Criminals rack up more than 100 potential attacks a second on the world’s computers, reveals Symantec report

By Greg Day, EMEA Security CTO for Symantec | April 20, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

ISTR4 (3)Symantec today released its new Internet Security Threat (ISTR) report, highlighting key trends in cybercrime – and what a year 2009 has been. The web saw two very prominent Cyber attacks – Conficker in the opening months of the year and Hydraq at the very end – and Symantec’s ISTR reveals continued growth in both the volume and sophistication of cybercrime threats.

In fact, Symantec blocked an average of 100 potential attacks per second in 2009.

The full report can be viewed online here, but we’ve outlined the key findings below in an easy to digest form. Over the course of the week we will be investigating in more detail some of the top findings, so for more in depth analysis, join us again tomorrow.

Key ISTR findings:

  • An increase in the number of targeted threats focused on enterprises. Given the potential for monetary gain from compromised corporate intellectual property, cybercriminals have turned their attention toward enterprises. The report found that attackers are leveraging the abundance of personal information openly available on social networking sites to create socially engineered attacks on key individuals within targeted companies.  Hydraq gained a great deal of notoriety at the beginning of 2010, but was only the latest in a long line of such targeted attacks including Shadow Network in 2009 and Ghostnet in 2008.
  • Attack toolkits make cybercrime easier than ever. Cybercrime attack toolkits have lowered the bar to entry for new cybercriminals, making it easy for unskilled attackers to compromise computers and steal information. One such toolkit called Zeus (Zbot), which can be purchased for as little as $700, automates the process of creating customized malware capable of stealing personal information. Using kits like Zeus, attackers created literally millions of new malicious code variants in an effort to evade detection by security software.
  • Web-based attacks continued to grow unabated. Today’s attackers are using social engineering techniques to lure unsuspecting users to malicious websites.  These websites then attack the victim’s Web browser and vulnerable plug-ins normally used to view video or document files.  In particular, 2009 saw dramatic growth in the number of Web-based attacks targeted at PDF viewers; this accounted for 49 percent of observed Web-based attacks. This is a sizeable increase from the 11 percent reported in 2008.

  • Malicious activity takes root in emerging countries. The report saw firm signs that malicious activity is now taking root in countries with an emerging broadband infrastructure, such as Brazil, India, Poland, Vietnam and Russia. In 2009, these countries moved up the rankings as a source and target of malicious activity by cybercriminals. The findings from the report suggest that government crackdowns in developed countries have led cybercriminals to launch their attacks from the developing world, where they are less likely to be prosecuted.

Dominic Cook

Credit card dumping on the rise

By Greg Day, EMEA Security CTO for Symantec | April 8, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

Card Security

At Symantec we’ve noted a worrying increase in so-called “credit card dumps” on offer in the criminal underworld over the past year. Dumps, which are copies of the information stored on the magnetic stripe of the original card, are usually obtained via electronic “skimming devices” fitted to the credit card machine or bank teller.

The devices often take the form of an additional card reader that is placed over the original and records any data that passes through it.

Skimming devices can be combined with a doctored keypad that is placed over the real one or a small video camera that records the PIN code entered for each card. Newer versions even contain a GSM module that will send the encrypted dumps back to the attacker. Video footage from surveillance cameras has shown that scammers can install the fake keypad and card reader in under five seconds.

Once the criminals have the information, they have the card number and can clone the credit card. The clones can be almost indistinguishable from authentic cards, often including holograms and embossed gold numbers. If the criminals have recorded the PIN codes, the cards can be used at any ATM to withdraw cash.

Spotting a skimming device is not easy as the devices are highly sophisticated and usually match the look and feel of the credit card or teller machine.

People should look out for any attached keypads or strange looking card slots. Often they are fixed point mounted and create a small overlap that just looks a bit odd and wiggles a bit.

This type of thievery is not confined to the developed economies and travellers should be particularly wary when abroad. For example, thousands of football fans will be travelling to South Africa in a couple of months for the 2010 World Cup. While the country is a developing economy, it has a highly sophisticated and modern banking infrastructure and credit card fraudsters to match it.

Credit card skimming can happen virtually anywhere so while enjoying what South Africa has to offer over and above the World Cup, it is important for travellers to pay special attention to what happens to with bank or credit cards, wherever they are used.

For more information on Internet scams relating to the 2010 Soccer World Cup, visit www.2010netthreat.com.

Candid Wüest, senior threat researcher at Symantec

Symantec urges business to bolster defences in order to avoid new £500k fines for breaches of Data Protection Act

By admin | April 6, 2010 | Leave a Comment 

admin

As new legislation comes into force today which empowers the Information Commissioner’s Office (ICO) to levy fines on businesses of up to £500,000 for serious breaches of the Data Protection Act (DPA), Symantec has cautioned that fines are avoidable – provided adequate security best practice is adhered to.

The ICO is aiming to give the data protection act ‘teeth’ and is clearly concerned about several high profile cases where unencrypted, confidential data residing on laptops and USB sticks has been lost and stolen. The impact of the vast majority of these cases could have been easily mitigated or avoided altogether by following security best practice such as protecting data and having clear guidelines in place for how data is used.

For a data breach to attract a monetary penalty, the ICO must be satisfied that a serious breach is likely to cause “damage or distress” and that it was either “deliberate” or “negligent” and that the organisation “failed to take reasonable steps to prevent it”.

Symantec advises:

Develop and enforce a robust security policy which includes:
-Tight governance regarding use of customer data – it should not physically leave the premises unless absolutely necessary
- Use advanced encryption appropriately for data that does have to leave the premises
- Restrict access to customer data only to those staff for whom it is critical
- Ensure that confidential data cannot be copied on to portable media such as USB sticks or CD’s
- Monitor information leaving via email and websites for appropriateness

Protect and manage all PCs, laptops and servers
-Maintain active, up-to-date antivirus, spyware and firewall protection

Create strong passwords for all systems and hardware
- Use at least eight characters with a combination of numbers, letters and punctuation marks and don’t use the same password which is active on other accounts

Don’t forget non-electronic security
- Shred any documents that contain identifying information before disposing of them
- Don’t leave financial documents and sensitive information in an unsecure environment
- Regular education of employees can help improve awareness of appropriate behaviour

Mike Jones, Principal Product Marketing Manager at Symantec

Mobile hacking highlights need for mobile security

By admin | March 25, 2010 | 1 Comment 

admin

Following reports on a The Register and ZDNet regarding the ease of hacking smartphones, the growing issue of mobile security looks set to come under the spotlight.

Although the loss or theft of the physical device is seen as the biggest problem around mobile security, there is also the problem resulting from the increasing volume of ‘stealable’ business data which is held on them, made worse by the current poor encryption.
                                                   
Mobile platforms have so far been down the ‘pecking order’ of cyber criminals compared to desktops computers with just 400 different viruses in existence compared with 4 million in Windows. Although currently a drop in the ocean, the increased standardisation of mobile platforms will make it more profitable and easier for malware writers to infiltrate mobile devices.

If phones are infected, then there are a number of security risks that the user and their organisation is left open to. Industrial espionage becomes a very real risk, with data being hacked, the device being cloned without users knowledge and malicious emails distributed to contacts within the address book. The phone may also be used to send SMS messages to premium rate numbers and rack up huge bills in the process

To avoid these security breaches, Symantec recommends that organisations ensure all data is encrypted, secure password settings are in place, remote wiping of data is enabled should the handset be lost and that a sound user policy is in place.

Candid Wueest

 
Photo by Flickr user csaila, licensed under CC BY 2.0.

Importance of end-to-end encryption in the retail space

By dominic_cook | March 9, 2010 | Leave a Comment 

dominic_cook

CardFraudOur attention was caught recently by an interesting article on Retail Week by Verifone, which examined the importance of credit and debit card protection in the retail industry. As Verifone quite rightly points out, the theft of credit and debit card details is a highly lucrative activity and its popularity is growing rapidly worldwide. Indeed, our recent State of Enterprise Security Report revealed that 75% of enterprises have experienced a cyber attack in the past 12 months and that the average associated cost over the year for such attacks was as high as $2million – some pretty striking statistics.

Furthermore, the nature of credit and debit card theft is becoming increasingly sophisticated such that retailers will often process a payment transaction and not even be aware that a data breach has occurred – something that could have a serious impact not only on a retailer’s revenues, but also on their brand reputation. With such serious consequences at risk, Verifone states that it is time for companies to go beyond Payment Card Industry Data Security Standard (PCI DSS) guidelines, and secure entry points across the entire transaction chain.

The article has some good advice to offer retailers and with cybercrime continuing to grow at such a rapid rate, it’s advice that retailers can simply not afford to ignore.

Dominic Cook

UK ID fraud cases jump a third as malicious insiders turn to cybercrime

By admin | March 8, 2010 | Leave a Comment 

admin

CIFASID fraud in the UK has increased by nearly a third (31.79 per cent) in 2009, according to a new report from CIFAS, the UK’s Fraud Prevention Service, as compromised identity details continue to be sold over the internet. The report points to an increase in gangs using collusive staff within organisations to steal personal data online for criminal gain. The CIFAS findings are gathered from its 265+ members across industries including banking, retail and telecoms.

Businesses need to be better protected against the dangers of the enemy within, particularly in industries such as finance and banking, where the value of the personal data held in online databases can be incredibly high. Our recent State of Enterprise Security report found that 40 per cent of businesses experienced a high number of internal, malicious attacks in 2009. In addition, a great deal of damage was also done unintentionally by staff, with 39 per cent of IT managers surveyed saying it’s a ‘high’ or ‘extremely high’ problem.

IT security was, for many years, focused on protecting against external threats and attacks. While those threats still remain, a more insidious threat – the malicious insider – has been steadily rising. The fact that cybercriminals are so well networked within UK businesses in order to bring about this kind of ID fraud, points to their increased professionalism and savvyness.

Symantec recommends that companies assess their policies and processes around employee access to sensitive data ensuring that they are appropriate for the employee’s position and are enforced and regularly reviewed. It advises that data loss prevention (DLP) solutions that offer protection at the endpoint, network and storage levels can also help.

Andy Ng, Data Loss Prevention Consulting Manager for EMEA

Survey Said… Ex-Employees Steal Data

By Guy Bunker | February 23, 2009 | 1 Comment 

Guy Bunker

We conducted a survey in the US on how many people take data with them when they leave the company… and the answer is 79%. While it is tough to take someone’s memory it’s not so hard to ensure that they are not walking out the door with obvious copies. 82% said that they were not checked when leaving… and a frightening 24% still had access to computer systems even after they had left – with 20% still having access more than a week later.

The other statistic that intrigued me was that of those people who took information, 67% said they used it to get a new job and 68% said they were going to use it in their new position.

It always used to be that executives left with their laptops and companies were not overly worried about some of their proprietary information walking out the door with ex-employees. However, in the current climate, it would no doubt pay dividends to initiate a more formal process to ensure that when an employee leaves, it doesn’t increase the risk of a data leak.

(And on the other side of the coin… it also might pay dividends to the new employer to ensure that inapproprite competitor information information isn’t arriving on their network with a new starter… as the fines for that have been rather large in the past!)

Not Me Guv

By Guy Bunker | August 5, 2008 | Leave a Comment 

Guy Bunker

So, if you lost your laptop and it resulted in a data loss incident – who would you blame? In a recent surveyonly 17% of office staff and 21% of IT staff thought it would be their fault… the rest thought it was the CEO’s fault or the company’s. Bizarre but true.

Reality is that it is up to everyone to protect the data and the company should provide appropriate technology to help. If you have a company laptop and it contains sensitive information ask about full disk encryption, the same is true for mobile phones (well, the ones which get email, etc, etc). These are relatively simple to install and administer. If you send data out on a CD, then ask if it is encrypted – and if not, ask about encryption solutions to be added into the process. Again, this is not hard to do – and it does reduce the risk.

Finally, if you are really worried about data leaking through email and the like, then ask about content based data loss prevention – it’s not as simple as putting in encryption, but it does create a much better solution.

So… if you lose data – it is your fault. Especially if you haven’t been and asked for help in preventing it from happening in the first place.

When Helpful Doesn’t Help

By Guy Bunker | August 1, 2008 | Leave a Comment 

Guy Bunker

There is a new hack in town well it will be in Las Vegas next week and it’s simple – create a file that looks like one thing to one application and something else to another. Types of file have always been helpful to the OS, it means that you can ‘click’ on a file and it knows what application to use to open it. In this case, this ‘feature’ is what is being used as the exploit. 

Here they have created a file which looks like an innocuous GIF to a web server but is actually a Java applet. The ‘image’ is downloaded but then run by the browser as it thinks it is an applet – result… your machine has just been compromised.

Because it looks like an image, it can be readily uploaded to any and all sites which allow such things (by checking that the upload is a picture), mainly social networking sites – once there, it can then be downloaded by others (who think it is an image) and therefore the infection spreads…

You need to pay a little more attention to what you are downloading – perhaps those latest pictures of Britney are less attractive now?

The Power Of The Internet – small

By Guy Bunker | July 29, 2008 | Leave a Comment 

Guy Bunker

While I’m talking about the power of the Internet, it is also worth mentioning that while you can attack a whole country it is also very easy to pick up some tools on the web to test your own company’s security. One of my favourites to show how easy it is to get employees to inadvertently give away information is the USB Switchblade / HackSaw. So, here’s the plot: buy a few USB memory sticks, load up Switchblade (it does need a little configuration) and then leave them around the organization. For example, in the cafeteria, or perhaps on the reception desk. When you have done this, just sit back and wait for the results. In this case the results will come when someone picks up a USB key and plugs it into their system – the software then collects and reports back password hashes, LSA secrets and IP information. The whole process takes about 20 seconds… we can’t ignore the fact that these tools exist – because they do… and you can’t keep a secret for long, at least not when the internet is involved.

What now? Well, time to educate folks that picking up USB sticks (and CD ROMs) from un-trusted sources can be ‘dangerous’… and while you should update the relevant policies you can’t rely on them to stop people from doing silly things so this might be the time to put a solution in place to prevent unauthorized USB devices from stealing your data.

Next Page »