Criminals rack up more than 100 potential attacks a second on the world’s computers, reveals Symantec report

By Greg Day, EMEA Security CTO for Symantec | April 20, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

ISTR4 (3)Symantec today released its new Internet Security Threat (ISTR) report, highlighting key trends in cybercrime – and what a year 2009 has been. The web saw two very prominent Cyber attacks – Conficker in the opening months of the year and Hydraq at the very end – and Symantec’s ISTR reveals continued growth in both the volume and sophistication of cybercrime threats.

In fact, Symantec blocked an average of 100 potential attacks per second in 2009.

The full report can be viewed online here, but we’ve outlined the key findings below in an easy to digest form. Over the course of the week we will be investigating in more detail some of the top findings, so for more in depth analysis, join us again tomorrow.

Key ISTR findings:

  • An increase in the number of targeted threats focused on enterprises. Given the potential for monetary gain from compromised corporate intellectual property, cybercriminals have turned their attention toward enterprises. The report found that attackers are leveraging the abundance of personal information openly available on social networking sites to create socially engineered attacks on key individuals within targeted companies.  Hydraq gained a great deal of notoriety at the beginning of 2010, but was only the latest in a long line of such targeted attacks including Shadow Network in 2009 and Ghostnet in 2008.
  • Attack toolkits make cybercrime easier than ever. Cybercrime attack toolkits have lowered the bar to entry for new cybercriminals, making it easy for unskilled attackers to compromise computers and steal information. One such toolkit called Zeus (Zbot), which can be purchased for as little as $700, automates the process of creating customized malware capable of stealing personal information. Using kits like Zeus, attackers created literally millions of new malicious code variants in an effort to evade detection by security software.
  • Web-based attacks continued to grow unabated. Today’s attackers are using social engineering techniques to lure unsuspecting users to malicious websites.  These websites then attack the victim’s Web browser and vulnerable plug-ins normally used to view video or document files.  In particular, 2009 saw dramatic growth in the number of Web-based attacks targeted at PDF viewers; this accounted for 49 percent of observed Web-based attacks. This is a sizeable increase from the 11 percent reported in 2008.

  • Malicious activity takes root in emerging countries. The report saw firm signs that malicious activity is now taking root in countries with an emerging broadband infrastructure, such as Brazil, India, Poland, Vietnam and Russia. In 2009, these countries moved up the rankings as a source and target of malicious activity by cybercriminals. The findings from the report suggest that government crackdowns in developed countries have led cybercriminals to launch their attacks from the developing world, where they are less likely to be prosecuted.

Dominic Cook

Credit card dumping on the rise

By Greg Day, EMEA Security CTO for Symantec | April 8, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

Card Security

At Symantec we’ve noted a worrying increase in so-called “credit card dumps” on offer in the criminal underworld over the past year. Dumps, which are copies of the information stored on the magnetic stripe of the original card, are usually obtained via electronic “skimming devices” fitted to the credit card machine or bank teller.

The devices often take the form of an additional card reader that is placed over the original and records any data that passes through it.

Skimming devices can be combined with a doctored keypad that is placed over the real one or a small video camera that records the PIN code entered for each card. Newer versions even contain a GSM module that will send the encrypted dumps back to the attacker. Video footage from surveillance cameras has shown that scammers can install the fake keypad and card reader in under five seconds.

Once the criminals have the information, they have the card number and can clone the credit card. The clones can be almost indistinguishable from authentic cards, often including holograms and embossed gold numbers. If the criminals have recorded the PIN codes, the cards can be used at any ATM to withdraw cash.

Spotting a skimming device is not easy as the devices are highly sophisticated and usually match the look and feel of the credit card or teller machine.

People should look out for any attached keypads or strange looking card slots. Often they are fixed point mounted and create a small overlap that just looks a bit odd and wiggles a bit.

This type of thievery is not confined to the developed economies and travellers should be particularly wary when abroad. For example, thousands of football fans will be travelling to South Africa in a couple of months for the 2010 World Cup. While the country is a developing economy, it has a highly sophisticated and modern banking infrastructure and credit card fraudsters to match it.

Credit card skimming can happen virtually anywhere so while enjoying what South Africa has to offer over and above the World Cup, it is important for travellers to pay special attention to what happens to with bank or credit cards, wherever they are used.

For more information on Internet scams relating to the 2010 Soccer World Cup, visit www.2010netthreat.com.

Candid Wüest, senior threat researcher at Symantec

Importance of end-to-end encryption in the retail space

By dominic_cook | March 9, 2010 | Leave a Comment 

dominic_cook

CardFraudOur attention was caught recently by an interesting article on Retail Week by Verifone, which examined the importance of credit and debit card protection in the retail industry. As Verifone quite rightly points out, the theft of credit and debit card details is a highly lucrative activity and its popularity is growing rapidly worldwide. Indeed, our recent State of Enterprise Security Report revealed that 75% of enterprises have experienced a cyber attack in the past 12 months and that the average associated cost over the year for such attacks was as high as $2million – some pretty striking statistics.

Furthermore, the nature of credit and debit card theft is becoming increasingly sophisticated such that retailers will often process a payment transaction and not even be aware that a data breach has occurred – something that could have a serious impact not only on a retailer’s revenues, but also on their brand reputation. With such serious consequences at risk, Verifone states that it is time for companies to go beyond Payment Card Industry Data Security Standard (PCI DSS) guidelines, and secure entry points across the entire transaction chain.

The article has some good advice to offer retailers and with cybercrime continuing to grow at such a rapid rate, it’s advice that retailers can simply not afford to ignore.

Dominic Cook

UK ID fraud cases jump a third as malicious insiders turn to cybercrime

By admin | March 8, 2010 | Leave a Comment 

admin

CIFASID fraud in the UK has increased by nearly a third (31.79 per cent) in 2009, according to a new report from CIFAS, the UK’s Fraud Prevention Service, as compromised identity details continue to be sold over the internet. The report points to an increase in gangs using collusive staff within organisations to steal personal data online for criminal gain. The CIFAS findings are gathered from its 265+ members across industries including banking, retail and telecoms.

Businesses need to be better protected against the dangers of the enemy within, particularly in industries such as finance and banking, where the value of the personal data held in online databases can be incredibly high. Our recent State of Enterprise Security report found that 40 per cent of businesses experienced a high number of internal, malicious attacks in 2009. In addition, a great deal of damage was also done unintentionally by staff, with 39 per cent of IT managers surveyed saying it’s a ‘high’ or ‘extremely high’ problem.

IT security was, for many years, focused on protecting against external threats and attacks. While those threats still remain, a more insidious threat – the malicious insider – has been steadily rising. The fact that cybercriminals are so well networked within UK businesses in order to bring about this kind of ID fraud, points to their increased professionalism and savvyness.

Symantec recommends that companies assess their policies and processes around employee access to sensitive data ensuring that they are appropriate for the employee’s position and are enforced and regularly reviewed. It advises that data loss prevention (DLP) solutions that offer protection at the endpoint, network and storage levels can also help.

Andy Ng, Data Loss Prevention Consulting Manager for EMEA

I’m An Employee… Use My Discount

By Guy Bunker | March 26, 2009 | Leave a Comment 

Guy Bunker

Police in Florida are looking for ‘Plasma Pat‘ who hangs around outside supermarkets befriending people and offering to buy things for them using his staff discount card. Of course, when they had over the money he makes a swift exit and the customer is left there waiting… and waiting… and waiting.

OK, so this isn’t traditional cyber-fraud, but what would happen if Plasma Pat was borrowing credit cards and PINs in order to ‘buy’ the discounted goods?

Moral of the story… if it sounds too good to be true, it probably is. Don’t hand over your money, let alone a credit card to a stranger who can get you a bargain.

Presidents, Senators, You And Me

By Guy Bunker | October 20, 2008 | Leave a Comment 

Guy Bunker

Another famous name has had their bank details stolen and money taken from their account. This time it’s the French President, Mr. Sarkozy. Of course it is not unusual for people to have their details stolen, we have seen other high profile cases in recent months, a US senator had their email account hacked and the Chief Executive of a bank also lost money. Of course if you happen to be you or me then it is unlikely to make the front pages of the news or spark quite the same level of campaign to find the perpetrators.

The interesting point in this latest case is that the thieves just skimmed off a little bit of money at a time, rather than empty the account. The thinking is that you won’t notice – so over time they would make off with more money. What can you do? Simple stuff really:

  • Don’t tell anyone (and I mean anyone) your logon or password details.
  • Regularly change your password.
  • Don’t make your password guessable. (This sounds obvious, but people evidently make them too easy to guess!)
  • Regularly check your statements and query any unknown transactions.

National Identity Fraud Prevention Week

By Guy Bunker | October 6, 2008 | 2 Comments 

Guy Bunker

This week is National Identity Fraud Prevention Week so with luck you will see items in the press about what you can do. The short answer is simple – guard sensitive and confidential information as if it were your own.

Remember, all information is of value to someone, so look after it and when you have finished with it, dispose of it properly. Shred old documentation, erase old disk drives, encrypt sensitive information that is leaving company premises (whether it is on a laptop, CD ROM or backup tape.)

Perhaps the best thing you can do is to get the CEO or Managing director to send an email out to everyone - reminding them about the risks and consequences of losing data. We shouldn’t need a week to remind us of the problems that data loss can create – this is something we need to think about everyday.

Whaling And Wailing

By Guy Bunker | August 21, 2008 | 1 Comment 

Guy Bunker

The Chief Executive of HBOS has been a victim of fraud after a thief stole his identification details – probably from a bank statement. What does this show? Well, anyone can be targeted and everyone needs to be careful. Whaling is the practice of targeting the people at the top of an organization, OK so its usually done by phishing rather than theft – of course the rewards are still the same for the cyber-criminal, money, with the benefit that (hopefully) the man at the top has more than those further down.

What to do? It all comes down to one thing, protect those paper based items from the bin rustlers (or dumpster divers) by shredding them. It doesn’t take much to buy a cross-cut shredder and then it is just a case of getting into the habit of shredding anything and everything with names, addresses and important numbers (bank account details, credit card details, etc) as well as any of those very annoying ‘you have been pre-approved’ applications for credit cards. Put the shredder somewhere where you open the post or where you store old statements so you do it immediately.

It may sound daft, but you need an Information Protection policy for home (as well as at work), protecting both electronic and paper based information. It doesn’t have to long and complex – just a set of simple rules for you and your family. Go out and buy a cross-cut shredder today – you can even get one that will mash up old credit cards and CD ROMs!

You Are What The Internet Says You Are

By Guy Bunker | March 28, 2008 | Leave a Comment 

Guy Bunker

So if it says that you are going away and all your belongings are up for grabs… then people are going to turn up at your house and take all your stuff, including a horse – without you even knowing. All sounds a little unbelievable? Well it happened this week in the US when a hoax advert was put onto Craigslist and people responded while the owner was out of work…

So what does this mean? Gullible people? People believe everything they read on the internet? We are at the start of a new era of fraud? All of the above? The internet can be seen as an interesting social experiment, with social networking and the influence it has right at the forefront. As we move into the next era of web based technologies and businesses it will become increasingly important to prove that you are who you say you are – and not what someone else says. It will all come down to reputation – protecting and maintaining your own reputation and the reputation of your company… before someone runs off with more than just your belongings.