TechJournal South Header

Posts Tagged ‘spyware’

Eight of ten companies hit by Web attacks, study says

Friday, March 29th, 2013

lockA new Web security study finds that the vast majority of organizations that allow employees to freely access the Web are experiencing high rates of malware threats, including phishing attacks, spyware, keyloggers and hacked passwords.

Conducted by Webroot,which sells Internet security as a service, the study reveals that Web-borne attacks are impacting businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities.

We hate to harp on a single theme, but more and more studies show that cyber security is overwhelming many businesses as a nearly unbroken string of prominent hacks, security breaches and loss of information by major companies, organizations and even government agencies shows.

To mitigate these significant business risks a properly layered defense with effective endpoint and Web security and monitoring needs to be in place.

Top-level corporate study findings:

  • 8 in 10 companies experienced one or more kinds of Web-borne attacks in 2012
  • 88% of Web security administrators say Web browsing is a serious malware risk
  • Phishing is the most prevalent Web-borne attack, affecting 55% of companies

The study, which surveyed Web security decision-makers in the United States and United Kingdom, found an overwhelming 79% percent of companies experienced Web-borne attacks in 2012.

These incidents continue to represent a significant threat to corporate brands. Results show that almost all of the Web security administrators agreed that Web browsing is a serious malware risk to their companies.

We’re online so much here at the TechJournal that we backup our own cloud-based antivirus program with regular scans by Malware Bytes (which has repeatedly found and deleted trojans and other malware missed by our other protection). We also use Spybot , which will immunize your system against many threats, and SuperAntispyware, which is very good at removing third party tracking cookies.

Despite the obvious awareness of the risks, only 56% of participants said they had implemented Web security protection and more than half of companies without Web security had Web sites compromised.

“Protecting against Web-borne malware should be a high priority for all organizations since once inside a network, the propagation of malware can take down the entire company, effectively disabling an organization,” said Sara Radicati , President and CEO at Radicati Group.

“Finding a balance between providing employees Web access and ensuring corporate information security requires a solid Web security solution and is an essential requirement for companies to avoid this costly liability.”

The major trends that are driving businesses and information technology today—mobility, social networking, BYOD and cloud computing—are also making organizations more susceptible to security attacks.

More than ever, cybercriminals are taking advantage of these Web-based vulnerabilities, making the threat landscape more challenging. According to the results, phishing represents one of the fastest-growing causes of breaches and data loss as cybercriminals become progressively adept at luring users into divulging sensitive corporate data.

“It’s no surprise that the latest study shows that attacks are increasing in frequency, complexity and scale. Organizations need to implement layered defenses from the endpoint to the network to understand not only what is happening but where the attacks are manifesting from and when,” said David Duncan , Chief Marketing Officer at Webroot.

“Given that instantaneous attacks are morphing constantly and are eluding traditional detection mechanisms, organizations require a cloud-based solution that is effective in this new environment, as well as easy to deploy, quick to respond and flexible to address today’s sophisticated cyber-threats.”

What can organizations do?

The new “Web Threats Expose Business to Data Loss” report provides a comprehensive analysis of the current Web-based vulnerabilities, and includes steps to reduce the risks associated with this rapidly changing threat landscape. The full report is available at

Online behavioral tracking pervasive, Google privacy practices often violated

Thursday, June 28th, 2012

KeynoteAn in depth analysis of the behavioral tracking of 269 websites across four industries found that 86 percent place one or more third-party tracking cookies on visitors and many violate Google’s privacy practices, says Keynote Systems (NASDAQ:KEYN),which sells Internet and mobile cloud testing and monitoring solutions.

What’s more, 60 percent of these third-parties had at least one tracker that didn’t promise to comply with at least one common tracking standard.

A third-party tracker in this context is simply defined as a business that has access to your computer, when you visit a particular Website, so that they can record your browsing history and other personal data, and is a completely separate organization from the owner of that site.

The presence and identity of third-party trackers is typically invisible to users browsing their favorite Web pages.

tracking graphic

The number of Websites that allow visitors to be tracked by third-parties may be surprising to some, but as consumers begin to understand that their online behavior can be recorded, enterprises will have to work even harder to ensure that consumers’ privacy expectations are met,” said Ray Everett, Keynote’s director of privacy services.

Keynote analysis showed that nearly all Travel & Hospitality and News & Media Websites have third-party tracking (95 percent and 96 percent respectively).

Three of four financial service sites use third-party tracking

Most surprising was the fact that nearly three out of four financial services sites examined expose visitors to third-party tracking.

And of the financial services companies with tracking, 52 percent of third-party trackers violate at least one of the industry’s most common privacy standards – such as participation in industry self-regulatory programs or offering consumer opt-out choices.

Keynote’s analysis also discovered that of the 211 third-party trackers identified during the study, only one committed to honor a visitor’s request not to be tracked via the new Do Not Track feature browser vendors are implementing. In addition, News & Media sites expose site visitors to an average of 14 unique third-party tracking companies during the course of a typical visit.

Behavioral advertising, a common use of third-party tracking data, is an increasingly common practice on the Web and one of the primary ways Websites fund their operations.

Third-party trackers place cookies on the browsers of site’s visitors to track a user’s clicks and path through the Web. They also can make note of things like what the visitor buys and where the visitor goes once they leave.

Working online at the TechJournal daily, we run various spyware removal software such as Superantispyware and delete more than 400 adware tracking cookies every few days. While most are not particularly harmful, they will clog your computer as they accumulate.

A “wild west mentality” prevails

“The Web advertising ecosystem is sprawling and complicated, with hundreds of ad networks all competing to gather as much targeting data on consumers as they possibly can,” Everett noted.

“It’s very much still a ‘wild west’ mentality and the activities of aggressive tracking companies can place Website publishers in a difficult position: how do you monetize your Website without alienating your visitors and exposing yourself to legal risk?”

Everett concluded, “Ultimately, the burden of policing third-party trackers falls on the shoulders of Website publishers. A publisher is responsible for the content of their Website, including the practices of the advertisers appearing on it. Monitoring the constantly changing advertising ecosystem is a daunting task, but the consequence of failure is the placing of your brand’s reputation at tremendous risk.”

Keynote performed its online behavioral tracking analysis on data collected from the company’s own global test and measurement network and leveraged the Keynote’s new Web Privacy Tracking service announced last month.

Apple applies to patent questionable spyware

Wednesday, August 25th, 2010

EFF logoWASHINGTON, DC – The Electronic Frontier Foundation says a patent application by Apple Inc. looks suspiciously like spyware and what the EFF calls “traitorware.”

EFF writer Julie Samuels reports that the Apple patent application is for technology that would allow the company to identify and punish users who tinker with their devices, such as by jailbreaking an iPhone.

“This patent application does nothing short of providing a roadmap for how Apple can — and presumably will — spy on its customers and control the way its customers use Apple products,” Samuels writes.

She says the patent application provides for a device to determine a user’s identity, whether or not the user is unauthorized, record the voice of a user, determine the current location of the device, and take a photo of the location and even determine the user’s heartrate – all without the user’s knowledge.

All without your knowledge

Apple does not say in the application how it would use the information, how long it will keep it, or who it would share it with. EFF warns that if Apple collects the information, sooner or later, law enforcement will come for it or may order Apple to turn it on. Also, a not uncommon data breach could expose the personal information collected to third parties, EFF says.

While apparently aimed at locating stolen devices and shutting off access to personally sensitive information, the patent allows for much more than required for those uses, the EFF says.

The EFF calls the patent application “downright creepy and invasive,” and suggests the company shelve the idea before it backfires.

Personally, while we’re not enamored of Apple products particularly, this reminds us of the government slogan in 1984, “Big Brother is Watching,” with “Steve Jobs” substituted for Big Brother.

This is sure to kick up controversy as it becomes better known.

To contact TechJournal South Editor & Writer Allan Maurer: Allan at TechJournalSouth dot com.