Spammers attempt Grand Theft from Auto Recall

Symantec’s March State of Spam and Phishing report has found that spammers are using recent car recalls as a premise to deliver spam messages and ‘phish’ personal details. Also this month, Symantec has noted a continued trend towards exploiting natural disasters with a high volume of spam and phishing linked to the Haiti and Chile earthquakes. Overall, phishing attacks increased by 16 per cent in March compared to February.

There have been several global product recalls from multiple car manufacturers recently which spammers have sought to exploit. The report uncovers examples where spammers try to trick the user to give up personal information by pretending to be a legal industry representative.

The world’s media have extensively covered the recent recalls from automotive manufacturers in the news. The interest from the public has been noticed by spammers who are tailoring phishing emails to benefit from the fear of car defects leading to accidents. By offering “free private case evaluation” and taking advantage of “sudden acceleration danger” spammers are instead collecting personal details for malicious use.

The following trends are also all highlighted in the March 2010 report:

  • Spam from .cn URLs on the decline, .ru is on the rise
  • A 12 per cent rise in phishing from non-English sites, attacks on Italian and French banks
  • Online auction marketing tools under attack

Link to new report: State of Spam and Phishing http://eval.symantec.com/mktginfo/enterprise/other_resources/b-state_of_spam_and_phishing_report_03-2010.en-us.pdf

Amanda Grady

No comment so far

March 12, 2010 | Filed Under Phishing, Spam, cyber-crime, data-loss, security | Leave a Comment 

And the Academy Award for the most dangerous search term goes to…

The team at Norton have been busy digging through the gossip since Sunday’s glamorous Oscar ceremony. They weren’t just looking for juicy rumours though; they’ve been looking for malware around the Academy Awards.

Cybercriminals often take advantage of public interest in both individual celebrities and world entertainment events, so it is no surprise that when the two combine, crooks get busy infecting websites. Norton found that around 50% of Oscar related internet search results lead to “poisoned” sites.

 Some of the most dangerous search terms (and the percentage of infected results) include:

  • “Oscar 2010 Winners” – 60% infected
  • “Music By Prudence” – 58% infected
  • “Kathryn Bigelow height” – 48% infected
  • “Sandra bullock Meryl Streep kiss” – 43% infected

Criminals predict public curiosity and infect pages that contain key words with malware. When a victim clicks through on links from search engines they inadvertently end up with their computer infected with a virus or inundated with pop-ups for fake, and in some cases dangerous, “anti-virus software.”
 
When searching for anything online, Oscar-related or not, it is important to be on guard. Make sure you have legitimate antivirus software that includes all the latest updates, and if you don’t, make sure you buy software from a reputable source.
 
Abigail Lovell

Photo by Flickr user Zadi Diaz, licensed under CC BY 2.0.

No comment so far

March 10, 2010 | Filed Under Phishing, Virus, cyber-crime, security | Leave a Comment 

Importance of end-to-end encryption in the retail space

CardFraudOur attention was caught recently by an interesting article on Retail Week by Verifone, which examined the importance of credit and debit card protection in the retail industry. As Verifone quite rightly points out, the theft of credit and debit card details is a highly lucrative activity and its popularity is growing rapidly worldwide. Indeed, our recent State of Enterprise Security Report revealed that 75% of enterprises have experienced a cyber attack in the past 12 months and that the average associated cost over the year for such attacks was as high as $2million – some pretty striking statistics.

Furthermore, the nature of credit and debit card theft is becoming increasingly sophisticated such that retailers will often process a payment transaction and not even be aware that a data breach has occurred – something that could have a serious impact not only on a retailer’s revenues, but also on their brand reputation. With such serious consequences at risk, Verifone states that it is time for companies to go beyond Payment Card Industry Data Security Standard (PCI DSS) guidelines, and secure entry points across the entire transaction chain.

The article has some good advice to offer retailers and with cybercrime continuing to grow at such a rapid rate, it’s advice that retailers can simply not afford to ignore.

Dominic Cook

No comment so far

March 9, 2010 | Filed Under cyber-crime, data-loss, security | Leave a Comment 

Lock Up Your Code

It has emerged that the latest set of high-profile cyber attacks were against source control management systems. For those not in the software engineering business, this is where source code for applications is held during development. A strange target you might think?

Cyber-criminals have been taking a longer and longer view of their activities and while the vast majority go for the quickest route to cash, stealing credit card and bank account details etc, there are those who are becoming more devious. So, why go after code? There are several reasons…

  1. Intellectual Property theft… if you have the source code, or other product designs then you could sell them on to the competition, or back to the original company.
  2. You can look for vulnerabilities to exploit. Having the code means you can find issues and use them – either by selling the vulnerability on the underground economy, or once more selling it back to the company it was stolen from.
  3. You could look to introduce vulnerabilities or  backdoors into the code. Just because someone has accessed the code, doesn’t necessarily mean that they have only take a copy of the code, they could have also changed some that is there.

If you think this is all a little far-fetched, then there was another report this week of a USB battery charger which has a backdoor in it, enabling unauthorized access to the system. Not too good for the reputation of the company… This will no doubt be the first of many such attacks. Software is complex at the best of times, the introduction of a backdoor is not hard to do… and as long as no-one spots it, it can offer a great deal of leverage for the cyber-criminal. Spotting a 20 line backdoor in a million lines of code is tough!

Development systems and code repositories should be afforded the same security as production ones. Segregated data and networks with intrusion detection / prevention systems will help in protecting your Intellectual Property – before someone else exploits it.

Guy Bunker

No comment so far

March 9, 2010 | Filed Under cyber-crime, data-loss, security | Leave a Comment 

Storage Goes Wild…

Good news… the CompactFlash Association has just released its V5 specification. This will up the maximum capacity to 144PB… as if the existing 137GB isn’t enough! Of course, it will be some time (couple of decades?) before we see devices with anywhere near this quantity of storage – but it is an indicator of where we are going, and more importantly where the supporting infrastructure, such as backup needs to move to. If you want a quick bit of mental arithmatic… how much would it cost to store 1PB of data on-line for a year today… answers on a postcard please… :-)

Now where did I put my HD video camera…

Guy Bunker

No comment so far

March 9, 2010 | Filed Under Consumerization, Storage | Leave a Comment 

UK ID fraud cases jump a third as malicious insiders turn to cybercrime

CIFASID fraud in the UK has increased by nearly a third (31.79 per cent) in 2009, according to a new report from CIFAS, the UK’s Fraud Prevention Service, as compromised identity details continue to be sold over the internet. The report points to an increase in gangs using collusive staff within organisations to steal personal data online for criminal gain. The CIFAS findings are gathered from its 265+ members across industries including banking, retail and telecoms.

Businesses need to be better protected against the dangers of the enemy within, particularly in industries such as finance and banking, where the value of the personal data held in online databases can be incredibly high. Our recent State of Enterprise Security report found that 40 per cent of businesses experienced a high number of internal, malicious attacks in 2009. In addition, a great deal of damage was also done unintentionally by staff, with 39 per cent of IT managers surveyed saying it’s a ‘high’ or ‘extremely high’ problem.

IT security was, for many years, focused on protecting against external threats and attacks. While those threats still remain, a more insidious threat – the malicious insider – has been steadily rising. The fact that cybercriminals are so well networked within UK businesses in order to bring about this kind of ID fraud, points to their increased professionalism and savvyness.

Symantec recommends that companies assess their policies and processes around employee access to sensitive data ensuring that they are appropriate for the employee’s position and are enforced and regularly reviewed. It advises that data loss prevention (DLP) solutions that offer protection at the endpoint, network and storage levels can also help.

Andy Ng, Data Loss Prevention Consulting Manager for EMEA

No comment so far

March 8, 2010 | Filed Under Insider, security | Leave a Comment 

The Butterfly effect – Mariposa

A virus-infected network of nearly 13 million computers around the world has been smashed by Spanish police. The Mariposa, or Butterfly, botnet included PCs inside more than half of America’s 1,000 biggest companies and more than 40 major banks.

Our colleague Vikram Thakur recently wrote a blog about the threat. Symantec has been tracking the threat since October 2009. At that time, a security company had reported that a large number of Fortune 100 companies had been infected. The same firm has worked with authorities in arresting alleged key members of the botnet ‘ring’.

Symantec products detect this malicious worm under multiple names, the most prominent of which is W32.Pilleuz. Pilleuz and its variants have been extremely active over the past several months. The threat itself has multiple capabilities and is able to spread via USB devices, instant messaging clients, and P2P. It has the ability to steal credentials and personal information, as well as accept commands from its command-and-control (C&C) server. One such command could be to flood network traffic to a certain domain, thereby performing a distributed denial of service (DDoS).

Details about what role the arrested people played in Pilleuz’s day-to-day operations are still sketchy. We’re hopeful that the arrests will have a significant impact on the infections Symantec is seeing.

Photo credit

No comment so far

March 5, 2010 | Filed Under botnet, cyber-crime, security | Leave a Comment 

The RSA Conference – Cloud, devices & social changing the game?

The weather may still be cold in London, but San Francisco has been hot this week, especially for the security industry. The USA RSA Conference is one of the premier security events, educating and connecting security professionals from around the world.

Symantec’s CEO Enrique Salem took the stage earlier in the week as one of the keynote speakers.

He discussed the information economy, and how this decade will change the way we think about it. The two major trends Enrique thinks will change the information economy significantly are the adoption of cloud computing and the explosion of digital devices. Along with the rise of social media, these trends make a trio that are linked and will accelerate the need for an information-centric approach to security.

All three rely on trust, and that trust requires security, privacy and compliance measures in place so that information can be accessible by the right people, on any device and from any place in order for the information economy to reach its full potential.

I found this really interesting. Enrique said that security is not only about putting up higher walls around information or locking down devices, it is about delivering solutions that provide trust and confidence. And he also spoke about how it is an opportunity for the security industry to enable, nurture and navigate through this future of the information economy.

It would be great to know what you are you doing in your organisation to securely allow information to flow freely between the right people. What has changed over the past five years and what predictions do you have for the next five?

Abigail Lovell

Photo credit

No comment so far

March 5, 2010 | Filed Under Cloud computing, Social Media, security | Leave a Comment 

Financial Data and the Mobile Generation

Last week we blogged about a report forecasting an increase in people using mobile devices to interact with their banks. At around the same time, Cisco also announced the findings of its US retail bank study, looking at How the Post-Crisis Financial Needs of Younger Consumers Will Transform Retail Banking Services.

The report looked at US Generation Ys, defined as being born between 1980 and 1992, and found that 97 per cent use mobile phones, a number that’s likely to be very similar in the UK – not unsurprising you might say. The really interesting finding is that Gen Y consumers are four times more likely than ‘boomers’ and ‘silvers’ (those born before 1960) to have posted a question about financial matters to a blog or online forum. Furthermore, 40 per cent of Gen Y customers use web-based personal financial management tools to manage expenses, reduce debt, and maximise long-term savings.

Generation Ys across the pond are clearly making the most of mobile technology to handle their finances, as they are most likely doing here in the UK.

As we blogged last week, more and more valuable information, like bank account numbers or passwords, are being stored on devices, like smartphones, and is presenting increased opportunities for cybercriminals. The banks who are offering mobile services need to ensure adequate security measures are in place and, most importantly, that Gen Y and other users who want to take advantage of the benefits and convenience of mobile banking are better educated about how to keep their data safe.

Photo credit: D Sharon Pruitt

No comment so far

March 4, 2010 | Filed Under cyber-crime, data-loss, security | Leave a Comment 

Is online security hindered by computer jargon?

Whether computer jargon is creating a barrier preventing people from learning how to protect themselves online is a discussion taking place at this week’s EastWest Institute meeting of global security experts. The EastWest Institute is a ‘think-and-do tank’ dedicated to debating pressing global security concerns and working with a network of individuals, institutions and nations to discuss and implement solutions.

The importance of using plain language to discuss computer threats isn’t a top priority of their seventh annual Worldwide Security Conference, headlined by Pakistan’s Foreign Minister, but it is still an important conversation.

“We use a lot of complex terminology where it’s not needed. We don’t encourage people to think enough,” said Steve Purser, head of technical competence at the European Network and Information Security Agency, speaking to Reuters.

People shouldn’t be made to feel baffled by IT security. Part of the job of vendors like Symantec, and other industry professionals, is to demystify it. Cybercriminals are evolving different tactics and increasingly new threats don’t always have a textbook answer. That’s why it’s incredibly important for people to have accessible sources of information in simple, easy-to-understand language. It’s particularly critical for smaller businesses who often don’t have a dedicated IT person to turn to. Do you feel that as an industry we need to be better at getting past the jargon?

No comment so far

February 26, 2010 | Filed Under cyber-crime, security | Leave a Comment 

Next Page »