Is online security hindered by computer jargon?

By Greg Day, EMEA Security CTO for Symantec | February 26, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

Whether computer jargon is creating a barrier preventing people from learning how to protect themselves online is a discussion taking place at this week’s EastWest Institute meeting of global security experts. The EastWest Institute is a ‘think-and-do tank’ dedicated to debating pressing global security concerns and working with a network of individuals, institutions and nations to discuss and implement solutions.

The importance of using plain language to discuss computer threats isn’t a top priority of their seventh annual Worldwide Security Conference, headlined by Pakistan’s Foreign Minister, but it is still an important conversation.

“We use a lot of complex terminology where it’s not needed. We don’t encourage people to think enough,” said Steve Purser, head of technical competence at the European Network and Information Security Agency, speaking to Reuters.

People shouldn’t be made to feel baffled by IT security. Part of the job of vendors like Symantec, and other industry professionals, is to demystify it. Cybercriminals are evolving different tactics and increasingly new threats don’t always have a textbook answer. That’s why it’s incredibly important for people to have accessible sources of information in simple, easy-to-understand language. It’s particularly critical for smaller businesses who often don’t have a dedicated IT person to turn to. Do you feel that as an industry we need to be better at getting past the jargon?

2010s Top 25 Most Dangerous Programming Errors…

By Guy Bunker | February 24, 2010 | Leave a Comment 

Guy Bunker

The new report from CWE and the SANS Institute on programming errors has now been released. It is based on the combined thinking of experts across the globe and a number of other sources. It should be made compulsory reading for all software engineers… whether developing internal applications or global products!

The report is relatively reader friendly – so you can skip to the good bits if you are an experienced programmer, or just the bits relevant to testers, mangers etc.

So, what was #1… well, it is all about web page structure – getting it wrong, opens the door to Cross Site Scripting, which we have heard about for several years now – so there is very little excuse for not getting it right.  SQL injection problems come in at #2 and #3 is the classic buffer overflow problem (which was a problem I ran into when I first started using ‘C’ back in the late eighties!)

#10 “Missing encryption of sensitive data” is one that strikes a chord with me – from a Data Leaks perspective. It’s one of the first things I look for when evaluating security in an application. Finally, #16 “Information Exposure through an error message” is good to see highlighted, as it really is becoming a problem – especially in internal apps. Programmers want / need as much information as possible in the event of an error – and so tend to put everything they know about the data record, for which the error has occurred, onto the screen… fine in the old days, but now a lot of that information constitutes a data-leak.

So… a quick email out to developers to take a look at the list – and perhaps a prize for those who find one or two examples in their current projects! (Especially if they then fix them in time for the next release…)

Guy Bunker

Don’t Slow Down Your Business this 2010 – Watch out for these 10 security speed bumps

By admin | February 24, 2010 | Leave a Comment 

admin

2000_10_4_prevTwo months into the New Year and we’re already starting to see a number of our 2010 cyber security predictions come true.  At the start of the new decade, cybercriminals continue to be relentless in their pursuit of new and sophisticated attacks against consumers and enterprises.

Here are 10 serious facts about security that cannot be ignored in 2010:

  1. Cyber Attacks Hurt Businesses: 75 percent of enterprises have suffered a cyber attack in the past 12 months, losing an average of USD $2 million annually.
  2. Global Spam Shift: Asia Pacific and Japan and South America are taking spam share away from the traditional leaders of North America and EMEA.
  3. Malicious Activity Chart Topper: China is the top country for malicious activity, accounting for 25 percent of the global total.
  4. Credit Cards Are Number One Item for Sale: Credit Card information is the most commonly advertised item for sale on the underground economy, accounting for 18 percent of all goods and services.
  5. Banks Get Phished: 76 percent of brands used in phishing attacks in 2010 were in the financial sector.
  6. Out with Traditional Spam, in with Targeted Scams: The total number of scam and phishing messages came in at 21 percent of all spam, which is the highest level recorded since 2007.
  7. News Agenda Drives Attacks: The earthquake in Haiti sadly drove up the volume of scam and phishing messages as spammers used the tragic event for their benefit.
  8. Cybercriminals Follow the Masses: In Asia Pacific and Japan, the top web-based attack for Oct – Dec 2009 was related to the Microsoft® Internet Explorer® ADODB.Stream Object File Installation Weakness, which accounted for 41 percent of the total. 
  9. Increasing Popularity of New Platforms will Drive New Attacks: Whilst an increase in iPad related search terms for SEO attacks and phishing attacks were observed during the Apple iPad launch.
  10. Cybercriminals After Information Rather than Infrastructures: Theft of intellectual property was reported as the top cyber loss for Singapore businesses.

Further details on the above statistics can be found in the below Symantec reports:

Symantec’s 2010 State of Spam Reports

Symantec’s Quarterly Intelligence Report

Symantec’s 2010 State of Enterprise Security Report

Belinda Lim

Getting your money on the move

By Greg Day, EMEA Security CTO for Symantec | February 23, 2010 | 1 Comment 

Greg Day, EMEA Security CTO for Symantec

A report from ABI Research has forecast that about 244 million people worldwide will be using their mobile devices to carry out financial transactions with their banks. Indeed, Asia (with India taking a strong lead) is already pushing this technology forward.

Needless to say that while the move towards mobile banking is a positive one, and almost certainly something that we’ll all get a chance to participate in over the coming years, it also opens the door for more security concerns. Back in September, Symantec’s Ray Greenan and Matts Aronsson spoke to TMCnet about just that.

What is clear is that as more and more valuable information is stored on mobiles, the more of an opportunity they present to cybercriminals. Data such as bank account numbers, credit card details, passwords and telephone numbers can all be sold on the underground economy.

For the banks who are rolling this out it’ll be important that as part of their Due Diligence they ensure they put adequate security measures in place and, vitally, educate end users on how to be safe.

“Kneber” = Zeus

By Greg Day, EMEA Security CTO for Symantec | February 19, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

Recently, Symantec observed some high-profile coverage of a threat being reported as a new type of computer virus known as “Kneber.” In reality Kneber is simply a pseudonym for the Zeus Trojan/botnet. The name Kneber refers to a particular group, or herd, of zombie computers (a.k.a. bots) being controlled by one owner. The actual Trojan itself is the same Trojan.Zbot that also goes by the name Zeus, which has been observed, analyzed, and protected against for some time now.

Since Zeus/Zbot toolkits are widely available on the underground economy, it is not uncommon for attackers to create new strains, such as Kneber, of the overall Zeus botnet. Though it is true that this Kneber strain of the overall Zeus botnet is fairly large, it does not involve any new malicious threats. Thus, Symantec customers with up-to-date security software should already be protected from this threat.

Symantec detects the Zeus Trojan, otherwise known as Trojan.Zbot, as the following:

•    Trojan.Zbot
•    Trojan.Zbot!gen
•    Trojan.Zbot!gen1
•    Trojan.Zbot!gen2
•    Trojan.Zbot!gen3
•    Trojan.Zbot!gen4
•    Trojan.Zbot!gen5
•    HTTP Trojan Zbot Domain (IPS)
•    HTTP Zbot Malicious File Download (IPS)

Check out the blog post Zeus, King of the Underground Crimeware Toolkits on Symantec’s Security Response blog to get a better feel for how an attacker can use the Zeus toolkit to create their very own string of the overall botnet. Also, Symantec has an extensive analysis of the Zeus botnet in the previously published whitepaper entitled Zeus: King of the Bots.

Symantec has also observed cybercriminals seeking to exploit computer users’ fears—spurred by all of the coverage that this threat is receiving—by poisoning search engine results for keywords such as “Kneber Botnet Removal.” In fact, when analyzed by Symantec, the highest ranked result on Google using these search terms led to a site hosting rogue antivirus software. Here’s a screenshot of the scareware in action:

fakeav_sml.JPG

Social approach to the General Election

By Greg Day, EMEA Security CTO for Symantec | February 18, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

votingAs the country gears up to the impending General Election the question of what role social media will play in targeting the increasingly web savvy population is growing in importance. Of course this isn’t a war that will be fought and won solely online, but there is no denying that with projects such as WebCameron and the Labour YouTube channel the battle lines are being drawn both on and offline.

The victory of President Obama was credited in part to his presence on and use of social media tools such as Twitter, and although as David Worsfold points out, it will have an impact on the UK campaigns, it is unlikely to play a pivotal role.

Using social media for any campaign throws up a host of potential security issues as we covered in our Security Response blog back in September. Of course, many users will be well versed in social media and know to only click on links from trusted sources but there is likely to be an influx of new users who trial social media on the back of these high profile campaigns.

Cyber criminals are getting increasingly savvy and are able sometimes able to infiltrate official streams in order to trick users into clicking on malicious links. It is vital that both veteran social media users and newbies understand the risks as well as the benefits in order to get the most out of web in what is set to be one of the hardest fought elections in recent times.

BBC reveals another Haiti scam

By admin | February 17, 2010 | Leave a Comment 

admin

haitiIt is certainly powerful stuff to see on national TV the perpetrator of a diabolical scam running in terror when confronted by a BBC camera crew – http://news.bbc.co.uk/1/hi/uk/8517243.stm after they traced him to Spain.

Allegedly, according to the BBC, this ‘gentleman’ was involved in yet another of the numerous scams and hoaxes trying to get well intentioned people to give their hard earned money to what they think it a worthy charity – in this case to support the needy in Haiti following the disastrous earthquake last month – but actually it is going to criminals.

But as we have warned repeatedly, this sort of scam is all too common. Whether it be the death of a well-known celebrity, like Michael Jackson last year; or rumours of the death or injury of a star like Johnny Depp earlier this year; or indeed the outpouring of support when the poorest in the world suffer disasters like in Haiti; criminals are all to quick to capitalise and scam or con the unwary.

Indeed just this week, in the latest Symantec Spam and Phishing Report, we highlighted that spammers were using the Haiti disaster to scam people within 24hours of the news breaking. They started with ’419 type spam’, asking users to donate money to a charity. When users send their donation, the money disappears into an offshore bank account.

Then we saw spammers taking advantage of this tragedy to deliver malware. They sent out links to apparent video footage regarding the tragedy to lure people in, but when the user clicks on the link to view the video, a Trojan is downloaded instead.

So remember, when a major news story breaks, be aware the spammer and cybercriminals are also watching and looking to exploit the crisis to their own ends. And remember:

  • Avoid clicking on suspicious links in email or instant messages as these may be links to spoofed, or fake, Web sites.
  • Never fill out forms in messages that ask for personal or financial information or passwords. A reputable charitable organization is unlikely to ask for your personal details via email. When in doubt, contact the organization in question via an independent, trusted mechanism, such as a verified telephone number, or a known Inter-net address that you type into a new browser window (do not click or cut and paste from a link in the message).

Dominic Cook

Should we worry about the security of our smartphones?

By Greg Day, EMEA Security CTO for Symantec | February 17, 2010 | 1 Comment 

Greg Day, EMEA Security CTO for Symantec

Comment coming out of Mobile World Congress (MWC) this week, has focused on smartphones becoming more of a target for hackers. Candid Wueest, a senior threat researcher at Symantec, spoke to The FT about this in an interesting article earlier this week.

No single mobile operating system dominates the handset market at the moment, so writing a virus that targets a specific platform has limited effects. This is probably why the number of attacks on smartphones to date is small fry in comparison to those on Windows, for example. However, Symantec saw that smartphones were particularly targeted by malware in 2009, including the Sexy Space botnet aimed at the Symbian mobile operating system.

Undoubtedly, as the popularity of smartphones increase they will become much more of a target. One trend Symantec is monitoring in 2010 is attacks targeting smartphone apps, including those for the iPhone. A potential threat is the growth of rogue smartphone apps, allowing fraudsters to snoop on users. People download these innocent-looking applications, such as games, but they sit on the device and can steal user’s personal data. Mobile-phone number, address book data, and a notes section of the address book, where some people store bank account and other sensitive information are then all open to these cyber criminals.

Businesses, in particular, need to better protect themselves against mobile threats as employees are also increasingly bringing smartphones into work and connecting them to internal systems that also often have access to financial information – either internal or belonging to their customers. Whether you’re a consumer or a business, users should be extremely vigilant when downloading new apps – they might not always be what they seem.

Adult phishing scams go social

By Greg Day, EMEA Security CTO for Symantec | February 15, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

Symantec’s January State of Spam and Phishing report has highlighted that an astounding 92 percent of adult phishing scams are now taking place on social networking sites. The report has also highlighted a new trend in adult oriented phishing which tempts users to enter personal credentials in return for free pornography. Once the site has this data, users are redirected to a pornographic website that then leads to a fake antivirus website containing malicious code.

The report also showed a high volume of Haiti related spam and phishing in January 2010 as spammers used the tragic event for their benefit. Unsurprisingly, Valentines related spam was also high in January, however it failed to match the levels of seasonal spam seen in the run up to Christmas.

Both scam and phishing categories doubled as in percentage of all spam in January 2010 compared to December 2009. With 419-Nigerian spam – whereby scammers request users host large sums of money while they move country with the promise of substantial returns – becoming more prevalent again. This accounted for 21 percent of all spam, which is the highest level recorded since the inception of this report.

Link to new report – State of Spam and Phishing

Vancouver Winter Olympic Games get underway

By admin | February 12, 2010 | Leave a Comment 

admin

olympicsCybercriminals can’t wait for the 2010 Vancouver Winter Olympic Games to get underway tonight. No, spamming, hacking and creating botnets haven’t become an Olympic sport, but these malicious attackers are greatly anticipating the millions of followers who will be going online to watch events, read news and obtain updates on the Games.

Key sporting events such as the Vancouver Olympics and the 2010 Football World Cup provide the perfect scenario to dupe victims around the world with Olympics-related spam emails, phishing attacks and other nasty Web tricks – with the sole purpose being to steal personal information and identities. Symantec anticipates seeing a rise in cybercrime activity during the 2010 Winter Games since, as is common surrounding high-profile events.

During the 2008 Beijing Olympic Games, spammers enticed users with newsworthy subject lines to open email messages prompting them to click on links hosting malware.

A few of those subject lines included:

• Are Chinese gymnasts too young for Olympics?

• Beijing Olympics cancelled

• Beijing postpones Olympics due to McCain-Dalai Lama meeting

To avoid being a victim during the 2010 Games, Symantec urges you to follow these best practices:

Purchasing Official Olympic Tickets – When buying tickets online, even from an auction site, be sure it is a reputable online source. For instance, Vancouver2010.com is offering fan-to-fan tickets on a first come, first-served basis.

If it sounds too good to be true, it probably is – Many cybercriminals use extravagant promises such as “exclusive” Olympic pins and merchandise to lure victims into clicking through to malicious sites and divulging personal information.

Use caution when clicking links from within emails or IM messages – Links can contain viruses or Trojans, or lead users to infected websites. Never click a link in a suspicious email. Instead, make it a habit to type the full website URL, such as www.YouTube.com, into your Web browser.

Never fill out forms in messages – Legitimate 2010 Winter Games organizers/sponsors will never ask for personal, financial or password information through an email message.

Update your computer – Have a hacker –free Olympic experience by ensuring that all personal and work computers are protected with up-to-date antivirus software and the latest operating system and application patches.

Dominic Cook

Next Page »