of vulnerabilities is on the increase, but many organizations continue to turn a blind eye, thereby jeopardizing their entire IT infrastructure: It only takes one vulnerability to expose a company, and no amount of processes and technology that supports operating systems and Microsoft programs will suffice in providing the required level of protection,” said Morten R. Stengaard , Secunia’s Director of Product Management.
The Secunia Vulnerability Review 2013 documents that the number of vulnerabilities discovered in the 50 most popular programs on private PCs has increased by 98% over the past 5 years, and non-Microsoft programs are the culprits.
Consequently, it is becoming more and more necessary for companies to invest and focus on vulnerability and patch management in order to deal with the root cause of many security issues: vulnerabilities in software.
Information technology research company Gartner’s research emphasizes the risk software vulnerabilities pose to organizations, and presents a strong argument for a proactive approach to getting patch management up to speed:
“Through 2015, 80% of successful attacks will exploit well-known vulnerabilities and be detectable via security monitoring. […]
Applications are the gateways to the data that is the focus of a targeted attack. Dynamic application security testing (DAST) tools can be used to scan productions applications to find vulnerabilities.
When a vulnerability is present on a running application, production data is at risk, and remediation cycle times are long – typically taking multiple months.”(*1)
Ignore at your own peril
Gartner places “patching beyond just the OS (common applications) on all systems” among their “Best Security” recommendations for securing midmarket IT environments (*2).
Even so, IT professionals everywhere are inclined to focus on patching Microsoft programs, operating systems and just a few other programs. And ignoring the threat that vulnerabilities represent in non-Microsoft programs is both reckless and unnecessary.
‘Reckless’, because in the most popular 50 programs, no less than 1,137 vulnerabilities were discovered in 18 different programs – that’s an average of 63 vulnerabilities per vulnerable product in the most popular programs on private PCs worldwide.
‘Unnecessary’, because Secunia’s research also demonstrates a positive trend: In 2012, 84% of vulnerabilities had a patch available on the day they were disclosed
No excuse for not patching
“This means that it is possible to remediate the majority of vulnerabilities. There is no excuse for not patching.
To take advantage of this improvement in patch availability, organizations must know which programs are present on their systems and which of these programs are insecure, and then take an intelligent and prioritized approach to remediating them,” said Morten R. Stengaard .
The fact that 84% of vulnerabilities have a patch available on the day of disclosure is an improvement to the previous year, 2011, in which 72% had a patch available on the day of disclosure.
The most likely explanation for this improvement in ‘time-to-patch’ is that more researchers coordinate their vulnerability reports with vendors.
(*1): Gartner Research: “Adapting Vulnerability Management to Advanced Threats”, August 2012.
(*2) Gartner Webinar: Best Practices for Securing Midmarket IT Environments, February 2013