Safari – be careful in the Internet wild

By abigail_lovell | April 21, 2010 | Leave a Comment 

abigail_lovell

ISTR3

The launch of the Internet Security Threat Report has been keeping Symantec’s security experts busy. Articles about the report are everywhere from the BBC to the Independent, Computing to V3, even Vatican Radio in Rome!

There’s clearly lots of interesting information in the report. Some stats that I found particularly interesting is that vulnerabilities of browser-based applications are the fastest-rising information security flaws. During 2009, Mozilla Firefox was the most targeted browser platform, whereas Google Chrome and Apple’s Safari took the longest to gain protection after a flaw was identified.

From the report, we see that the average window of exposure for Internet Explorer in 2009 was less than one day, based on a sample set of 28 patched vulnerabilities. For Safari, the average window of exposure was 13 days, but the maximum time it took for Apple to patch a vulnerability in 2009 was 145 days.

Browser vulnerabilities are a serious security concern due to their role in online fraud and in the propagation of malicious code, spyware, and adware. They are particularly prone because they are exposed to a greater amount of potentially untrusted or hostile content than most other applications. There is an increased reliance on browsers and their plug-ins as the internet becomes integral to business and leisure activities, so it is important that when a vulnerability is identified, they are patched right away.

Abigail Lovell

Criminals rack up more than 100 potential attacks a second on the world’s computers, reveals Symantec report

By Greg Day, EMEA Security CTO for Symantec | April 20, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

ISTR4 (3)Symantec today released its new Internet Security Threat (ISTR) report, highlighting key trends in cybercrime – and what a year 2009 has been. The web saw two very prominent Cyber attacks – Conficker in the opening months of the year and Hydraq at the very end – and Symantec’s ISTR reveals continued growth in both the volume and sophistication of cybercrime threats.

In fact, Symantec blocked an average of 100 potential attacks per second in 2009.

The full report can be viewed online here, but we’ve outlined the key findings below in an easy to digest form. Over the course of the week we will be investigating in more detail some of the top findings, so for more in depth analysis, join us again tomorrow.

Key ISTR findings:

  • An increase in the number of targeted threats focused on enterprises. Given the potential for monetary gain from compromised corporate intellectual property, cybercriminals have turned their attention toward enterprises. The report found that attackers are leveraging the abundance of personal information openly available on social networking sites to create socially engineered attacks on key individuals within targeted companies.  Hydraq gained a great deal of notoriety at the beginning of 2010, but was only the latest in a long line of such targeted attacks including Shadow Network in 2009 and Ghostnet in 2008.
  • Attack toolkits make cybercrime easier than ever. Cybercrime attack toolkits have lowered the bar to entry for new cybercriminals, making it easy for unskilled attackers to compromise computers and steal information. One such toolkit called Zeus (Zbot), which can be purchased for as little as $700, automates the process of creating customized malware capable of stealing personal information. Using kits like Zeus, attackers created literally millions of new malicious code variants in an effort to evade detection by security software.
  • Web-based attacks continued to grow unabated. Today’s attackers are using social engineering techniques to lure unsuspecting users to malicious websites.  These websites then attack the victim’s Web browser and vulnerable plug-ins normally used to view video or document files.  In particular, 2009 saw dramatic growth in the number of Web-based attacks targeted at PDF viewers; this accounted for 49 percent of observed Web-based attacks. This is a sizeable increase from the 11 percent reported in 2008.

  • Malicious activity takes root in emerging countries. The report saw firm signs that malicious activity is now taking root in countries with an emerging broadband infrastructure, such as Brazil, India, Poland, Vietnam and Russia. In 2009, these countries moved up the rankings as a source and target of malicious activity by cybercriminals. The findings from the report suggest that government crackdowns in developed countries have led cybercriminals to launch their attacks from the developing world, where they are less likely to be prosecuted.

Dominic Cook

Malware – The News Arms Race?

By admin | May 20, 2009 | Leave a Comment 

admin

This morning my colleague Tom Parsons from our Dublin Security Response team was quoted in a BBC article talking about the huge rise in malware in recent years and the journalist was speculating the battle between the cybercriminals and the security companies was akin to an arms race.

Certainly the numbers of new pieces of malware on the web these days is simply eye-watering. Symantec’s own Internet Security Threat Report recently reported that during 2008 Symantec created 1,656,227 new malicious code signatures. That’s a massive rise even on malware in 2007 which was in itself a big number!

If it is an arms race, for sure the security companies are pushing ahead with new technology to help them keep ahead of the threats and protect their customers. New approached like White Listing – to approve certain software to run on your PC rather than trying to blacklist the bad stuff – heuristics and behavioural techniques are already making their way into today’s security software and we’ll see a lot more of that in the years to come.

If it is a war, it’s a war which the security world is continually working hard to find new techniques and software to win. But it’s also essential that everyone else does their part too. The sad fact is that a lot of threats are spread by people not taking adequate steps to protect themselves. Just because you have insurance on your house, you can’t just leave your front door open and expect a burglar to walk by. Make sure your software is up-to-date; that you receive the regular updates and patches; and don’t click on links and emails from people you don’t know.

1,900,000 Bots In A Network…

By Guy Bunker | April 24, 2009 | Leave a Comment 

Guy Bunker

Some research has highlighted an enormous bot network of nearly 2 million machines. Couple that with the finding that one bot can create 600,000 spam messages a day and that gives you the potential for an enormous amount of junk to be zipping around the Internet. This number greater than we saw in the latest Internet Security Threat Report (published earlier this month), where we saw a peak of just over 100,000 machines available on a single day, but with more than 4 million unique systems being compromised in 2008. However, it is possible and if those machines infected with the Conficker / Downadup were ever to be turned into a bot network then that would become even bigger than this!

One of the things the research does highlight is that anti-malware definitions are kept up to date otherwise systems can become infected all too easily. How often should this happen… well as often as the application allows. Switching it to only update once a week will put you at risk. Symantec issued 1.6 million new malware signatures last year… on average that’s more than 30,000 a week… so if you are not up-to-date then you are asking for trouble.

600,000 A Day…

By Guy Bunker | April 24, 2009 | 1 Comment 

Guy Bunker

In the latest Internet Security Threat Report published earlier this month, we saw that bots increased 31% in 2008 (and it was 47% increase in EMEA). There is now a new report that shows a top end system can crank out 600,000 spam emails a day when it has been turned into a bot!

How much does it cost to rent a bot… well, we have seen the price on the underground economy drop to a measly $0.04 per bot per day… and there were nearly 5 million unique bots available in 2008, with an average of more than 70,000 available per day! Bots are now responsible for around 90% of spam…

What does a cyber-criminal want… well two things, firstly information that they can use or sell to make money and secondly a fast machine with a good internet connection. They need the latter to rent out to to run spam, phishing and denial of service attacks and scams. So keep your PC under lock and key (from a security perspective) otherwise you could be contributing to the problem spam as well as helping to line the cyber-criminals’ pockets.

60% Of Malware Created In 2008

By Guy Bunker | April 17, 2009 | Leave a Comment 

Guy Bunker

Symantec’s latest Internet Security Threat Report came out this week and it showed that Symantec issued 1,656,227 new malicious code signatures in 2008. This is more than all the previous years put together!
istr2009-1
This represents a tipping point, where it is now easier to look at the good stuff rather than the bad. By following the trend and anticipating the changes, Symantec’s anti-malware products are now a mixture of technologies, blacklisting (the old way – spotting the bad stuff), whitelisting (lists of the good stuff), reputation based (so that new ‘good stuff’ doesn’t get ignored) and behavioural (if there’s something, previously unknown, that is behaving badly it can be stopped.)

One of the other interesting statistics was on the rise of bots. Globally bots are up 31%, with EMEA up 47%. Bots are responsible for around 90% of the spam… so if your computer is infected then you are part of the problem!

Cyber-criminals are still after your confidential information with credit card and bank account details topping the list. Prices on the underground economy have fallen this year indicating that there is more information around and more people trying to sell it. Look after your information – and keep your system up to date – with OS and application patches along with the latest virus definitions. All this can happen automatically… as long as you don’t turn the functionality off.

Credit Card Information… Going Cheap

By Guy Bunker | April 14, 2009 | Leave a Comment 

Guy Bunker

Symantec’s latest Internet Security Threat Report has updated its figures on the cost of information on the underground economy. Topping the list again this year is credit card information – but the prices is 40% less than last year! How much for your credit card details… a measly $0.06. Or about 4p. Staggering isn’t it. The quantity of information has also gone up, indicating that more people are falling for scams and exposing their credit card numbers and in a typical supply and demand economy there are also more people selling the information. Phishing sites were up 66% on 2007 and the most popular topic… finance.

Email passwords were also on the list and moved up to #3 behind credit card and bank details. Why? Well, there is a lot of information stored in email, including things like credit card details and bank information. Usernames and passwords in general are useful to the cyber-criminal, if its for someone at home, they might have access to one or two pieces of useful information – but if it is a work account, then they might be able to obtain access to complete customer details, or new product details or sensitive financial information.

In tough economic times one of the goals for companies and individuals alike is to save money… and one of the best places to do that is on the Internet. There are a lot of genuine Internet bargains out there but unfortunately there are a lot of scams as well. Just be a little extra vigilant and watch a little closer for them – after all a bargain that appears too good to be true probably is… and you could end up being the victim of fraud.

istr2009-3

Beware The Browser…

By Guy Bunker | April 14, 2009 | Leave a Comment 

Guy Bunker

Symantec’s latest Internet Security Threat Report came out today and one of the trends highlighted is the Internet browser. It’s not just the browser that has vulnerabilities it is also the plug-ins. The average time to fix a problem in the browser is around a week, but some of the maximum times are around six months! However, at least there are fixes and providing you have auto-updates switched on, or have the ‘check for new version’ you should get these pretty quickly after they come out.

However, there were 424 vulnerabilities in browser plug-ins and these are seldomly updated automatically. The most popular vulnerability is memory corruption which enables the cyber-criminal to run any piece of code and basically take over the machine or do whatever they like. Most of the threats are to your confidential information. Social engineering attacks are also in the running, which ultimately result in the user inadvertently installing malware on their machine.

Many of the pieces of malware are now multi-functional, with many allowing remote access, exporting user data and logging keystrokes at the same time. What does this mean, well if you happen to be doing a bit of on-line banking (or shopping) then the cyber-criminal could end up with your bank or credit card details… and they you could become a victim of fraud or worse still identity theft.

New pieces of malware have been created which can be used to become whatever is needed – by downloading content or the payload from cyber-criminal web sites. So, they can be spambots one day and run denial of service the next. Conficker / Downadup is probably the most infamous of this type of malware, although it is unclear as to what the payload is going to be. Having your machine host a spam service unknowingly or perhaps participate in a denial-of-service attack is not good.

So if you are an organization then you need to look at your security and patching policy. Ensure that the latest security definitions are delivered to your users in a timely manner – this will keep you protected while you work on patching the OS and applications. You should also look at a policy for patching or regularly updating browser plug-ins as well.

If you are an individual, then you should also keep your security definitions up to date and also ensure that the OS and application updates are installed. So, if a reminder appears on the screen that an update is available – then install it now, don’t put it off. You may regret it later.istr2009-2

1Server, 3 Weeks, 1.4GB Personal Information

By Guy Bunker | May 9, 2008 | Leave a Comment 

Guy Bunker

A server was found this week chock full of personal information – 1.4GB of personal information. The information had been stolen from around the world and included health records and email – and within the email there was even more information relating to contacts, account details, pension savings plans (401k) and so on… 1.4GB can house a lot of useful information.

This server was quite a find… but it is not alone, we see compromised servers which receive stolen information everyday and there are a lot of them. OK, so most don’t have 1.4GB but they do contain tens of thousands of pieces of information. The latest Internet Security Threat Report (ISTR Vol. XIII, April 2008) reported more than 60,000 bot infected computers per day (a 17% increase over the previous 6 months). These aren’t all collecting information – most are sending it out (spam, phishing, DoS, …) however some of them are. It also highlighted that of the 54,609 applications installed, 65% were malicious.

So (and I’m starting to sound like a broken record)… if you value your information and something asks to install itself, especially if you are in a web browser (also known as a plug-in), be very sure that the source of the request is valid – if not, then just click away. 

It’s Out Today…

By Guy Bunker | April 8, 2008 | Leave a Comment 

Guy Bunker

Symantec released its Internet Security Threat Report (ISTR) today. This is volume XIII and as per usual there are some interesting numbers in there – you can download the report from symantec.com. The data is collected from the Global Intelligence Network which operates in 180 countries with more than 40,000 sensors and 2,000,000 managed dummy email accounts.

Some of the new metrics are:

  • Malicious attacks on ISPs. These are targeting new subscribers who perhaps don’t have security on their machines that they should.
  • Site specific cross-site scripting. Targeting well known sites with invisible changes which downloads trojans on unwary visitors. This is now the most common attack.
  • Malicious code which modifies web pages. This is on the increase – and is making it increasingly difficult for the visitor to distinguish a real site from a fake one.

While there is no silver bullet to prevent this from happening – the main watchword is caution. If a site is asking for more information than you are willing to give (do you really need to give your birthday or mother’s maiden name – to any website?) then navigate away unless you are sure that there is a genuine reason for them to have it. Social network sites are springing up and some are not all that they seem to be – just be wary. Also, make sure that you have a personal firewall, anti-virus, anti-phishing toolbar installed and up to date.

I will post some more articles over the next week – highlighting some of the other interesting data points that the report has shown up.

In the meantime hear my views on a podcast: http://www.bitebroadcast.com/symantec/istr08_01/

Next Page »