TechJournal South Header

Posts Tagged ‘cyber crime’

Packet capture tech helps networks detect hacker tracks

Thursday, May 30th, 2013

lockChinese hackers steal US trade secrets; organized cybercriminals empty bank accounts; government agencies, medical institutions and businesses are routinely breached. IPCopper, manufacturer of network security hardware, finds that, by and large, US businesses do not take cybersecurity seriously enough to innovate out of the complacent mindset that has allowed a multitude of vulnerabilities to form in US technology infrastructure and business systems.

Not surprisingly, many lack the packet capture data necessary to figure out what happened when the inevitable breach occurs.

Cyber attacks unfold through sequences of bits and bytes that command the victim’s computer to, for example, send out or delete data. One sequence may constitute computer commands for one computer / OS, while appearing as gibberish to another. Whether those commands are malicious is another question.

Cybersecurity, by its nature, is reactionary, and much of today’s network security equipment is predicated on catching already-known malware signatures – of little use against current threats, in the face of the infinite combinations of code possible.

In an attempt to root out malicious communications, organizations with deeper pockets often use SIEMs to analyze netflow, which represents only a fraction of network data – much like guessing a letter’s contents from the address label.

cyber security imageAccepted security practices remain rooted in the technology of the 90s, when networks were slower, the internet smaller and malware exotic.

The cyber-threat landscape now, however, is scarier and more complex: breaches occur every day, malware is increasing exponentially and the old standbys (antivirus, firewalls, IDSs and IPSs) are failing to keep up. As last year’s breach in South Carolina shows, at today’s speeds attackers can steal 15 years of tax records for a whole state in hours.

One approach we think has considerable promise is to sandbox incoming data in an appliance that keeps hackers from ever getting to your primary equipment. Herdon, VA-based InZero has created one such system we’ve covered here at the TechJournal (there are others). InZero had enviable success in preventing hackers from breaching its system.

In an environment where computer breaches are as sure as death and taxes, the cybersecurity winners are those who react the quickest.

Given the high volumes of data on today’s networks and the subtle and insidious ways that hackers get in and hide their tracks, quick incident response times are dependent on surveillance: recording and timestamping every packet, in every corner of the corporate network. Since surveillance is all about coverage, installing multiple packet capture appliances at key network locations is crucial says IPCopper.

Visit to learn more.

Despite breaches, cyber crime fight on right track, PandaLabs says

Friday, May 24th, 2013

Panda SecurityDespite the numerous security incidents that took place during the first quarter of the year, the fight against cyber-crime is on the right track, says security firm PandaLabs.

Though there is still a long way to go, international co-operation among security agencies is paying off and criminals around the world are being brought to justice. The quarterly report is available here and on the PandaLabs blog.

“The start of the year has been witness to serious cyber-attacks, including the hacking of the Twitter accounts of major organizations such as the BBC or Burger King, and one of the biggest attacks ever, targeting some of the world’s leading technology companies: Apple, Facebook, Microsoft and Twitter. But there have been victories for security forces as well, including the arrest of a group of hackers accused of extortion using the infamous ‘Police Virus’,” said Luis Corrons , technical director of PandaLabs.

Police Virus Scams

cyber security imageOne of the most infamous cases of malware in the last year was the ‘Police Virus,’ but in February, this virus once again hit the headlines, but for a very different reason. The Technological Investigation Brigade of Spain’s National Police, together with Europol and Interpol, dismantled the cyber-crime ring responsible for the Police Virus.

“The news mentioned the arrest of ‘the gang’ of cyber-criminals, yet the information we have at PandaLabs points to the existence of several gangs responsible for these attacks. We reached this conclusion after analyzing numerous variants of the malware over time, and observing significant differences between them. In short, we are afraid the Police Virus is not likely to go away anytime soon and users shouldn’t lower their guards,” said Corrons.

Social Media Attacks

Twitter birdDuring Q1, various Twitter accounts were also hacked, including celebrities and companies, one of the most notable was Burger King. The attackers managed to work out the account password and take control of the account. They changed the background image to that of McDonald’s and claimed that the company had been taken over by its main rival.

The Twitter account of car company Jeep was also the victim of a similar attack, in this case stating that the company had been bought out by Cadillac. Other attacks on Twitter accounts had a more political slant.

A group of cyber-crooks calling themselves the “Syrian Electronic Army” managed to hack accounts belonging to several organizations. Phishing attacks were first launched to get the passwords and then the accounts were hijacked. Their victims included Human Rights Watch, the French news channel France 24 and the BBC weather service.

Android, Top Target for Mobile Malware

smartphonesNearly all news regarding malware attacks on mobile platforms involved the Android operating system, which has the largest share of this market. In addition to the usual attacks, this quarter saw new techniques that deserve mention. A strain of Android malware – hidden inside Google Play – not only infected cell phones but could also infect computers via smartphones and tablets.

According to Corrons, cyber-war and espionage is becoming more interesting. “Many countries are looking suspiciously at Chinaregarding its suspected involvement in attacks on large organizations and public institutions around the world, and this could lead to real world consequences. There are those who argue for international agreements, a type of Geneva Convention, to attempt to establish limits to these activities,” he said.

For more detailed information on malware activity and trends in the first quarter of 2013, you can access the full report here and on the PandaLabs blog.

Online gamers face massive increase in cyber crime

Wednesday, April 24th, 2013

lockDo you play online games? If you do, beware. Cyber criminals are trying to steal your personal information.

The APWG reports in its Q4 2012 Phishing Activity Trends Report this week that phishing attacks against online game players saw a massive increase, climbing from 2.7 percent of all phishing attacks in Q3 to 14.7 percent in Q4.

“The success of the sector and the richness of in-game commerce options available in online game systems has attracted the attention of phishers who’ve had a decade to hone their skills against online banking and commerce systems. Playing safe is an important today as playing fair,” said APWG Secretary General Peter Cassidy.

Attacks doubled

Attacks against social media sites doubled to 6 percent, up from 3 percent in Q3. Financial services continued to be the most-targeted industry sector in the fourth quarter, with payment services close behind, the report found.

Online gaming credentials are valuable to certain criminals, who sell them on the black market. In-game items held in those accounts can also be sold by phishers for real-world cash. Depending upon how much information is revealed, the victims can even have their real-life identities stolen.

Increased emphasis on malware

Overall the APWG’s statistics show that the number of phishing sites declined every month from April 2012 through December 2012. In Q4, the APWG received reports of 51,232 unique phishing sites in October, falling to 28,195 in December.

This and other statistics reveal that criminals are relying less on pure social engineering scams such as classic phishing based on social engineering schemes. Instead, there is increased emphasis on deploying crimeware – malware designed to steal the user’s credentials automatically and placing them in the phisher’s control.

Trojans continue to account for about three-quarters of all newly detected crimeware threats.

Penetration of malware is high

The penetration of malware payloads is also high. According to APWG contributor Luis Corrons of PandaLabs, during Q4 about 30 percent of personal computers worldwide were infected with malware. More than 57 percent of PCs in China may have been infected, while PCs in European nations were infected least-often.

“These shifts are due to fraudsters using more advanced phishing techniques, such as geo-IP blocking and malware,” said Ihab Shraim, Chief Information Security Officer and VP, Anti-Fraud Engineering & Operations at MarkMonitor.

“Phishers are also taking advantage of the availability of non-traditional platforms such as social media and mobile to launch newer types of targeted phishing attacks.”

The full text of the report is available here:

Cybercriminals mounting more sophisticated, harder to spot attacks

Tuesday, February 19th, 2013

McAfeeThe Mobile Security: McAfee Consumer Trends Report, says cyber criminals are growing increasingly sophisticated in mounting their digital attacks.

The report identifies a new wave of techniques hackers use to steal digital identities, commit financial fraud, and invade users’ privacy on mobile devices.

Mobile platforms have become increasingly attractive to cybercriminals as consumers live more of their digital lives on smartphones and tablets.

Mobile attracting mischief

smartphonesAccording to IDC, mobile devices are surpassing PCs as the preferred way to access the Internet and the number of people using PCs to go online will shrink by 15 million over the next four years, while the number of mobile users will increase by 91 million.

With the mobile space becoming a more enticing platform for online mischief, the complexity and volume of threats targeting consumers will continue to increase. Using its extensive global threat intelligence network (GTI), McAfee Labs analyzed mobile security data from the last three quarters.

“Despite elevated consumer awareness of threats on mobile platforms, there is still a significant knowledge gap surrounding how and when devices become infected and the level of potential damage,” said Luis Blando, vice president of mobile product development at McAfee.

“Cybercriminals are exhibiting greater levels of determination and sophistication leading to more destructive, multi-faceted hacks that are harder to spot, and thus warrant a greater degree of security and vigilance. Our goal in releasing this report is to help consumers understand the risks they face and learn ways they can stay safe and compute with confidence on all of their devices.”

In the report, McAfee Labs identifies the following threats as the most severe existing and new trends consumers will encounter in 2013:

cyber security imageRisky Apps: Cybercriminals are going to great lengths to insert infected apps into trusted sources such as Google Play and the risks within each app are becoming more intricate.

As a matter of fact, McAfee Labs found that 75 percent of the malware-infected apps downloaded by McAfee Mobile Security users, who are apt to be more security conscious than the average consumer, were housed in the Google Play store, and that the average consumer has a one in six chance of downloading a risky app.

Nearly 25 percent of the risky apps that contain malware also contain suspicious URLs, and 40 percent of malware families misbehave in more than one way.

A risky app may allow someone to:

  • Steal personal information such as banking, email or wireless account details and combine that with location data to put together a complete picture of who you are
  • Perpetuate fraud such as an SMS scam that will charge you without your approval
  • Abuse a device by making it part of a criminal bot network, which allows someone to remotely control your phone

Black Market Activity: Botnet clients, downloaders, and rootkits are generic, useful software sold on black markets as part of software toolkits.

Criminals use these to commit premium SMS and click fraud, spam distribution, data theft, or bank fraud – and the complexity of these criminal activities is growing. Commercial criminals are now reusing and recombining these components to devise new, profitable schemes.

Drive-by Downloads: The first mobile drive-by downloads were seen in 2012 and we expect these to increase in 2013. On a mobile device, a drive-by download fools a user into downloading an app without knowing it. Once a user opens the app, criminals have access to the device.

Near Field Communication: In 2013, we expect to see criminals abuse the tap-and-pay near field communications (NFC) technology used in mobile payment programs, or “digital wallets.” This scam uses worms that propagate through proximity, a process we can call “bump and infect.”

The distribution path can quickly spread malware through a group of people such as in a passenger-loaded train or at an amusement park. When the newly infected device is used to “tap and pay” for the next purchase, the scammer collects the details of the wallet account and secretly reuses these credentials to steal from the wallet.

Worm malware like this will spread by exploiting vulnerabilities on devices. This development would monetize the 11.8 percent of malware families that already contain exploit behaviors.

As the mobile space evolves, criminals will look at ways to generate revenue from features only mobile devices have. During 2012, about 16 percent of malware families detected by McAfee attempted to get devices to subscribe to premium SMS messages. In 2013, we foresee an increase in threats that will have users finding out they bought premium apps only when they check their bills.

For a full copy of the Mobile Security: McAfee Consumer Trends Report from McAfee Labs, with additional threats, please visit:

Many cyber crimes conducted by loose groups of independent contractors

Thursday, February 14th, 2013

security1 Most cybercrime is carried out by a loose confederation of independent contractors who work together when necessary through online forums and “partnerkas” that allow them to pool their resources, but these online criminal networks can be foiled, according to a new report released today by the Digital Citizens Alliance.

The Digital Citizens report sheds light on how global organized crime leverages the Internet for scams and other schemes that hurt consumers.

The report also highlights recent examples in which others have weakened the glue that binds these criminal communities together by undermining trust relationships, isolating and apprehending key members, and making it more difficult for them to receive payment for their crimes.

The Tangled Web

The “Tangled Web” report is the first in a series on cybercrime by Digital Citizens – an alliance of individuals, organizations and businesses dedicated to making the Internet safer and crime-free. For the full report, please go to.

Understanding how cybercriminals work together is an important part of combatting criminal activities on the Web. According to the report, cybercrime is not as organized as often believed. More frequent than not, the loose confederation of independent contractors work together only when mutually beneficial to all cooperating parties. This includes sharing best practices on how to secure the money stolen from digital citizens.

Follow the money

The report also points out that tackling counterfeits, content theft and intellectual property crime requires disrupting their channels of cooperation and payment. The third option – following the money and cutting off the payment source – is singled out as the easiest way to deter cybercriminals.

“The most uplifting part of this report are the examples of the digital community working with payment processors to stop and deter cybercrime,” said Tom Galvin , executive director of Digital Citizens Alliance.

Here at the TechJournal, we see continual evidence that hacking attempts are often try to exploit once compromised images, posts or WordPress plugins, even though we patched those security holes. That suggests to us that they’re being led to those via hacking forums or other sources.

Citizens can help combat cyber crime

lock“With this report, we want digital citizens to know that they play a significant role in combatting crime on the Web. It doesn’t take just law enforcement. Anyone can help take down a cybercrime ecosystem through established reporting methods with payment card networks.”

The key pillars that support most criminal commerce online, includes black market online bazaars, cybercrime joint ventures, and underground exchanges.

Other report findings show that cybercriminals…

  • Work through Forums and “Partnerkas” (When Mutually Beneficial): These online forums allow independent actors to pool their resources, aimed at creating personal wealth, power and greater access to the tools that may further future online criminal schemes.
  • Diversify their Operations: Some of the most successful criminals are those who diversify their operations. An average crime forum member has ties to multiple types of illegal or illicit online enterprises.
  • Use Pharmacy, Malware, Counterfeiting, and Dating as Popular Schemes: Most forums feature a myriad of services for driving traffic to crime affiliate programs including rogue pharmacy sites, fake antivirus or ransomware affiliate programs, counterfeit software and prescription drugs, organized dating and reshipping scams, toll fraud and SMS billing schemes.

Experts say disable Java now due to security flaw

Friday, January 11th, 2013

Security experts say a security flaw in Oracle’s Java software allows hackers to attack personal computers and it should be disabled in your browsers or uninstalled now.

You can find instructions on how to disable Java in whatever browser you are using online.

A security officer with Rapid7 told Reuters, “This is like open hunting season on consumers.”

Java has had many security problems in the past and frequently updates to patch holes.

News reports say cyber criminals are already using the Java security flaw to mount attacks via exploit kits available online.

You many wish to simply uninstall Java, although that will prevent some things from working in your browser.

We disabled Java in Chrome and Firefox, the two browsers we use, this morning. It only takes a minute or two.




Murder by Internet: new cyber crimes emerging by 2014

Wednesday, December 19th, 2012

lockWhile 2013 cyberthreats are already well anticipated and mundane, but Internet Identity (IID) predicts that by 2014 significant new methods of cybercrime will emerge. Some of them – such as murder via connected devices or a hacked power gird, are truly scary.

These new threats include the utilization of Internet connected devices to actually carry out physical crimes, including murders and cybercriminals leveraging mobile device Near Field Communications (NFC) to wreak havoc with banking and e-commerce.

IID also expects the industry to combat such threats with new platforms for sharing intelligence across researchers, commercial enterprises and government agencies.

What’s next?

“Being bold is predicting the end of the world this week coinciding with the end of the Mayan long-count calendar as some people are. What isn’t bold in cybersecurity is prognosticating the same old same old with more mobile malware, APTs giving cybercriminals backdoor access to their intended victims and even more data breaches of Fortune 500 companies as most industry pundits are,” noted IID president and CTO Rod Rasmussen.

“Those threats are well understood, and being addressed today. The more interesting thing from our perspective is what’s next? And how will the industry respond?”

Murder By Internet Connected Devices
connected-car-2With nearly every device, from healthcare to transportation, being controlled or communicated with in some way via the Internet, IID predicts that criminals will leverage this to carry out murders.

Examples include a pacemaker that can be tuned remotely, an Internet-connected car that can have its control systems altered, or an IV drip that can be shut off with a click of a mouse.

“With so many devices being Internet connected, it makes murdering people remotely relatively simple, at least from a technical perspective. That’s horrifying,” continued Rasmussen.

“Killings can be carried out with a significantly lower chance of getting caught, much less convicted, and if human history shows us anything, if you can find a new way to kill, it will be eventually be used.”

NFC Danger
By 2014, Juniper Research predicts almost 300 million (one in five) smartphones worldwide will be NFC-enabled, and Global NFC transactions will total almost $50 billion. NFC, something mobile companies are heavily marketing, is a set of smartphone standards that enables everything from payments to unlocking of hotel room doors to automatic peer-to-peer information exchange between two devices placed closely together.

IID predicts that while the underlying technology in NFC is secure, almost all of the applications that will be written to interface with the technology will be riddled with security holes, and massive losses will ensue.

A gold mine for cyber crooks

mobilewallet“The amount of banking and point of sale e-commerce apps that are being developed utilizing NFC is astronomical,” said IID Vice President of Threat Intelligence Paul Ferguson. “This is a gold mine for cybercriminals and we have already seen evidence that they are working to leverage these apps to siphon money.”

In lock-step with all of these threats, IID predicts a strong response in the form of an intelligence sharing network that will alert participating companies, government institutions and more about the latest cybercrime attacks.

Currently, government agencies lack clear guidance about the rules of engagement for sharing, and enterprises are worried about the potential liabilities created by intelligence sharing. IID expects that Congress will enact new cybersecurity legislation that provides safe harbor protections enabling enterprises and government institutions to share intelligence without such fears in the coming months.

Other cybersecurity trends IID predicts in 2014 include:

  • A large increase of government sanctioned malware targeting other government institutions around the globe with nation states openly engaging in acts of cyber-espionage and sabotage
  • At least one successful penetration of a major infrastructure component like a power grid that results in billions of dollars in damage
  • An exploit of a significant military assault system like drones that result in real-world consequences

To read about the latest Internet security trends, go to access IID’s quarterly eCrime Trend Reports.

LinkedIn, eHarmony confirm millions of passwords leaked

Thursday, June 7th, 2012

LinkedInLinkedIn director Vincente Silveira has confirmed that some of the enterprise social network’s passwords have been “compromised” when a user in a Russian forum uploaded over six million hashed LinkedIn passwords.

The online dating site eHarmony has confirmed that passwords for some of its accounts have also been breached.

In addition, many LinkedIn users have been targeted by email scams asking them to “confirm” their email address by clicking a link.

Both companies are contacting their users with information on what to do next.

EIN News is closely following this hot topic via its Company News Today website (, see:

– LinkedIn Password Leak News –
– eHarmony Password Leak News –

Eight best practices to reduce business data breach risk

Wednesday, June 6th, 2012

Data BreachAs the number of data breaches involving smaller businesses continues to grow, a new survey by The Hartford finds that 85 percent of small business owners believe a data breach is unlikely, and many are not implementing simple security measures to help protect their customer or employee data.

“Most of the business owners surveyed believe they are not at risk, when in fact smaller businesses are increasingly being targeted,” said Lynn LaGram, assistant vice president of small commercial underwriting at The Hartford.

“As cyber criminals set their sights on smaller firms, it is important for business owners to take proactive measures to protect data and minimize the likelihood of a breach.”

The Hartford Small Business Data Protection Survey found that business owners varied in their adoption of eight data protection “best practices” to help reduce a business’s risk of a breach:

1. Lock and secure sensitive customer, patient or employee data – 48 percent

2. Restrict employee access to sensitive data – 79 percent

3. Shred and securely dispose of customer, patient or employee data – 53 percent

4. Use password protection and data encryption – 48 percent

5. Have a privacy policy – 44 percent

6. Update systems and software on a regular basis – 47 percent

7. Use firewalls to control access and lock-out hackers – 48 percent

8. Ensure that remote access to their company’s network is secure – 41 percent

The Hartford survey also found that nearly two-thirds of business owners (61 percent) believe a data breach violates trust and would jeopardize their relationships with customers, patients and employees. More than a third (38 percent) say they have a more negative opinion of companies that have recently experienced a breach, based on the companies’ handling of the breach.

About a third of business owners (34 percent) say they would have difficulty complying with government notification requirements, and nearly half (47 percent) acknowledge it would be impossible for a small business to completely safeguard customer, patient or employee data.

“Given the potential business and reputational costs of a data breach, it’s also important for business owners to have insurance in place to help them respond and recover quickly and effectively in the event of a breach,” said LaGram.

The Hartford offers information and resources for small businesses about data breach protection at

IT security pros rate hacktivists equal to cyber crime threats

Thursday, March 8th, 2012

nCircleHacktivists such as Anonymous may be having at least one good effect. They’re raising awareness of the need for better cyber security.

When asked “Is your company a potential target for hacktivists, organized cyber crime or nation state attacks,” 73% of respondents believe their organization is a target for hacktivists, and 71% identified organized cyber crime as a threat.

Only 57% believe nation state attacks are a risk to their organization.

nCircle, which sells information risk and security performance management solutions, conducted the survey of 244 attendees of the 2012 RSA Conference in San Francisco.

“Unlike cyber crime, there is no such thing as a small, private breach for hacktivists unless it is part of a larger attack plan,” said Tim ‘TK’ Keanini, CTO for nCircle.

“Hacktivist breaches are designed for media value and public impact, so they are always fully disclosed and the targets are selected for maximum shock value. On the other hand, every business with an Internet connection is a potential target for organized cyber crime.

“Hacktivists have increased our collective awareness of cyber security to a completely new level — everyone from IT security pros to my grandmother is worried about cyber security.”

Android the most targeted mobile platform for malware

Thursday, February 23rd, 2012

Android logoFrom 2010 to 2011, Android officially overtook Symbian as the most targeted mobile platform in the world by cyber criminals according to a new report from NQ Mobile Inc., (NYSE: NQ), a global provider of consumer-centric mobile Internet services focusing on security and productivity, indicates that

NQ Mobile’s Mobile Security Report also shows that in 2011, newer and more advanced forms of malware have successfully infected an estimated 10.8 million Android devices worldwide. This is expected to increase throughout 2012.

A double-edged sword

“Smartphones and tablets are finally delivering consumers with these converged and connected experiences we’ve been promised for so long,” says Omar Khan, Co-CEO NQ Mobile. “But this is a double edged sword: as smart device usage becomes more sophisticated, so too are cyber criminals’ methods of attacking consumers’ personal information.”

Key Findings for 2011

  • Malware threats to Android devices increased 1880 percent from January to December 2011
  • More than 10.8 million Android devices worldwide were infected by malware
  • The top countries with infected Android devices were China, India, the United States of America, Russia and the United Kingdom

Trends in Malware Design

In 2011, malware created significant technical challenges for the industry. Specifically, mobile malware authors were not only actively applying advanced malware infection techniques from the traditional (and relatively mature) PC arena, but also developing new exploits or attacks unique the mobile platforms.

The top three techniques used by malware authors to gain access to mobile device were:

  1. Piggybacking on Legitimate Apps: Malware developers download popular applications, insert malicious code and then place  the application back onto a marketplace. When users download and install this application it immediately launches its payload into the users smart device.
  2. Upgrade Apps to Malicious Apps: Similar to piggybacking, malware developers insert a special upgrade component into a legitimate application allowing application to be updated to a new, malicious version.
  3. Enticing Users for Downloads: The ability to side load applications outside of official application marketplaces allows malware developers an easy way to entice users to download malicious apps.

Predictions for 2012 and Beyond

As more consumers use their mobile devices to shop and bank, malware developers will be enticed by easy access to personal data.  Despite best efforts by the market to actively develop and deploy advanced defense mechanisms, several types of mobile malware will continue to evolve in 2012.

  • We will see more piggybacking on legitimate banking and financial apps as well as malware dressed up as security protection  applications
  • We will see more SMS fraud scams that charge users high rates for messaging and collect users’ personal data
  • Popular on PCs, we will see more mobile botnets which will take advantage of security gaps and allow hackers to send messages, make phone calls and access user contacts and other personal information.

Cyber criminals will target small business, the cloud, mobile and social networks in 2012

Friday, December 16th, 2011

KrollCyber crooks will target small businesses, social media attacks will be more common, and mobile security threats will reach an all-time high in 2012.

So says The Cyber Security and Information Assurance Division of Kroll Inc., which released its annual security forecast, highlighting key areas of risk and trends that will impact how organizations and governments combat and respond to cyber threats.

“The events of 2011 suggest that the cyber security landscape will find public and private organizations are still on unsteady footing,” said Karen Schuler, practice leader of the Cyber Security and Information Assurance Division. “Traditional pain points for organizations including mobile technologies, incident response and regulatory requirements will intensify as new and developing challenges surface in 2012.”

“We frequently see organizations with protective measures based on the assumption that they are not a target,” said Alan Brill, senior managing director of the Cyber Security and Information Assurance Division. “Yet 2011 taught us that no one is exempt from attack. Companies need to take a strategic and aggressive approach to cyber security. Ignoring a problem is no guarantee that the problem will ignore you.”

Kroll’s 2012 Cyber Security Forecast includes:

1.    Mobile technology security threats will be at an all-time high. Mobile technologies are changing so rapidly that in some organizations the demand and pressure to deploy new technologies (e.g., tablet computers) will outstrip the organization’s existing capabilities to secure them. This unfortunate dynamic is no secret to thieves who are ready and waiting with highly targeted malware and attacks employing mobile applications. Similarly, the perennial problem of lost and stolen devices will expand to include these new technologies and old ones that previously flew under the radar of cyber security planning. For example, digital cameras used by medical facilities to document patient treatment are becoming increasingly attractive to potential thieves. The loss of this type of data represents a potential HIPAA privacy law violation and could have serious ramifications for the health care industry.

2.    Social media will increase in popularity as a conduit for social engineering attacks. Social media adoption among businesses is skyrocketing and so is the threat of attack. In 2012, organizations can expect to see an increase in social media profiles used as a channel for social engineering tactics. Thieves will utilize clever tactics to coerce end-users into disclosing sensitive information, downloading malware or both. To combat the risks, companies will need to look beyond the basics of policy and procedure development to more advanced technologies such as data leakage prevention, enhanced network monitoring and log file analysis.

3.    Small businesses (SMBs) will enter the crosshairs of cyber attacks. “Hacktivism” may make headlines, but the fact of the matter is that data thieves are simply looking for the path of least resistance. Of late, that path has been leading directly to SMBs that house large amounts of valuable data but lack the data security budgets of their big business peers. Common modes of attack include everything from social engineering to SQL injection. In addition, ongoing use of legacy systems – weakened by postponed or overlooked upgrades and replacements – put SMBs at heightened risk.

4.    As cloud services gain in popularity, related breach incidents will flourish. If we were meteorologists, we’d definitely be calling for overcast with a chance of storms. Companies are smartly embracing the cloud for the associated cost savings and ease of use. Unfortunately, current surveys and reports indicate that companies are underestimating the importance of security due diligence when it comes to vetting these providers. As cloud use rises in 2012, new breach incidents will highlight the challenges these services pose to forensic analysis and incident response and the matter of cloud security will finally get its due attention.

5.    Business and government cooperation will be mission-critical for economic and infrastructure health. Cyber crime has the capacity to cripple almost every aspect of commerce from the largest corporation to the individual consumer. Similarly, the security of U.S. infrastructure is being called into question in disturbingly real ways. For these reasons there is a growing sentiment among both private organizations and the U.S. government about the increased need for information sharing. Improved communication between the private and public sectors will not only give government the ammunition needed to take down major threats, it will also increase private entities’ capacity to respond to large threats more effectively.

6.    Privacy concerns will keep geolocation technology in a white-hot spotlight. Geolocation technology is the quintessential double-edged sword. On one hand, consumers love the convenience of innovative mobile apps and services utilizing this technology. On the other, the backlash against surreptitious tracking or disclosure can be swift and strong. In fact, two federal bills were introduced in 2011 dealing specifically with the protection of geolocational information. It’s doubtful either will become law in 2012, but we can expect to see privacy advocates urging businesses to adopt an opt-in or consumer consent model.

7.    Management and analysis of logs will gain more respect for its role in incident preparedness and response. Security incidents have increased in sophistication and frequency in recent years and one of the most effective modes of response involves maintaining complete logging for the network and key applications. While historically undervalued, logging provides vital information that can be utilized for analysis of network activities and documentation of security incidents. As companies begin to see the error in their ways in 2012 they will begin to implement formal risk assessments to look for security weak spots.

8.    Incident Response Teams will get a permanent seat at the table when it comes to standard business operations. Historically, incident response teams were made of employees from across the organization tapped to mobilize only if and when security incidents occurred. But to remain competitive in today’s market companies need to upgrade incident response teams from contingency plan status to day-to-day operations. Effective incident response teams can include a group of full-time employees designated as incident responders or a team of outside consultants (via a third party) hired for 24/7 incident response support.

9.    Companies will overlook key vulnerabilities, as regulatory compliance continues to drive organizational security. Let’s face it – state and federal regulations remain the yardstick by which the comprehensiveness of data privacy and security are measured. But using such a “checklist mentality” to drive security initiatives is dangerous because a number of data security regulations overlook basic IT security controls. Certainly there are regulations that address the need for encryption or the development of an incident response plan but few require a wide range of best-practice controls such as up-to-date anti-virus software. As more breaches occur as a result of security gaps, we should expect to see governing agencies offer specific guidance on risk assessment and standard IT security controls.

10.    Breach notification laws will gain traction outside of the US. While the U.S. Congress struggles to reach consensus on a federal breach notification law, internationally the idea is gaining momentum. Germany began requiring breach notice in all sectors in 2010 and several other EU nations have expressed interest in putting similar requirements in place. Meanwhile, Canada is also considering mandatory breach notice as part of proposed revisions to PIPEDA, which governs how Canadian businesses collect, use and disclose personal information. Companies with a global presence should watch these developments closely because they could have significant impact on their operations abroad.

SpyEye Trojan source code published, trouble likely ahead

Tuesday, August 16th, 2011

DamballaWould-be hackers can now find the source code for SpyEye, the data stealing Trojan that was previously sold for $10,000, on sale cheap. Ranked as one of the top three Web treats in 2011 even before the inexpensive SpyEye malware kit was available, the Trojan now lets cyber criminals use the kit without the attribution that used to make it possible to trace it back to its source.

Security firm Damballa, which has been tracking SpyEye for some time, says in a blog post that the release of the source code for the Spyware, which is used to capture banking and other financial information, is a “two-edged sword.” On one hand, it may help security researchers find bugs in the program. On the other, it means anyone can now use it.

It is sophisticated spyware that can evade or disarm detection and removal and has even caused bank security systems trouble. The thing is dangerous.

Sean Bodmer, Damballa’s senior threat intelligence analyst, wrote on the company blog, “Now that SpyEye has been ousted it is only a matter of time before this becomes a much larger malware threat than any we have seen to date. So for the next few months, please hold onto your seats people… this ride is about to get very interesting.”

Report says: preventitive measures no longer enough for cyber security

Thursday, January 27th, 2011

MandiantATLANTA – It is no longer acceptable to rely solely on preventive measures for cyber security. Combating targeted threats requires a sustained effort and the capability to perform rapid threat detection and response. So says MANDIANT, a company selling incident response and computer forensics solutions and services, in its second annual M-Trends report released at the U.S. Department of Defense Cyber Crime Conference 2011 at the Hyatt Regency Hotel in Atlanta.

The M-Trends series spans more than a decade of lessons learned on the front lines of intrusion investigations for the U.S. government, defense industrial base and commercial organizations. When Prevention Fails spotlights malware capabilities and techniques and other highly complex and sophisticated attack schemes used by the Advanced Persistent Threat  across a breadth of organizations.

Content presented in M-Trends has been derived by MANDIANT from unclassified environments and sanitized to protect victim identity and data.

Some excerpted trends and conclusions from M-Trends: When Prevention Fails:

It is no longer acceptable to rely solely on preventive measures. Combating targeted threats requires a sustained effort and the capability to perform rapid threat detection and response.

The majority of victims were either compromised by a targeted e-mail campaign or were victims of a prior intrusion that was never appropriately remediated.

Threats have evolved faster than our ability to reliably safeguard our assets. To better protect our information and intellectual property, we must adapt our organizational security programs to meet the emerging challenges.

Done right, threat detection and response provides IT security teams the situational awareness to rapidly detect incidents, suppress their impact, develop their own threat intelligence and rely on other timely intelligence to proactively inspect your networks for the fingerprints of compromise.

“In more than fifteen years of responding to incidents I have learned combating targeted threats requires a sustained effort and the capability to perform rapid threat detection and response,” said MANDIANT Chief Executive Officer Kevin Mandia, one of the report’s principal authors.

M-Trends is written for information security professionals in the enterprise and to increase our collective understanding of the advanced threat landscape. The report continues to break new ground in our collective understanding, information sharing and evolution of the APT and other sophisticated attacks targeted at government and commercial organizations.

“Between Aurora, Stuxnet, and the Wikileaks distribution of classified wires, 2010 should have made it abundantly clear that the stakes have changed,” said Josh Corman, Research Director for Enterprise Security at The 451 Group.

“We are well beyond casual attackers whose attacks conform to mainstream 80/20 rules and compliance checkboxes. Adaptive Persistent Adversaries know you are compliant and do not care. It’s time to refresh your models and to invest in greater visibility for early detection and prompt, agile response. Industry reports like M-Trends can help increase broader awareness and understanding of the advanced threat landscape.”

To download a copy of M-Trends: When Prevention Fails, see:

Investigators infiltrate cyber-crime networks, shed light on online black market

Thursday, January 20th, 2011

Panda SecurityORLANDO, FL – PandaLabs, Panda Security‘s anti-malware laboratory, infiltrated the cyber-crime black market and has released a fascinating report on what it found in the darker back alleys of the Internet.

It discovered a vast network selling stolen bank details along with other types of products in forums and more than 50 dedicated online stores. This is a rapidly growing industry and cyber-criminals are aiding and abetting each other’s efforts to steal personal information for financial profit. After posing as a cyber-criminal to infiltrate the network, PandaLabs made some alarming discoveries which are available in the full report .

The cyber-crime black market, which has traditionally centered on distributing bank and credit card details stolen from users around the world, diversified its business model in 2010, and now sells a much broader range of hacked confidential information including bank credentials, log-ins, passwords, fake credit cards and more. But as openly available as this information is, PandaLabs discovered that it can only be accessed by personally contacting the hackers who are promoting their information for sale on forums and in chat rooms.

Making the Sale

By having access to bank credentials, criminals can easily defraud any bank or credit card account long before the hack is discovered. Alarmingly, this data can be purchased for as little as $2 per card, but this level does not provide additional information or verification of the account balance available. If the buyer wants a guarantee for the available credit line or bank balance, the price increases to $80 for smaller bank balances and upwards of $700 to access accounts with a guaranteed balance of $82,000.

Prices are higher if the accounts have a history of online shopping or use payment platforms such as PayPal. For a simple account without a guaranteed balance, PandaLabs found prices starting at $10 and increasing to $1,500 depending on the platform and the guarantee of available funds. Similarly, these cyber-criminals also offer cloned credit/debit cards (from $180), card cloning machines ($200-1,000), and even fake ATM machines (from $3,500 depending on the model).

Money laundering, other services available

Additional products such as money laundering services (bank transfers or cashing checks) are available for a commission ranging from 10 to 40 percent of the operation. If buyers want to use stolen bank details to buy products online, but are wary of being traced through the delivery address, the cyber-criminals will make the purchase and forward the goods for a fee of between $30 and $300 (depending on the chosen product).

For more sophisticated cyber-criminals who want to set up their own fake online stores and use rogueware techniques to obtain both user details and also reap the money these unsuspecting victims pay for fake antivirus products, there are also teams available to deliver turnkey projects, design, develop and publish the complete store, even positioning it in search engines. In this case, the price depends on the project.

Prices for botnet rental for sending spam (using bot-infected zombie computers, for example) vary depending on the number of computers used and the frequency of the spam, or the rental period. Prices start at $15 and rise to $20 for the rental of a SMTP server or VPN to guarantee anonymity.

Cracks in cyber security reveal gaping holes in our digital defenses

Tuesday, December 14th, 2010

By Allan Maurer

InZero device

The InZero security device

RESEARCH TRIANGLE PARK, NC – Cybersecurity still seems to be an afterthought among everyone from McDonald’s to Gawker Media, not to mention the U.S. government and military. Too many entities worry about digital security only when it is breached.

Great business strategy that. Apparently, even giving your email address to a publication such as Gawker or to McDonald’s during one of its promotions, can expose your private data these days. Both admitted to serious security breaches as 2010 ends, while many Twitter accounts – including mine – were hacked by someone selling Acai for weight loss this week. Probably because I used the same password for both sites (see: Spammers Exploit Gawker) on Gawker, where I commented maybe once.

TechJournal South had its own problems with a hacked ad server a few months back and had to shift to another. Two major ad networks were hit with a similar problem this week.

And most of those security breaches were relatively minor in the scheme of things. Many more serious ones have already occurred and we have little doubt are to come.

But coming on the heels of the WikiLeaks fracas, these breaches all show a laxness about cybersecurity that I think is increasingly dangerous on the part of commercial enterprises, government agencies and the military, not to mention to each of us personally.

The problem is partly inherent in the open, accessible nature of the Internet. The very ease with which we swim the Internet’s electron sea makes us vulnerable to sharks. Still,the bad guys, be they foreign hacker crews backed by their own governments, malware creators, spammers, scammers or plain old crooks, actively hack away at us, while credit card companies, government agencies, and businesses remain all too often re-active.

We can’t win the cybersecurity battles that way.

It is absolutely necessary – probably for all of us, but certainly for government and commercial entities – to actively combat this problem. Harden passwords, be careful about what we put on thumb drives or pick up on them, shred documents with sensitive data, and find and use security systems not so easy for cyber criminals to break through.

I’ve noted one approach that seems to be powerful, that of using a security device separate from other equipment that acts as a lockbox preventing suspicious or actual malware and other intrusions from ever reaching operating systems. See: Herndon-based firm grabbing media attention for security device. And: NZero keeps the bad guys out.

Meanwhile, Panda Security of Orlando, which provides antimalware software in the cloud rather than on individual machines, has listed the top ten cyber security threats it sees for 2011.

See also: WikiWars: The Face of future conflicts.

There are contrary views. Over at InformIT, Gary McGraw & Ivan Arce explain how the current climate of exaggeration and FUD surrounding cyber attacks does not ultimately serve the best interests of computer security research in Cyber Warmongering and Influence Peddling.

Email TJS Editor Allan Maurer: Allan at TechJournalSouth dot com.