iPad – first the hype, now the threat

_47197357_ipad-name-jobs-bodiPad’s domination of the news agenda has provided a golden opportunity for cybercriminals to target consumers hungry for more information on Apple’s new creation.

As soon as the announcement was made, we observed that related search terms had become targets for Blackhat SEO attacks and phishing attacks. People interested in finding out more about the iPad over the internet must be on guard. 

The excitement over the iPad has been building for months now, so it’s only to be expected that its announcement would spark a huge spike in search traffic relating to certain terms. Sadly, this is just the kind of opportunity fraudsters like to exploit by poisoning search terms, and we can also expect to see iPad-related spam and phishing attacks hitting consumers hard over the coming weeks. We’d advise the curious to be on their guard. 

Tips for avoiding iPad pain:

  •  Avoid clicking on suspicious links in email or IM messages as these may be links to spoofed Web sites
  • Symantec security experts suggest typing Web addresses directly into the browser rather than clicking on links within messages.
  • If an email offer looks too good to be true, it probably is. Go through authorised and known suppliers or information sources
  • Always be sure that your operating system is up-to-date with the latest updates, and employ a comprehensive security suite
  • Delete all spam

 Candid Wueest

January 28, 2010 | Filed Under Spam, cyber-crime, misleading applications, security | Leave a Comment 

Data Breach Costs Increase… Again

The Ponemon Institute has just released its latest report into the cost of data leaks and once again the costs have risen. OK, so it’s not a massive increase ($204 from $202 per record), with the average total cost up $100K to $6.75M. One unusual statistic is that those companies who rushed to inform their customers too quickly (less than a month) ended up paying more ($219 vs $196 for the others.) This was probably because they didn’t know all the facts before rushing out to inform the people involved. For example if you assume that all the customers were affected but it turns out only half were, then it is possible to see where the increase cost can occur.

For most organizations, they don’t know and can’t prove who has been affected and how – so notifying everyone is the only option. Understanding all the locations of sensitive data and what is and isn’t exposed should make up a cornerstone of any information protection policy – it’s not just good business sense, it also make good financial sense as well.

Guy Bunker

PS Remember there’s a good book on the preventing data leaks!

January 27, 2010 | Filed Under data-loss | Leave a Comment 

Rumours of Johnny Depp’s death just a scam

johnny_depp1_300_400Once again cybercriminals are at it again spreading rumours and lies to try and trap the unwary. Several news outlets are reporting a set of spam emails circulating about an entirely untrue car crash story, misreporting that Johnny Depp had died over the weekend.

Symantec has investigate the spam and it appears that this is nothing more than yet another Fake AV Scam which attempts to trick users into paying them to remove malware which is not present on their systems.  We detect this as VirusDoctor. Symantec customers, both consumer and enterprise, are already protected. As we reported at the end of last year, unfortunately these sorts of fake AV downloads are not uncommon – indeed the Symantec Rogue AV Report suggested we had seen over 43million people download fake security software in a 12 month period.

As ever, it is important that people keep on their guard when searching for information on the Web. Make sure your legitimate antivirus software is updated and if you are ever feel yourself being strong-armed into buying antivirus software from any dubious online sources – Don’t do it! Instead go to a trusted source such as your local physical shop.

Dominic Cook

January 25, 2010 | Filed Under Phishing, Spam, Uncategorized, cyber-crime, misleading applications, security | 1 Comment 

Why All The Scare Stories?

I spoke at the EuroCloud event earlier this week in London and one of the questions the moderator asked was ‘why all the scare stories?’ The flippant reply was, that without them there wouldn’t be much to say! But the follow on response was that we need to learn. Every story, whether it’s security, data leaks or availability, that hits the news of something less-than-good happening is an opportunity to check internal processes and procedures.

  • What would we do if this happened to us?
  • What do we do to ensure that this won’t happen to us?
  • How do we prevent this happening in the short term?
  • What about our suppliers and partners?

So the next time you hear of something in the press, don’t just sit back and think ‘it won’t happen to me’, make sure that it won’t (and be able to prove it) and ensure that your partners and suppliers are equally well prepared.

Guy Bunker

January 22, 2010 | Filed Under Availability, Cloud computing, security | Leave a Comment 

Emergency IE Patch today

Microsoft has announced that today (Thursday 21st January) at approximately 6pm UK time, it will release an emergency out-of band patch to fix the Internet Explorer zero day security vulnerability that has been used by attackers in various high-profile targeted attacks, specifically the recent Trojan.Hydraq attacks waged against Google and a number of other companies.

The vulnerability affects Internet Explorer 6, 7 and 8, which make up the bulk of the versions used today. However, the only in-the-wild exploit code for this vulnerability detected thus far is confirmed to affect just Internet Explorer 6.

Based on our in-the-field detections, this security vulnerability has only been used in a very limited number of targeted attacks so far, however they appear to be very high profile attacks. The most likely attack vector used in the incidents seen thus far is targeted e-mails containing legitimate looking attachments or links to Web sites sent to high-level employees. When the attachment is opened, an exploit for the vulnerability springs into action and the computer becomes infected.

Despite the fact that we’ve seen just limited attacks using this vulnerability, with exploit code public, there is no reason to think we won’t see more attack attempts. And you can be sure bad guys are working overtime to create reliable exploits for the other affected versions of Internet Explorer, namely 7 and 8.

This security hole is so dangerous because it allows for remote exploitation. This means attackers can run any malicious code of their liking on a victim’s machine by taking advantage of the vulnerability.”

We strongly encourage users to patch their systems against this vulnerability. In addition, businesses are encouraged to consider implementing an automated patch management solution to help mitigate risk.

Dominic Cook

January 21, 2010 | Filed Under Patching, Virus, cyber-crime, security, trojan | Leave a Comment 

January job hunting season could see companies lose more than just employees

As the business world leaves the excess of the Christmas party season behind, many employees will approach the New Year with the aim of leaving their current job behind. January is notoriously the time for fresh starts with as many as one in three employees making it their resolution to find a new job. In order to ensure confidential data does not depart with them, so its crucial that those in management begin taking steps to secure corporate information now.

The lack of prospects in 2009 resulting from the recession meant that many people stayed in jobs which they would otherwise have left. With the first signs beginning to emerge that 2010 might herald a turnaround in the job market, it is certain that many will be eager for the opportunity to move elsewhere.

Unfortunately we see that that many employees will take confidential information with then when they leave. Company documents, passwords and online information are often seen as being ‘fair game’ when leaving an organisation, with few feeling guilty about retaining access to information or databases that they’ve used for years. Well meaning employees can also take sensitive information with them by simply forgetting to hand a memory stick back or wipe their personal mobile device before leaving. It is important that companies have policies in place to protect against such ‘accidental theft’ as well.

The vast majority of ex-employees will not take information out of any malicious intent but simply to retain access to data they feel they created, or passwords that will allow them to maintain access to paid for databases. However, regardless of their intent, employees do not own this company data and by taking simple moves such as regularly changing passwords and tracking the internal movements of confidential documents, companies can ensure their information is protected not just from external attack but also from past employees.

Chi-Chi Liang

January 15, 2010 | Filed Under Insider, Storage, cyber-crime, data-loss, security | Leave a Comment 

10 Years On From Y2K…

… And do you know anymore about your IT estate than back then? The chances are you know less. Ten years ago there had been a mass ‘panic’ to find all the systems and ensure that they wouldn’t fall over when the millennium changed a slow decline in understanding what was where has subsequently ensued. Of course back then we weren’t worried about the data, it was the systems… and for most organizations, the bulk of the IT was within IT boundaries. There were laptops, but very few people had email on their phones. How times have changed (or not as the case may be).

From a compliance perspective, you should know where all the systems are and their various levels of OS and application patches. There should be anti-virus, anti-malware on the various endpoints and kept up to date. Data, especially customer data (and other company confidential data) should be monitored and controlled in all places – which means that the smartphone should be treated like the laptop and suitably protected.

2010 will be the year that ‘cloud’ computing becomes even more important to business. A recent survey on datacentres by Symantec has found that it is the medium size business (less than 10,000 employees) that are looking to new technologies to provide cost savings as well as business advantage. But… before rushing down that route, companies need to look at what they have today and get their house in order. So, now the snow is starting to clear and people are thinking about the upcoming year:

  1. Find out what your IT environment really looks like today. Where are the systems/devices that hold your information (don’t forget the smartphones, memory sticks etc.)
  2. Work out what data is important to you and where it can be found.
  3. Create a list of potential applications that could be put in the cloud (out-tasked).
  4. Arrange a meeting between the senior IT folk and line of business leaders to talk through each other’s plans and help set priorities.
  5. Take a read of some of the multitude of articles on what is important to IT, security, storage in 2010 and see which are relevant to you.
  6. Create a plan of action for the next 90 days which brings IT closer to the business – and vice versa.

2010 looks like the year when there will be a lot of talk about the recession ending, but in reality it won’t make a huge difference for the next 6-9 months, so there is time to get things in order. Once the market really does pick up, and budgets become a little more relaxed there won’t be time to plan – as it will be all hands to the pumps to make money!

“In preparing for battle I have always found that plans are useless, but planning is indispensable.”

Dwight D. Eisenhower (1890 – 1969)

Guy Bunker

PS It’s not a bad thing to look at your home IT as well… do you need to revisit your backups (what, you still aren’t doing backups?!?!?!), or renew subscriptions to AV applications, or if you have a new computer for Christmas, look at deleting the data off the old one before getting rid of it.

January 12, 2010 | Filed Under Availability, security | Leave a Comment