It’s not just the Ukrainians and the Polish that are seeing a surge in demand as the Euro Championships take place. Here at Symantec, we have noticed some curious spikes in data usage, around the time of key games.
For instance, our data processing centres saw a 20% uplift in week on week user traffic in the hour prior to kick off in the game between England and France on June 11th. During the match this increased further, hitting a 75% uplift compared to the previous week. During that peak our bandwidth monitoring saw the equivalent of approximately 7,500 live media streams passing through our UK data centres per second.
I’ve no doubt that businesses of all types experience similar upturns in data demands during big sporting events such as the Euro’s, which leaves open the obvious question; how are people preparing for a whole host of sporting events that are taking place in 2012? With a summer of sport set to be watched by millions across the globe, many are sure to reference the internet consistently throughout to keep up to date with their favourite events and any key developments. The spikes we have witnessed throughout the Euro’s has provided a nice gentle stress test for our systems, which have coped with the increase comfortably. Other organisations should use this tournament just as we have, as a key indication of the likely impact that business is going to face.
Though often hard to calculate the exact amount of data expected to pass through a company’s system, recent spikes should prove very useful in informing how people should equip and prepare for the likely surge we will see over the coming two months. It would be silly to neglect this information, and be caught out when data peaks during busy periods. Being prepared to respond to these increases will ensure a seamless continuation of business, ruling out any potential losses or disruption that might occur to those that have not heeded the early warning signs.
Last week’s Cost of a Data Breach Study update had one particular statistic that stuck with me and to which I keep being drawn to when discussing it with others. In the UK study, they discovered that where an organisation that suffered a breach had a Chief Information Security Officer (CISO) or someone with the equivalent level of responsibility in place, the cost per record dropped by an average of £18. I think the key word in the previous sentence is “responsibility” for a few reasons.
Firstly, we have the increasing amount of fines and penalties that can be applied to the individuals involved in failing to deliver against expectations. These have gone beyond the original highly regulated industries and out into the broader business context. With the coming updates to EU legislation, it’s likely to get more attention in the boardrooms of Briton, not less.
Secondly, and contrary to popular thinking, stopping data loss and protection of the key information assets an organisation has goes way beyond using scanners to prevent credit card details being emailed out. Primarily, it’s not a technical problem, it’s a people-process-technology challenge.
In the past, I have heard references to people-process-technology being like a three-legged stool of which you can’t remove any without falling off! This can be considered a fair comparison but, for me, the ‘people’ part of this stool is the most critical starting point. People have negotiation skills. People have perspective. People drive change.
When it comes to the role of technology in stopping data loss I view it like an exoskeleton to the people involved. That may sound a little sci-fi but what they need to be able to do is say “this stuff is important, please tell me how it’s being used, where it’s going and who uses it”. Technology enables them to reach into network pipes with gigabits of data pumping through them. Technology enables them to piece together a process involving four employees and an outside contractor. Technology enables them to see the HR director does not like using the VPN from his second home in the Cotswolds.
The reason I view it as an exoskeleton is that the knowledge of what’s important comes from the people involved, as does the appropriate response and the negotiation to get from where they are today, to a more secure future-state.
The relentless growth in information and systems shows we’re not moving towards a state where data loss won’t happen anymore. However, this report shows that if you put someone in charge with responsibility and authority to make change happen when it does occur, the impact to an organisation’s bottom-line is significantly reduced. I’m happy to predict the gap between those that take it seriously and those that stick their head in the sand will only get larger in the coming years.
OK so I’ve worked for Symantec for quite a while now and I know that there are lots and lots of bad guys trying to fleece you and scam you, and I am fully prepared to accept I am as a result even more skeptical about any emails or calls I get. But I had a call last week from my credit card company which made me think.
It seems that my monthly statement was lost somehow and as a result I didn’t made a payment last month – now quite apart from the questionable customer service given this is the first time I’ve ever missed a payment, and it was just one month – I received a call from a call centre asking me to give them my bank account details so I could make the payment over the phone.
So if you got a similar call would you go ahead and give your details? They seemed to know who I was and had my account details and obviously my phone number….. But they seemed genuinely confused when I suggested that they might be scammers and how did I know they were from my credit card company at all? They simply couldn’t handle this line of questioning.
I even spoke to the ‘team leader’ and she just didn’t get it either!
So my advice is always, do not EVER respond to an un-solicited phone call or email asking for your bank details. ALWAYS question who it is who is contacting you and whether they are who they say they are. NEVER send or give your details to anyone until you have confirmed who they are. Be SKEPTICAL and yes a little PARANOID about any online or on the phone transactions because there are really bad people out there in the Underground Economy trying to scam and steal from you!
Oh and yes I did make my payment in the end, but I did it online via my banking site protected by the Norton 360 I run on my home PC. I’ll also be looking for a new credit card company who understand customer service and security!
As the country gears up to the impending General Election the question of what role social media will play in targeting the increasingly web savvy population is growing in importance. Of course this isn’t a war that will be fought and won solely online, but there is no denying that with projects such as WebCameron and the Labour YouTube channel the battle lines are being drawn both on and offline.
The victory of President Obama was credited in part to his presence on and use of social media tools such as Twitter, and although as David Worsfold points out, it will have an impact on the UK campaigns, it is unlikely to play a pivotal role.
Using social media for any campaign throws up a host of potential security issues as we covered in our Security Response blog back in September. Of course, many users will be well versed in social media and know to only click on links from trusted sources but there is likely to be an influx of new users who trial social media on the back of these high profile campaigns.
Cyber criminals are getting increasingly savvy and are able sometimes able to infiltrate official streams in order to trick users into clicking on malicious links. It is vital that both veteran social media users and newbies understand the risks as well as the benefits in order to get the most out of web in what is set to be one of the hardest fought elections in recent times.
… What about if there were advertisers? The NYTimes realised earlier this week that there were some adverts on their site which were not what they appeared to be. In essence, the attack is simple – pose as a real advertiser and then switch to something more malicious… by the time anyone notices, the advertiser has made their mark and visitors to the site have been compromised.
The problem is that people trust well known sites, and the reality is that they shouldn’t – at least not without some thought. We have seen a number of attacks on popular sites, whereby malicious code is inserted transparently to the user, so that when they visit they become infected with malware. We have also seen adverts taken out with popular search engine sites, whereby the advert is malware – but this is a new twist to combine the two.
What to do? Well, herein lies the problem – how do companies know that an advertiser is who they say they are… and what they are advertising is ‘good’ rather than ‘bad’. In today’s Internet age, many things are bought and sold with relative anonymity and so subject to this kind of problem – Verifying identity is tough at the best of times! In this particular case, changes have been made to the way in which adverts are placed into the pages – so the NYTimes is a tough target for this type of behaviour, cyber-criminals will therefore move swiftly on to other well known sites and try the same thing.
When you visit websites, no matter how reputable they may be,be wary of adverts (especially those which popup to tell you, you have a virus), if you run a website with 3rd party advertising – then think about how you will protect your website and your company’s reputation from this type of attack.
There’s a great article in this months E&T magazine from the IET on the need to manage your online presence after you have died. OK, so you won’t be able to do it yourself, so you therefore need to figure out who will.
In essence, the advice is to keep a record of username and password information for your online presence, including things like various accounts which have access to your credit card information, for example accounts with eBay, PayPal & Amazon along with any subscriptions for web hosting and the like. This information is then stored somewhere safe, or a copy left somewhere obvious (just like a Will) and then someone can take the appropriate action when you die. As for ‘safe’… well, if you store it electronically, remember to encrypt it – and store the name of the file (or access to a password database application) with your Will or directly with an Executor.
It’s always tough to think about these sorts of things – just as it is when you make a Will. However, there is no time like the present to plan for the future… now, which sites have my credit card details… hmmmm.
Guy Bunker, CEng IET
The spammers have been out in force once more with the deaths of Michael Jackson and Farrah Fawcett providing the bait for unwary consumers – cyber-criminals just love celebrity gossip as a hook for phishing. Additionally, Twitter accounts have also been hacked with the Britney Spears rumours being one of the high profile ones. I even heard on the radio this morning that one of the presenters was being impersonated on Twitter (he didn’t have an account and so someone had set one up in his name and started sending derogatory Tweets)… it seems that silly season has come early this year.
I have written in the past about opening accounts on popular social networking sites in order to preserve your identity and (to some extent) your reputation. I would still recomend that you do this – if you are concerned.
In the mean time, just be wary of what you are doing on the web – especially when it comes to current news stories. If you do go in search of latest and greatest pictures or videos and it asks you to download a new codec… just say no! If it asks you to make a donation… think twice… are you sure you know who you are donating to?!?!
Well, that’s if you use file sharing and the content is less than legal. A report has estimated that around 7m people are involved in illegal downloads and that over the course of a year, on one particular file sharing service the value of the goods available was around £12BN. Which is a lot of stuff…
Two thoughts come to mind. Firstly, we have seen that a lot of malware is currently distributed via illegal downloads, I’ve written about this before. Secondly, what if it’s your Intellectual Property that’s being made available? This could damage your reputation and results! While this is primarily aimed at electronic IP, eg films, music, games, software applications, the business of counterfeiting and selling counterfeit goods is very strong on the underground economy. There are companies who will watch for your property on underground servers – it might be worth investigating.
This morning my colleague Tom Parsons from our Dublin Security Response team was quoted in a BBC article talking about the huge rise in malware in recent years and the journalist was speculating the battle between the cybercriminals and the security companies was akin to an arms race.
Certainly the numbers of new pieces of malware on the web these days is simply eye-watering. Symantec’s own Internet Security Threat Report recently reported that during 2008 Symantec created 1,656,227 new malicious code signatures. That’s a massive rise even on malware in 2007 which was in itself a big number!
If it is an arms race, for sure the security companies are pushing ahead with new technology to help them keep ahead of the threats and protect their customers. New approached like White Listing – to approve certain software to run on your PC rather than trying to blacklist the bad stuff – heuristics and behavioural techniques are already making their way into today’s security software and we’ll see a lot more of that in the years to come.
If it is a war, it’s a war which the security world is continually working hard to find new techniques and software to win. But it’s also essential that everyone else does their part too. The sad fact is that a lot of threats are spread by people not taking adequate steps to protect themselves. Just because you have insurance on your house, you can’t just leave your front door open and expect a burglar to walk by. Make sure your software is up-to-date; that you receive the regular updates and patches; and don’t click on links and emails from people you don’t know.
Twenty five percent of all phishing URLs were generated using phishing toolkits in April, according to Symantec’s State of Phishing Report. Symantec State of Phishing Report
Symantec also observed that 75 percent of the total attacks were from unique phishing web sites, which included more than 227 known brands being targeted by phishers. The unique attacks increased by 25 per cent from the previous month. However, of the total phishing attacks, there was no increase observed in unique phishing websites from the previous month as a result of the proportionate increase observed in the toolkit activity in the month.
Key highlights from the report include:
• The Phisher King: Phishing toolkits continued to professionalise fraud attacks. Symantec observed 25% of phishing URLs to be generated using phishing toolkits. Although there was a 19% increase in the toolkit attacks over the previous month, the proportion of toolkit attacks remained constant of the total phishing attacks observed in the month.
• Good Hosts Fry Phish: More than 113 web hosting services were used, which accounted for 9% of all phishing attacks. Although web hosting companies continued to improve their phishing mitigation tactics, phishing attacks using web hosting services increased by 5% from the previous month. However when looking at the total number of phishing attacks observed in the month, the proportion of phishing attacks using web hosting services actually decreased compared to the previous month.
• Phishing in International Waters: Among the non-English phishing sites, French language phishing sites were most frequently recorded followed by sites in Italian and Chinese language. A total of 3,650 non-English phishing sites were recorded in the month of April. This is an increase of 5% from the previous month. A rise in the non-English phishing sites in April can be the result of a slight increase in the total volume of phishing sites observed by Symantec, over the previous month.