Posts Tagged ‘cyber crime’
Wednesday, April 24th, 2013
 Do you play online games? If you do, beware. Cyber criminals are trying to steal your personal information.
The APWG reports in its Q4 2012 Phishing Activity Trends Report this week that phishing attacks against online game players saw a massive increase, climbing from 2.7 percent of all phishing attacks in Q3 to 14.7 percent in Q4.
“The success of the sector and the richness of in-game commerce options available in online game systems has attracted the attention of phishers who’ve had a decade to hone their skills against online banking and commerce systems. Playing safe is an important today as playing fair,” said APWG Secretary General Peter Cassidy.
Attacks doubled
Attacks against social media sites doubled to 6 percent, up from 3 percent in Q3. Financial services continued to be the most-targeted industry sector in the fourth quarter, with payment services close behind, the report found.
Online gaming credentials are valuable to certain criminals, who sell them on the black market. In-game items held in those accounts can also be sold by phishers for real-world cash. Depending upon how much information is revealed, the victims can even have their real-life identities stolen.
Increased emphasis on malware
Overall the APWG’s statistics show that the number of phishing sites declined every month from April 2012 through December 2012. In Q4, the APWG received reports of 51,232 unique phishing sites in October, falling to 28,195 in December.
This and other statistics reveal that criminals are relying less on pure social engineering scams such as classic phishing based on social engineering schemes. Instead, there is increased emphasis on deploying crimeware – malware designed to steal the user’s credentials automatically and placing them in the phisher’s control.
Trojans continue to account for about three-quarters of all newly detected crimeware threats.
Penetration of malware is high
The penetration of malware payloads is also high. According to APWG contributor Luis Corrons of PandaLabs, during Q4 about 30 percent of personal computers worldwide were infected with malware. More than 57 percent of PCs in China may have been infected, while PCs in European nations were infected least-often.
“These shifts are due to fraudsters using more advanced phishing techniques, such as geo-IP blocking and malware,” said Ihab Shraim, Chief Information Security Officer and VP, Anti-Fraud Engineering & Operations at MarkMonitor.
“Phishers are also taking advantage of the availability of non-traditional platforms such as social media and mobile to launch newer types of targeted phishing attacks.”
The full text of the report is available here: http://docs.apwg.org/reports/apwg_trends_report_Q4_2012.pd
Tags: cyber crime, financial services, malware, online gaming, phishers, social media
Posted in games, Internet/New Media, Studies, surveys, reports | No Comments »
Tuesday, February 19th, 2013
 The Mobile Security: McAfee Consumer Trends Report, says cyber criminals are growing increasingly sophisticated in mounting their digital attacks.
The report identifies a new wave of techniques hackers use to steal digital identities, commit financial fraud, and invade users’ privacy on mobile devices.
Mobile platforms have become increasingly attractive to cybercriminals as consumers live more of their digital lives on smartphones and tablets.
Mobile attracting mischief
 According to IDC, mobile devices are surpassing PCs as the preferred way to access the Internet and the number of people using PCs to go online will shrink by 15 million over the next four years, while the number of mobile users will increase by 91 million.
With the mobile space becoming a more enticing platform for online mischief, the complexity and volume of threats targeting consumers will continue to increase. Using its extensive global threat intelligence network (GTI), McAfee Labs analyzed mobile security data from the last three quarters.
“Despite elevated consumer awareness of threats on mobile platforms, there is still a significant knowledge gap surrounding how and when devices become infected and the level of potential damage,” said Luis Blando, vice president of mobile product development at McAfee.
“Cybercriminals are exhibiting greater levels of determination and sophistication leading to more destructive, multi-faceted hacks that are harder to spot, and thus warrant a greater degree of security and vigilance. Our goal in releasing this report is to help consumers understand the risks they face and learn ways they can stay safe and compute with confidence on all of their devices.”
In the report, McAfee Labs identifies the following threats as the most severe existing and new trends consumers will encounter in 2013:
 Risky Apps: Cybercriminals are going to great lengths to insert infected apps into trusted sources such as Google Play and the risks within each app are becoming more intricate.
As a matter of fact, McAfee Labs found that 75 percent of the malware-infected apps downloaded by McAfee Mobile Security users, who are apt to be more security conscious than the average consumer, were housed in the Google Play store, and that the average consumer has a one in six chance of downloading a risky app.
Nearly 25 percent of the risky apps that contain malware also contain suspicious URLs, and 40 percent of malware families misbehave in more than one way.
A risky app may allow someone to:
- Steal personal information such as banking, email or wireless account details and combine that with location data to put together a complete picture of who you are
- Perpetuate fraud such as an SMS scam that will charge you without your approval
- Abuse a device by making it part of a criminal bot network, which allows someone to remotely control your phone
Black Market Activity: Botnet clients, downloaders, and rootkits are generic, useful software sold on black markets as part of software toolkits.
Criminals use these to commit premium SMS and click fraud, spam distribution, data theft, or bank fraud – and the complexity of these criminal activities is growing. Commercial criminals are now reusing and recombining these components to devise new, profitable schemes.
Drive-by Downloads: The first mobile drive-by downloads were seen in 2012 and we expect these to increase in 2013. On a mobile device, a drive-by download fools a user into downloading an app without knowing it. Once a user opens the app, criminals have access to the device.
Near Field Communication: In 2013, we expect to see criminals abuse the tap-and-pay near field communications (NFC) technology used in mobile payment programs, or “digital wallets.” This scam uses worms that propagate through proximity, a process we can call “bump and infect.”
The distribution path can quickly spread malware through a group of people such as in a passenger-loaded train or at an amusement park. When the newly infected device is used to “tap and pay” for the next purchase, the scammer collects the details of the wallet account and secretly reuses these credentials to steal from the wallet.
Worm malware like this will spread by exploiting vulnerabilities on devices. This development would monetize the 11.8 percent of malware families that already contain exploit behaviors.
As the mobile space evolves, criminals will look at ways to generate revenue from features only mobile devices have. During 2012, about 16 percent of malware families detected by McAfee attempted to get devices to subscribe to premium SMS messages. In 2013, we foresee an increase in threats that will have users finding out they bought premium apps only when they check their bills.
For a full copy of the Mobile Security: McAfee Consumer Trends Report from McAfee Labs, with additional threats, please visit:http://www.mcafee.com/us/resources/reports/rp-mobile-security-consumer-trends.pdf
Tags: botnets, cyber crime, drive by downloads, McAfee, mobile, NFC, root kits
Posted in Internet/New Media, IT, Mobile, Security | No Comments »
Thursday, February 14th, 2013
 Most cybercrime is carried out by a loose confederation of independent contractors who work together when necessary through online forums and “partnerkas” that allow them to pool their resources, but these online criminal networks can be foiled, according to a new report released today by the Digital Citizens Alliance.
The Digital Citizens report sheds light on how global organized crime leverages the Internet for scams and other schemes that hurt consumers.
The report also highlights recent examples in which others have weakened the glue that binds these criminal communities together by undermining trust relationships, isolating and apprehending key members, and making it more difficult for them to receive payment for their crimes.
The Tangled Web
The “Tangled Web” report is the first in a series on cybercrime by Digital Citizens – an alliance of individuals, organizations and businesses dedicated to making the Internet safer and crime-free. For the full report, please go to.
Understanding how cybercriminals work together is an important part of combatting criminal activities on the Web. According to the report, cybercrime is not as organized as often believed. More frequent than not, the loose confederation of independent contractors work together only when mutually beneficial to all cooperating parties. This includes sharing best practices on how to secure the money stolen from digital citizens.
Follow the money
The report also points out that tackling counterfeits, content theft and intellectual property crime requires disrupting their channels of cooperation and payment. The third option – following the money and cutting off the payment source – is singled out as the easiest way to deter cybercriminals.
“The most uplifting part of this report are the examples of the digital community working with payment processors to stop and deter cybercrime,” said Tom Galvin , executive director of Digital Citizens Alliance.
Here at the TechJournal, we see continual evidence that hacking attempts are often try to exploit once compromised images, posts or WordPress plugins, even though we patched those security holes. That suggests to us that they’re being led to those via hacking forums or other sources.
Citizens can help combat cyber crime
“With this report, we want digital citizens to know that they play a significant role in combatting crime on the Web. It doesn’t take just law enforcement. Anyone can help take down a cybercrime ecosystem through established reporting methods with payment card networks.”
The key pillars that support most criminal commerce online, includes black market online bazaars, cybercrime joint ventures, and underground exchanges.
Other report findings show that cybercriminals…
- Work through Forums and “Partnerkas” (When Mutually Beneficial): These online forums allow independent actors to pool their resources, aimed at creating personal wealth, power and greater access to the tools that may further future online criminal schemes.
- Diversify their Operations: Some of the most successful criminals are those who diversify their operations. An average crime forum member has ties to multiple types of illegal or illicit online enterprises.
- Use Pharmacy, Malware, Counterfeiting, and Dating as Popular Schemes: Most forums feature a myriad of services for driving traffic to crime affiliate programs including rogue pharmacy sites, fake antivirus or ransomware affiliate programs, counterfeit software and prescription drugs, organized dating and reshipping scams, toll fraud and SMS billing schemes.
Tags: criminal networks, cyber crime, digital citizens alliance, partnerkas, Tangled Web
Posted in Internet/New Media, IT, Security | No Comments »
Friday, January 11th, 2013
Security experts say a security flaw in Oracle’s Java software allows hackers to attack personal computers and it should be disabled in your browsers or uninstalled now.
You can find instructions on how to disable Java in whatever browser you are using online.
A security officer with Rapid7 told Reuters, “This is like open hunting season on consumers.”
Java has had many security problems in the past and frequently updates to patch holes.
News reports say cyber criminals are already using the Java security flaw to mount attacks via exploit kits available online.
You many wish to simply uninstall Java, although that will prevent some things from working in your browser.
We disabled Java in Chrome and Firefox, the two browsers we use, this morning. It only takes a minute or two.
Tags: cyber crime, disable Java, Java security flaw
Posted in Internet/New Media, Security | No Comments »
Wednesday, December 19th, 2012
While 2013 cyberthreats are already well anticipated and mundane, but Internet Identity (IID) predicts that by 2014 significant new methods of cybercrime will emerge. Some of them – such as murder via connected devices or a hacked power gird, are truly scary.
These new threats include the utilization of Internet connected devices to actually carry out physical crimes, including murders and cybercriminals leveraging mobile device Near Field Communications (NFC) to wreak havoc with banking and e-commerce.
IID also expects the industry to combat such threats with new platforms for sharing intelligence across researchers, commercial enterprises and government agencies.
What’s next?
“Being bold is predicting the end of the world this week coinciding with the end of the Mayan long-count calendar as some people are. What isn’t bold in cybersecurity is prognosticating the same old same old with more mobile malware, APTs giving cybercriminals backdoor access to their intended victims and even more data breaches of Fortune 500 companies as most industry pundits are,” noted IID president and CTO Rod Rasmussen.
“Those threats are well understood, and being addressed today. The more interesting thing from our perspective is what’s next? And how will the industry respond?”
Murder By Internet Connected Devices
 With nearly every device, from healthcare to transportation, being controlled or communicated with in some way via the Internet, IID predicts that criminals will leverage this to carry out murders.
Examples include a pacemaker that can be tuned remotely, an Internet-connected car that can have its control systems altered, or an IV drip that can be shut off with a click of a mouse.
“With so many devices being Internet connected, it makes murdering people remotely relatively simple, at least from a technical perspective. That’s horrifying,” continued Rasmussen.
“Killings can be carried out with a significantly lower chance of getting caught, much less convicted, and if human history shows us anything, if you can find a new way to kill, it will be eventually be used.”
NFC Danger
By 2014, Juniper Research predicts almost 300 million (one in five) smartphones worldwide will be NFC-enabled, and Global NFC transactions will total almost $50 billion. NFC, something mobile companies are heavily marketing, is a set of smartphone standards that enables everything from payments to unlocking of hotel room doors to automatic peer-to-peer information exchange between two devices placed closely together.
IID predicts that while the underlying technology in NFC is secure, almost all of the applications that will be written to interface with the technology will be riddled with security holes, and massive losses will ensue.
A gold mine for cyber crooks
 “The amount of banking and point of sale e-commerce apps that are being developed utilizing NFC is astronomical,” said IID Vice President of Threat Intelligence Paul Ferguson. “This is a gold mine for cybercriminals and we have already seen evidence that they are working to leverage these apps to siphon money.”
In lock-step with all of these threats, IID predicts a strong response in the form of an intelligence sharing network that will alert participating companies, government institutions and more about the latest cybercrime attacks.
Currently, government agencies lack clear guidance about the rules of engagement for sharing, and enterprises are worried about the potential liabilities created by intelligence sharing. IID expects that Congress will enact new cybersecurity legislation that provides safe harbor protections enabling enterprises and government institutions to share intelligence without such fears in the coming months.
Other cybersecurity trends IID predicts in 2014 include:
- A large increase of government sanctioned malware targeting other government institutions around the globe with nation states openly engaging in acts of cyber-espionage and sabotage
- At least one successful penetration of a major infrastructure component like a power grid that results in billions of dollars in damage
- An exploit of a significant military assault system like drones that result in real-world consequences
To read about the latest Internet security trends, go towww.internetidentity.com/resources/trend-reports to access IID’s quarterly eCrime Trend Reports.
Tags: 2014, banking, connected device murder, cyber crime, cybersecurity, ecommerce apps, exploits, Internet Identity, Juniper Research, legislation, NFC
Posted in Internet/New Media, IT, Security, smartphones | No Comments »
Thursday, June 7th, 2012
 LinkedIn director Vincente Silveira has confirmed that some of the enterprise social network’s passwords have been “compromised” when a user in a Russian forum uploaded over six million hashed LinkedIn passwords.
The online dating site eHarmony has confirmed that passwords for some of its accounts have also been breached.
In addition, many LinkedIn users have been targeted by email scams asking them to “confirm” their email address by clicking a link.
Both companies are contacting their users with information on what to do next.
EIN News is closely following this hot topic via its Company News Today website (http://companies.einnews.com/), see:
- LinkedIn Password Leak News - http://companies.einnews.com/news/linkedin-password-leak
- eHarmony Password Leak News - http://companies.einnews.com/news/eharmony-password-leak
Tags: cyber crime, eHarmony, EIN, LinkedIn, passwords leaked, Russian hacker, Security, Vincente Silveira
Posted in Internet/New Media, IT, Security, social media | No Comments »
Wednesday, June 6th, 2012
 As the number of data breaches involving smaller businesses continues to grow, a new survey by The Hartford finds that 85 percent of small business owners believe a data breach is unlikely, and many are not implementing simple security measures to help protect their customer or employee data.
“Most of the business owners surveyed believe they are not at risk, when in fact smaller businesses are increasingly being targeted,” said Lynn LaGram, assistant vice president of small commercial underwriting at The Hartford.
“As cyber criminals set their sights on smaller firms, it is important for business owners to take proactive measures to protect data and minimize the likelihood of a breach.”
The Hartford Small Business Data Protection Survey found that business owners varied in their adoption of eight data protection “best practices” to help reduce a business’s risk of a breach:
1. Lock and secure sensitive customer, patient or employee data - 48 percent
2. Restrict employee access to sensitive data – 79 percent
3. Shred and securely dispose of customer, patient or employee data – 53 percent
4. Use password protection and data encryption – 48 percent
5. Have a privacy policy – 44 percent
6. Update systems and software on a regular basis – 47 percent
7. Use firewalls to control access and lock-out hackers – 48 percent
8. Ensure that remote access to their company’s network is secure – 41 percent
The Hartford survey also found that nearly two-thirds of business owners (61 percent) believe a data breach violates trust and would jeopardize their relationships with customers, patients and employees. More than a third (38 percent) say they have a more negative opinion of companies that have recently experienced a breach, based on the companies’ handling of the breach.
About a third of business owners (34 percent) say they would have difficulty complying with government notification requirements, and nearly half (47 percent) acknowledge it would be impossible for a small business to completely safeguard customer, patient or employee data.
“Given the potential business and reputational costs of a data breach, it’s also important for business owners to have insurance in place to help them respond and recover quickly and effectively in the event of a breach,” said LaGram.
The Hartford offers information and resources for small businesses about data breach protection at www.hartforddatabreach.com.
Tags: Best Practices, cyber crime, data breach prevention, Lynn LaGram, Security, The Hartford Small lBusiness Data Protection Survey
Posted in Internet/New Media, IT, Security, Studies, surveys, reports | No Comments »
Thursday, March 8th, 2012
 Hacktivists such as Anonymous may be having at least one good effect. They’re raising awareness of the need for better cyber security.
When asked “Is your company a potential target for hacktivists, organized cyber crime or nation state attacks,” 73% of respondents believe their organization is a target for hacktivists, and 71% identified organized cyber crime as a threat.
Only 57% believe nation state attacks are a risk to their organization.
nCircle, which sells information risk and security performance management solutions, conducted the survey of 244 attendees of the 2012 RSA Conference in San Francisco.
“Unlike cyber crime, there is no such thing as a small, private breach for hacktivists unless it is part of a larger attack plan,” said Tim ‘TK’ Keanini, CTO for nCircle.
“Hacktivist breaches are designed for media value and public impact, so they are always fully disclosed and the targets are selected for maximum shock value. On the other hand, every business with an Internet connection is a potential target for organized cyber crime.
“Hacktivists have increased our collective awareness of cyber security to a completely new level — everyone from IT security pros to my grandmother is worried about cyber security.”
Tags: cyber crime, hacktivists, IT security, nCircle, San Francisco
Posted in IT, Security, Studies, surveys, reports | No Comments »
Thursday, February 23rd, 2012
 From 2010 to 2011, Android officially overtook Symbian as the most targeted mobile platform in the world by cyber criminals according to a new report from NQ Mobile Inc., (NYSE: NQ), a global provider of consumer-centric mobile Internet services focusing on security and productivity, indicates that
NQ Mobile’s Mobile Security Report also shows that in 2011, newer and more advanced forms of malware have successfully infected an estimated 10.8 million Android devices worldwide. This is expected to increase throughout 2012.
A double-edged sword
“Smartphones and tablets are finally delivering consumers with these converged and connected experiences we’ve been promised for so long,” says Omar Khan, Co-CEO NQ Mobile. “But this is a double edged sword: as smart device usage becomes more sophisticated, so too are cyber criminals’ methods of attacking consumers’ personal information.”
Key Findings for 2011
- Malware threats to Android devices increased 1880 percent from January to December 2011
- More than 10.8 million Android devices worldwide were infected by malware
- The top countries with infected Android devices were China, India, the United States of America, Russia and the United Kingdom
Trends in Malware Design
In 2011, malware created significant technical challenges for the industry. Specifically, mobile malware authors were not only actively applying advanced malware infection techniques from the traditional (and relatively mature) PC arena, but also developing new exploits or attacks unique the mobile platforms.
The top three techniques used by malware authors to gain access to mobile device were:
- Piggybacking on Legitimate Apps: Malware developers download popular applications, insert malicious code and then place the application back onto a marketplace. When users download and install this application it immediately launches its payload into the users smart device.
- Upgrade Apps to Malicious Apps: Similar to piggybacking, malware developers insert a special upgrade component into a legitimate application allowing application to be updated to a new, malicious version.
- Enticing Users for Downloads: The ability to side load applications outside of official application marketplaces allows malware developers an easy way to entice users to download malicious apps.
Predictions for 2012 and Beyond
As more consumers use their mobile devices to shop and bank, malware developers will be enticed by easy access to personal data. Despite best efforts by the market to actively develop and deploy advanced defense mechanisms, several types of mobile malware will continue to evolve in 2012.
- We will see more piggybacking on legitimate banking and financial apps as well as malware dressed up as security protection applications
- We will see more SMS fraud scams that charge users high rates for messaging and collect users’ personal data
- Popular on PCs, we will see more mobile botnets which will take advantage of security gaps and allow hackers to send messages, make phone calls and access user contacts and other personal information.
Tags: Android, cyber crime, malware, NQmobile, smartphones, Symbian, tablets, trends in malware
Posted in Internet/New Media, IT, Security, smartphones, Studies, surveys, reports | No Comments »
Friday, December 16th, 2011
 Cyber crooks will target small businesses, social media attacks will be more common, and mobile security threats will reach an all-time high in 2012.
So says The Cyber Security and Information Assurance Division of Kroll Inc., which released its annual security forecast, highlighting key areas of risk and trends that will impact how organizations and governments combat and respond to cyber threats.
“The events of 2011 suggest that the cyber security landscape will find public and private organizations are still on unsteady footing,” said Karen Schuler, practice leader of the Cyber Security and Information Assurance Division. “Traditional pain points for organizations including mobile technologies, incident response and regulatory requirements will intensify as new and developing challenges surface in 2012.”
“We frequently see organizations with protective measures based on the assumption that they are not a target,” said Alan Brill, senior managing director of the Cyber Security and Information Assurance Division. “Yet 2011 taught us that no one is exempt from attack. Companies need to take a strategic and aggressive approach to cyber security. Ignoring a problem is no guarantee that the problem will ignore you.”
Kroll’s 2012 Cyber Security Forecast includes:
1. Mobile technology security threats will be at an all-time high. Mobile technologies are changing so rapidly that in some organizations the demand and pressure to deploy new technologies (e.g., tablet computers) will outstrip the organization’s existing capabilities to secure them. This unfortunate dynamic is no secret to thieves who are ready and waiting with highly targeted malware and attacks employing mobile applications. Similarly, the perennial problem of lost and stolen devices will expand to include these new technologies and old ones that previously flew under the radar of cyber security planning. For example, digital cameras used by medical facilities to document patient treatment are becoming increasingly attractive to potential thieves. The loss of this type of data represents a potential HIPAA privacy law violation and could have serious ramifications for the health care industry.
2. Social media will increase in popularity as a conduit for social engineering attacks. Social media adoption among businesses is skyrocketing and so is the threat of attack. In 2012, organizations can expect to see an increase in social media profiles used as a channel for social engineering tactics. Thieves will utilize clever tactics to coerce end-users into disclosing sensitive information, downloading malware or both. To combat the risks, companies will need to look beyond the basics of policy and procedure development to more advanced technologies such as data leakage prevention, enhanced network monitoring and log file analysis.
3. Small businesses (SMBs) will enter the crosshairs of cyber attacks. “Hacktivism” may make headlines, but the fact of the matter is that data thieves are simply looking for the path of least resistance. Of late, that path has been leading directly to SMBs that house large amounts of valuable data but lack the data security budgets of their big business peers. Common modes of attack include everything from social engineering to SQL injection. In addition, ongoing use of legacy systems – weakened by postponed or overlooked upgrades and replacements – put SMBs at heightened risk.
4. As cloud services gain in popularity, related breach incidents will flourish. If we were meteorologists, we’d definitely be calling for overcast with a chance of storms. Companies are smartly embracing the cloud for the associated cost savings and ease of use. Unfortunately, current surveys and reports indicate that companies are underestimating the importance of security due diligence when it comes to vetting these providers. As cloud use rises in 2012, new breach incidents will highlight the challenges these services pose to forensic analysis and incident response and the matter of cloud security will finally get its due attention.
5. Business and government cooperation will be mission-critical for economic and infrastructure health. Cyber crime has the capacity to cripple almost every aspect of commerce from the largest corporation to the individual consumer. Similarly, the security of U.S. infrastructure is being called into question in disturbingly real ways. For these reasons there is a growing sentiment among both private organizations and the U.S. government about the increased need for information sharing. Improved communication between the private and public sectors will not only give government the ammunition needed to take down major threats, it will also increase private entities’ capacity to respond to large threats more effectively.
6. Privacy concerns will keep geolocation technology in a white-hot spotlight. Geolocation technology is the quintessential double-edged sword. On one hand, consumers love the convenience of innovative mobile apps and services utilizing this technology. On the other, the backlash against surreptitious tracking or disclosure can be swift and strong. In fact, two federal bills were introduced in 2011 dealing specifically with the protection of geolocational information. It’s doubtful either will become law in 2012, but we can expect to see privacy advocates urging businesses to adopt an opt-in or consumer consent model.
7. Management and analysis of logs will gain more respect for its role in incident preparedness and response. Security incidents have increased in sophistication and frequency in recent years and one of the most effective modes of response involves maintaining complete logging for the network and key applications. While historically undervalued, logging provides vital information that can be utilized for analysis of network activities and documentation of security incidents. As companies begin to see the error in their ways in 2012 they will begin to implement formal risk assessments to look for security weak spots.
8. Incident Response Teams will get a permanent seat at the table when it comes to standard business operations. Historically, incident response teams were made of employees from across the organization tapped to mobilize only if and when security incidents occurred. But to remain competitive in today’s market companies need to upgrade incident response teams from contingency plan status to day-to-day operations. Effective incident response teams can include a group of full-time employees designated as incident responders or a team of outside consultants (via a third party) hired for 24/7 incident response support.
9. Companies will overlook key vulnerabilities, as regulatory compliance continues to drive organizational security. Let’s face it – state and federal regulations remain the yardstick by which the comprehensiveness of data privacy and security are measured. But using such a “checklist mentality” to drive security initiatives is dangerous because a number of data security regulations overlook basic IT security controls. Certainly there are regulations that address the need for encryption or the development of an incident response plan but few require a wide range of best-practice controls such as up-to-date anti-virus software. As more breaches occur as a result of security gaps, we should expect to see governing agencies offer specific guidance on risk assessment and standard IT security controls.
10. Breach notification laws will gain traction outside of the US. While the U.S. Congress struggles to reach consensus on a federal breach notification law, internationally the idea is gaining momentum. Germany began requiring breach notice in all sectors in 2010 and several other EU nations have expressed interest in putting similar requirements in place. Meanwhile, Canada is also considering mandatory breach notice as part of proposed revisions to PIPEDA, which governs how Canadian businesses collect, use and disclose personal information. Companies with a global presence should watch these developments closely because they could have significant impact on their operations abroad.
Tags: 2012 security threats, cloud security, cyber crime, Kroll, mobile security threats, social media attacks
Posted in Cloud, Internet/New Media, IT, Mobile, Security, social media, Studies, surveys, reports, TechLife, Telecommunications | No Comments »
Tuesday, August 16th, 2011
 Would-be hackers can now find the source code for SpyEye, the data stealing Trojan that was previously sold for $10,000, on sale cheap. Ranked as one of the top three Web treats in 2011 even before the inexpensive SpyEye malware kit was available, the Trojan now lets cyber criminals use the kit without the attribution that used to make it possible to trace it back to its source.
Security firm Damballa, which has been tracking SpyEye for some time, says in a blog post that the release of the source code for the Spyware, which is used to capture banking and other financial information, is a “two-edged sword.” On one hand, it may help security researchers find bugs in the program. On the other, it means anyone can now use it.
It is sophisticated spyware that can evade or disarm detection and removal and has even caused bank security systems trouble. The thing is dangerous.
Sean Bodmer, Damballa’s senior threat intelligence analyst, wrote on the company blog, “Now that SpyEye has been ousted it is only a matter of time before this becomes a much larger malware threat than any we have seen to date. So for the next few months, please hold onto your seats people… this ride is about to get very interesting.”
Tags: cyber crime, cyber security, Damballa, malware source code cracked, SpyEye Trojan
Posted in Internet/New Media, IT, Security | No Comments »
Friday, May 6th, 2011
 Today’s digital news shows that cyber criminals are as busy as ever trying to steal our information, money and identities. Also in the digital limelight today, Demand Media’s revenue rises despite drop in search results, and Facebook pays people to watch ads.
Cyber crooks are loading some Google images with malware that takes them to pages offering fake anti-virus software with misleading warnings, security experts say.
The Sans Internet Storm Center says in a blog post saying the scammers create web pages chock full of search terms culled from Google Trends. In the post, Bojan Zdmja writes that poisoning Google’s image search is relatively simple. Clicking on one of the infected images sends a user’s browser to the malware containing page, which serves up fake anti-virus warnings and malicious software to download.
SISC says that while Google is doing a good job of removing malicious software in normal searches, “Google’s image search seems to be plague with malicious links.”
For more see: Krebs on Security.
Netflix fires call center worker for credit card number theft
Netflix says it has fired a call center worker who was stealing credit card numbers from customers who interacted with the individual.
The company described the incident in a letter to the New Hampshire Attorney General Michael Delaney. The company said it will notify two New Hampshire residents affected.
CNET says a third hacker attack is planned against Sony
CNET reports that a group of hackers says it will launch another cyber attack on Sony.
Citing an observer of the Internet Relay Chat channel the hackers use, CNET says a third attack is planned this weekend and plan to make the information they capture from Sony servers public. That could include private information such as names, addresses and even credit card numbers.
Hackers attacked Sony’s Playstaion Network and its Qriocity service and Sony Online two weeks ago, leading to a massive security breach under investigation by the FBI, Department of Justice, Congress and New York Attorney General.
Demand Media revenue leaps 48 percent despite Google anti-content farm changes
Even though Demand Media saw its search drop 40 percent after Google revised its search algorithm in April to downgrade content farms, and its eHow site saw a 20 percent decline from ongoing changes in the Google algorithm, it nevertheless posted Q1 revenue of $79 million, a 48 percent boost from the same period last year.
The Google updates occurred after the company’s first quarter was completed, however, so its results going forward may suffer.
Even with the changes, some Demand sites continue to perform well, the company said, including its recently launched fashion site, TypeF, and its Cracked.com comedy site.
Demand CEO Richard Rosenblatt said during a conference call on the firm’s earnings that it is considering what the Google changes says “about our content and how to improve it.” He said that going forward the company’s strategy is to increase the quality of its content. He said its reputation as a content farm derived from “user-generated content,” which it stopped using last year and is trying to remove.
Facebook paying users to watch certain ads?
Facebook introduced a new program that pays people Facebook Credits that can be redeemed to buy Facebook Deals if users watch certain ads. One credit for watching an ad is worth about ten cents.
Facebook deals is the networking site’s entry in the group-buying space.
Most of the ads are for games such as CrowdStar, Digital Chocolate and Zynga.
Tags: Crowdstar, cyber crime, Demand Media revenue soars, Digital Chocolate, Facebook Credits, Facebook Deals, Facebook paying users to watch ads, Google image search targeted by hackers, hackers, Netflix fires worker, new attack planned on Sony, online security, Playstation hacked, Sony, Zynga
Posted in Facebook, Uncategorized, Zynga | No Comments »
Thursday, January 27th, 2011
 ATLANTA – It is no longer acceptable to rely solely on preventive measures for cyber security. Combating targeted threats requires a sustained effort and the capability to perform rapid threat detection and response. So says MANDIANT, a company selling incident response and computer forensics solutions and services, in its second annual M-Trends report released at the U.S. Department of Defense Cyber Crime Conference 2011 at the Hyatt Regency Hotel in Atlanta.
The M-Trends series spans more than a decade of lessons learned on the front lines of intrusion investigations for the U.S. government, defense industrial base and commercial organizations. When Prevention Fails spotlights malware capabilities and techniques and other highly complex and sophisticated attack schemes used by the Advanced Persistent Threat across a breadth of organizations.
Content presented in M-Trends has been derived by MANDIANT from unclassified environments and sanitized to protect victim identity and data.
Some excerpted trends and conclusions from M-Trends: When Prevention Fails:
It is no longer acceptable to rely solely on preventive measures. Combating targeted threats requires a sustained effort and the capability to perform rapid threat detection and response.
The majority of victims were either compromised by a targeted e-mail campaign or were victims of a prior intrusion that was never appropriately remediated.
Threats have evolved faster than our ability to reliably safeguard our assets. To better protect our information and intellectual property, we must adapt our organizational security programs to meet the emerging challenges.
Done right, threat detection and response provides IT security teams the situational awareness to rapidly detect incidents, suppress their impact, develop their own threat intelligence and rely on other timely intelligence to proactively inspect your networks for the fingerprints of compromise.
“In more than fifteen years of responding to incidents I have learned combating targeted threats requires a sustained effort and the capability to perform rapid threat detection and response,” said MANDIANT Chief Executive Officer Kevin Mandia, one of the report’s principal authors.
M-Trends is written for information security professionals in the enterprise and to increase our collective understanding of the advanced threat landscape. The report continues to break new ground in our collective understanding, information sharing and evolution of the APT and other sophisticated attacks targeted at government and commercial organizations.
“Between Aurora, Stuxnet, and the Wikileaks distribution of classified wires, 2010 should have made it abundantly clear that the stakes have changed,” said Josh Corman, Research Director for Enterprise Security at The 451 Group.
“We are well beyond casual attackers whose attacks conform to mainstream 80/20 rules and compliance checkboxes. Adaptive Persistent Adversaries know you are compliant and do not care. It’s time to refresh your models and to invest in greater visibility for early detection and prompt, agile response. Industry reports like M-Trends can help increase broader awareness and understanding of the advanced threat landscape.”
To download a copy of M-Trends: When Prevention Fails, see:
www.mandiant.com/news_events/forms/m-trends_2011
Tags: cyber crime, cyber security, IT, M-Trends, Mandiant, When Prevention Fails
Posted in Georgia, Internet/New Media, IT, Security, Studies, surveys, reports | No Comments »
Thursday, January 20th, 2011
 ORLANDO, FL – PandaLabs, Panda Security‘s anti-malware laboratory, infiltrated the cyber-crime black market and has released a fascinating report on what it found in the darker back alleys of the Internet.
It discovered a vast network selling stolen bank details along with other types of products in forums and more than 50 dedicated online stores. This is a rapidly growing industry and cyber-criminals are aiding and abetting each other’s efforts to steal personal information for financial profit. After posing as a cyber-criminal to infiltrate the network, PandaLabs made some alarming discoveries which are available in the full report .
The cyber-crime black market, which has traditionally centered on distributing bank and credit card details stolen from users around the world, diversified its business model in 2010, and now sells a much broader range of hacked confidential information including bank credentials, log-ins, passwords, fake credit cards and more. But as openly available as this information is, PandaLabs discovered that it can only be accessed by personally contacting the hackers who are promoting their information for sale on forums and in chat rooms.
Making the Sale
By having access to bank credentials, criminals can easily defraud any bank or credit card account long before the hack is discovered. Alarmingly, this data can be purchased for as little as $2 per card, but this level does not provide additional information or verification of the account balance available. If the buyer wants a guarantee for the available credit line or bank balance, the price increases to $80 for smaller bank balances and upwards of $700 to access accounts with a guaranteed balance of $82,000.
Prices are higher if the accounts have a history of online shopping or use payment platforms such as PayPal. For a simple account without a guaranteed balance, PandaLabs found prices starting at $10 and increasing to $1,500 depending on the platform and the guarantee of available funds. Similarly, these cyber-criminals also offer cloned credit/debit cards (from $180), card cloning machines ($200-1,000), and even fake ATM machines (from $3,500 depending on the model).
Money laundering, other services available
Additional products such as money laundering services (bank transfers or cashing checks) are available for a commission ranging from 10 to 40 percent of the operation. If buyers want to use stolen bank details to buy products online, but are wary of being traced through the delivery address, the cyber-criminals will make the purchase and forward the goods for a fee of between $30 and $300 (depending on the chosen product).
For more sophisticated cyber-criminals who want to set up their own fake online stores and use rogueware techniques to obtain both user details and also reap the money these unsuspecting victims pay for fake antivirus products, there are also teams available to deliver turnkey projects, design, develop and publish the complete store, even positioning it in search engines. In this case, the price depends on the project.
Prices for botnet rental for sending spam (using bot-infected zombie computers, for example) vary depending on the number of computers used and the frequency of the spam, or the rental period. Prices start at $15 and rise to $20 for the rental of a SMTP server or VPN to guarantee anonymity.
Tags: cyber crime, cyber crime black market, investigative report, Panda Labs, Panda Security, stolen credit cards, stolen passwords
Posted in Florida, Internet/New Media, IT, Security, Studies, surveys, reports | No Comments »
Tuesday, December 14th, 2010
By Allan Maurer
 The InZero security device RESEARCH TRIANGLE PARK, NC – Cybersecurity still seems to be an afterthought among everyone from McDonald’s to Gawker Media, not to mention the U.S. government and military. Too many entities worry about digital security only when it is breached.
Great business strategy that. Apparently, even giving your email address to a publication such as Gawker or to McDonald’s during one of its promotions, can expose your private data these days. Both admitted to serious security breaches as 2010 ends, while many Twitter accounts – including mine – were hacked by someone selling Acai for weight loss this week. Probably because I used the same password for both sites (see: Spammers Exploit Gawker) on Gawker, where I commented maybe once.
TechJournal South had its own problems with a hacked ad server a few months back and had to shift to another. Two major ad networks were hit with a similar problem this week.
And most of those security breaches were relatively minor in the scheme of things. Many more serious ones have already occurred and we have little doubt are to come.
But coming on the heels of the WikiLeaks fracas, these breaches all show a laxness about cybersecurity that I think is increasingly dangerous on the part of commercial enterprises, government agencies and the military, not to mention to each of us personally.
The problem is partly inherent in the open, accessible nature of the Internet. The very ease with which we swim the Internet’s electron sea makes us vulnerable to sharks. Still,the bad guys, be they foreign hacker crews backed by their own governments, malware creators, spammers, scammers or plain old crooks, actively hack away at us, while credit card companies, government agencies, and businesses remain all too often re-active.
We can’t win the cybersecurity battles that way.
It is absolutely necessary – probably for all of us, but certainly for government and commercial entities – to actively combat this problem. Harden passwords, be careful about what we put on thumb drives or pick up on them, shred documents with sensitive data, and find and use security systems not so easy for cyber criminals to break through.
I’ve noted one approach that seems to be powerful, that of using a security device separate from other equipment that acts as a lockbox preventing suspicious or actual malware and other intrusions from ever reaching operating systems. See: Herndon-based firm grabbing media attention for security device. And: NZero keeps the bad guys out.
Meanwhile, Panda Security of Orlando, which provides antimalware software in the cloud rather than on individual machines, has listed the top ten cyber security threats it sees for 2011.
See also: WikiWars: The Face of future conflicts.
There are contrary views. Over at InformIT, Gary McGraw & Ivan Arce explain how the current climate of exaggeration and FUD surrounding cyber attacks does not ultimately serve the best interests of computer security research in Cyber Warmongering and Influence Peddling.
Email TJS Editor Allan Maurer: Allan at TechJournalSouth dot com.
Tags: Allan Maurer, cyber crime, cyber security, cybersecurity, Gawker, twitter, Wikileaks
Posted in Alabama, Arkansas, Carolinas, Columns, Florida, Georgia, Government/Defense, Internet/New Media, IT, Kentucky, Maryland, North Carolina, Other SE, Potomac, Security, South Carolina, Tennessee, Virginia, Washington, DC, West Virginia | 2 Comments »
|
|
|
