Why Wireless Isn’t

By Guy Bunker | April 17, 2009 | Leave a Comment 

Guy Bunker

Even wireless networks depend on a wire of some kind, it might not be attached to your handset or computer, but somewhere along the communication chain there is a wire… and if that wire is severed… well… then there will be an outage. In a storyfrom California earlier this week, sabotage was blamed for the severing of fibre optic cables which resulted in outages for mobile phones, landlines and Internet services. So what – well, companies need to be prepared for every eventuality in their disaster recovery / business continuity planning (DR/BC) and nowadays that has to include communications.

Disasters don’t have to be on-site to effect you and in the case of communication cables can be a relatively long way away and still have an effect. By asking questions to your service provider(s) you will be able to plan for an outage. Could you re-route the main switchboard through a different service, how about email? In the case of your datacentre, is it possible to have multiple Internet service providers, with different access points and cables?

IT is now a critical part of operational risk and as such the scenarios and planning around potential disaster needs to be re-examined. While this was a case of sabotage, more often than not it is a careless contractor digging up the road who severs cables… its better to be prepared for such an occurance than not…

60% Of Malware Created In 2008

By Guy Bunker | April 17, 2009 | Leave a Comment 

Guy Bunker

Symantec’s latest Internet Security Threat Report came out this week and it showed that Symantec issued 1,656,227 new malicious code signatures in 2008. This is more than all the previous years put together!
istr2009-1
This represents a tipping point, where it is now easier to look at the good stuff rather than the bad. By following the trend and anticipating the changes, Symantec’s anti-malware products are now a mixture of technologies, blacklisting (the old way – spotting the bad stuff), whitelisting (lists of the good stuff), reputation based (so that new ‘good stuff’ doesn’t get ignored) and behavioural (if there’s something, previously unknown, that is behaving badly it can be stopped.)

One of the other interesting statistics was on the rise of bots. Globally bots are up 31%, with EMEA up 47%. Bots are responsible for around 90% of the spam… so if your computer is infected then you are part of the problem!

Cyber-criminals are still after your confidential information with credit card and bank account details topping the list. Prices on the underground economy have fallen this year indicating that there is more information around and more people trying to sell it. Look after your information – and keep your system up to date – with OS and application patches along with the latest virus definitions. All this can happen automatically… as long as you don’t turn the functionality off.

Business Continuity Failures Costs The UK £11 Billion

By Guy Bunker | April 17, 2009 | Leave a Comment 

Guy Bunker

New research from the Business Continuity Institute has shown that overlooking risks costs UK firms around £11 billion. The issue they highlight is one of looking at suppliers, especially in the economic downturn. In essence, would your company survive if your key supplier went out of business?

They have also produced a nice simple survival guide to help weathering the economic downturn. There are 18 self-assessment questions which will make you think through some of the issues – and might even nudge you into reviewing your Disaster Recovery / Business Continuity plans.

Credit Card Information… Going Cheap

By Guy Bunker | April 14, 2009 | Leave a Comment 

Guy Bunker

Symantec’s latest Internet Security Threat Report has updated its figures on the cost of information on the underground economy. Topping the list again this year is credit card information – but the prices is 40% less than last year! How much for your credit card details… a measly $0.06. Or about 4p. Staggering isn’t it. The quantity of information has also gone up, indicating that more people are falling for scams and exposing their credit card numbers and in a typical supply and demand economy there are also more people selling the information. Phishing sites were up 66% on 2007 and the most popular topic… finance.

Email passwords were also on the list and moved up to #3 behind credit card and bank details. Why? Well, there is a lot of information stored in email, including things like credit card details and bank information. Usernames and passwords in general are useful to the cyber-criminal, if its for someone at home, they might have access to one or two pieces of useful information – but if it is a work account, then they might be able to obtain access to complete customer details, or new product details or sensitive financial information.

In tough economic times one of the goals for companies and individuals alike is to save money… and one of the best places to do that is on the Internet. There are a lot of genuine Internet bargains out there but unfortunately there are a lot of scams as well. Just be a little extra vigilant and watch a little closer for them – after all a bargain that appears too good to be true probably is… and you could end up being the victim of fraud.

istr2009-3

Beware The Browser…

By Guy Bunker | April 14, 2009 | Leave a Comment 

Guy Bunker

Symantec’s latest Internet Security Threat Report came out today and one of the trends highlighted is the Internet browser. It’s not just the browser that has vulnerabilities it is also the plug-ins. The average time to fix a problem in the browser is around a week, but some of the maximum times are around six months! However, at least there are fixes and providing you have auto-updates switched on, or have the ‘check for new version’ you should get these pretty quickly after they come out.

However, there were 424 vulnerabilities in browser plug-ins and these are seldomly updated automatically. The most popular vulnerability is memory corruption which enables the cyber-criminal to run any piece of code and basically take over the machine or do whatever they like. Most of the threats are to your confidential information. Social engineering attacks are also in the running, which ultimately result in the user inadvertently installing malware on their machine.

Many of the pieces of malware are now multi-functional, with many allowing remote access, exporting user data and logging keystrokes at the same time. What does this mean, well if you happen to be doing a bit of on-line banking (or shopping) then the cyber-criminal could end up with your bank or credit card details… and they you could become a victim of fraud or worse still identity theft.

New pieces of malware have been created which can be used to become whatever is needed – by downloading content or the payload from cyber-criminal web sites. So, they can be spambots one day and run denial of service the next. Conficker / Downadup is probably the most infamous of this type of malware, although it is unclear as to what the payload is going to be. Having your machine host a spam service unknowingly or perhaps participate in a denial-of-service attack is not good.

So if you are an organization then you need to look at your security and patching policy. Ensure that the latest security definitions are delivered to your users in a timely manner – this will keep you protected while you work on patching the OS and applications. You should also look at a policy for patching or regularly updating browser plug-ins as well.

If you are an individual, then you should also keep your security definitions up to date and also ensure that the OS and application updates are installed. So, if a reminder appears on the screen that an update is available – then install it now, don’t put it off. You may regret it later.istr2009-2

The Worm Turns?

By Guy Bunker | April 9, 2009 | Leave a Comment 

Guy Bunker

A new sample of Conficker (Downadup) has been found on one of our honeypot machines. (These are part of our Global Intelligence Network – which operates in 200 countries, gathering details and statistics on malware.) The new sample has reintroduced one of the exploit vectors (MS08-067) and also appears to be connected to another piece of malware (W32.Waledac) a very active spambot.

W32.Waledac steals sensitive information, turns computers into spam zombies, and establishes a back door remote access. Symantec products already provide antivirus and IPS protection for Waledac.

Perhaps most interestingly, there is also a ‘kill’ component – whereby it looks like the worm will remove itself from infected hosts on May 3rd 2009. Does this mean that there will be a new variant by then, or will its true purpose have been revealed by then?

Cyber-terrorism And Critical National Infrastructure

By Guy Bunker | April 9, 2009 | Leave a Comment 

Guy Bunker

News this week has said that the US power grid has been hacked by cyber-spies – which is all rather worrying. It used to be that Critical National Infrastructure (CNI) was owned by the government – it made sense, they were looking out for their citizens etc, etc and importantly, things like security were given a high priority.  However, that has changed and now they are owned by shareholders and so the emphasis is often more on profit and so security tends to play second fiddle to remaining competitive and making money. Add to this the fact that the Internet has enabled remote monitoring (less people, but more cyber-risk) and you can start to see the problem. A hacker today can be sitting in London, controlling a bot network in Russia and targeting America and in the click of a mouse could be targeting Australia routing through China. It’s almost too easy. There is a need to revisit CNI, look at how they can be attacked in the 21st Century and take suitable precautions.

The problem is not just CNI, companies and governments are increasingly putting in ‘secret’ or ‘secure’ networks, which in theory don’t connect to the Internet. Unfortunately some are finding problems they hadn’t foreseen – firstly virus infections. If you don’t get security updates then the network becomes a breeding ground for worms like Conficker which propagate using USB sticks and other routes. So, what – ‘it’s not attached to the Internet’… ah, there’s the other problem. Eventually, and it doesn’t seem to take long, someone installs a bridge between the ‘secret’ network and the corporate network and then the data can leak out. Why does the bridge get installed? Simple… time and money – with very little thought to the risks and consequences.

With a frightening increase in malware around, assumptions on security for CNI and internal secure networks needs to be revisited. Just because you don’t think your network is at risk, doesn’t mean it isn’t. In an economic downturn, the information you have and ignore might just be valuable enough for someone to  steal and sell. Now is not the time to take shortcuts and reduce IT security.

Cloud Computing & Journalists – An Analogy

By Guy Bunker | April 8, 2009 | Leave a Comment 

Guy Bunker

I was reading the article on how a national newspaper is now using cloud technology to great effect and increase the amount of time the IT can spend on helping build revenue streams. It’s always good to hear positive user stories on how new technology really helped.

I have been using an analogy to explain cloud computing which uses journalists as a key part of the analogy and it goes something like this…

A lot of papers and magazines have the need for external writers, either because in-house they don’t have time or the necessary skills. So, they contract out – they find a writer who has a good reputation, capacity and at the right price to do the work for them. When it’s done, they get paid and the writer moves on to the next job. If they decide that they need that writer (or particular skill) in-house then they might enter into some longer term arrangement, or hire the person permanently. It makes for an efficient process of getting what needs to be done, done – and in a timely and cost effective manner.

So… onto the cloud. The premise is very similar, you have the need for something to be done because you don’t have the time or the skills in-house. Unlike an outsourcing arrangement, this is something that needs to happen ‘today’ so lengthy contract negotiations are not an option – and it’s probably relatively short term, so a ten year outsource deal looks a little unwieldy! So you go to ‘the cloud’… find a service provider, someone who has the service required and the capacity you need. Currently there aren’t too many providers, so ‘reputation’ is derived based on their name – and that’s OK. You upload the data or the application along with credit card details… and the problem is solved. At the end of the time the results come back in and the agreement terminates. It’s a win-win situation. Of course, if the service is one that you decide you need more often, then you might bring a copy in-house or create a longer term contract.

So, the similarities between the cloud and the contract writer are, from 30,000 feet, reasonably analogous. Of course, the quantity of data and its sensitivity are very different in the cloud – security is an issue. The journalist may get sick which will affect their availability – in the same way that the cloud being ‘off the net’ will affect it’s availability.

Where does that leave those wanting to use the cloud? Well, the trick here is to know what it is you are trying to do, what the data is you want to push into the cloud and how sensitive it is and then to know what questions to ask the service provider.

Security and the cloud is the topic of my upcoming InfoSec talk later this month at Earls Court in London. See you there.

Would You Hack For Cash?

By Guy Bunker | April 3, 2009 | Leave a Comment 

Guy Bunker

A report today shows that one in three teenagers would commit cyber-crime for money. While this may sound terrible, there was another report a couple of months ago that said that 79% of people steal company confidential  information when they leave a company. So, which would you rather … a third of the teenagers (who are probably boasting) or more than two thirds of your workforce (who actually do take the information)!

Of course, there is a more serious side here, I have been looking over the latest Internet Security Threat Report (which comes out soon), and the results we will publish are scary – not just with the number of threats that are going up, but also how ‘commercial’ some of the exploits are – such that anyone can use them if they put their mind to it. Of course the consequences mean that most won’t try, and with the commercialism comes organization and you don’t want to end up on the wrong side of the organized cyber-criminals.

It may be that cyber-crime looks like a quick way to make some money – especially if you are a teenager and believe all the things you read in the news. Undoubtedly there there is money to be made, otherwise cyber-crime wouldn’t exits, but it is like playing football… there are hundreds of thousands who do, but only a minuscule percentage who make a career out of it. (Unlike football, cybercrime is a criminal activity… at least football, at all levels, keeps you fit!) We need to instil cyber-security into our teenagers to help them keep safe online, not push ‘the dark side’.

« Previous Page