An evening of debate at the Symantec Cyber Symposium

By admin | March 1, 2011 | Leave a Comment 

admin

Calm before the stormSymantec’s first Cyber Symposium took London by storm last Wednesday! We had great speakers who presented some intriguing thoughts and insight on where they see the future of the web. Our audience of industry thinkers contributed smart questions, which fuelled a debate that really made the evening.

Discussion was lively, with matters ranging from our increased global connectivity through social networks and the evolution of potential threats targeting smart devices controlling essential services like electricity. It also raised some questions, such as how might we learn from entomology and the ways nature protects itself from disease, as we continue to protect the enterprise from online threats?

While we may not have all agreed on some of the issues raised, one thing I think we all agreed on is that the internet is still young, and internet security even younger, with huge potential for the future. By working together, industry and academia could uncover valuable insight into protecting against many of the potential future threats discussed at the event. After last night, I am looking forward to another opportunity sometime soon to share ideas and thoughts over drinks with such a great crowd.

- Ilias Chantzos, Director of Government Relations, Symantec

Symantec explores Future of the Internet at Cyber Symposium

By admin | February 23, 2011 | 2 Comments 

admin

symblogphoto2

This evening, the first Symantec Cyber Symposium will see academics, security professionals and industry thinkers gather in London for a thought-provoking discussion about the future of the internet. We’ll be looking at the online world and the associated security challenges that will shape the thinking of business decision makers, governments and consumers in years to come.

What factors will determine the way in which the internet evolves? How might our use of it – at home, in business, or even on our body – change? How will the potential threat landscape shape the way we use it in the future?  And what will the implications be for personal privacy, commercial and national interests, which are some of the considerations that are so pivotal in society today?

I’m excited to be hosting the event, and look forward to debating some of the above. We are also welcoming some great guest speakers, including:

  • Dr. Chris Hankin, Director for the Institute for Security Science and Technology at Imperial College London, discussing issues on protecting the enterprise in the future
  • Derek Wyatt, a former MP, presenting ideas on policing international frontiers
  • Professor Richard J. Aldrich, Professor of International Security, University of Warwick, talking about extending the frontier of the internet into the human body

To date, the internet has fundamentally enhanced the way we communicate and socialise. It has made our lives easier, both at home and at work, and it’s changing all the time. By the end of this decade, the online world will look very different than today’s and only by understanding the internet’s potential evolution and the threats that may emerge, can we continue to reap its benefits in years to come.

- Ilias Chantzos, Director of Government Relations, Symantec

The Well-Meaning Insider – Who, Why and How

By admin | January 27, 2011 | 1 Comment 

admin

At a time when many organizations are being bombarded on every side, they sometimes forget about the inside. Because so much has been said about the dangers imposed by malicious outsiders and insiders intent on wreaking havoc and reaping money, the non-malicious insider threat remains somewhat unspoken.

I recently wrote a whitepaper outlining the threat posed by well-meaning insiders. See it here.

The well-meaning insider represents a weak link in the security posture of many organizations and few seem to realize the critical role they play in keeping information safe.  A survey of office employees in North America and Europe, for example, found that 78 percent think that their IT department solely holds the responsibility for information confidentiality. To be able to fully protect against threats resulting from such misconceptions, companies must identify who constitutes a risk, as well as why and how they might be a threat. Not all insider risk profiles constitute the same type of threat, so security has to be tailored to their particular characteristics.

Well-meaning insiders fall in to the following categories:

  • The underminers take the path of least resistance and ignore the spirit of security to make their working lives easier.  Creating easy passwords is an example of this. Sharing passwords is another common problem.
  • The overly-ambitious employees knowingly take risks to purposefully bypass bureaucratic security processes in order to be more effective in achieving what they think are organizational goals.  Encryption, for example, might be overlooked because the employee thinks it’s too cumbersome.
  • The socially engineered are those employees, usually in low paid positions at the public facing end of the organization, who are prone to being duped by malicious outsiders into sharing sensitive information or even giving out access codes to systems.
  • The data-leakers are the growing cadre of ‘whistleblowers’ who, for various ethical or unethical reasons, leak to the public via social network technology, such as wiki-leaks, information they feel that the public should be informed about.
  • The data spillers are employees who have legitimate access to information or databases, but are prone to spill data because of (sometimes routine) organizational practices not checked by lax IT policies. Data spillers may:

- Accidentallydiscloseinformation by losing a laptop or smartphone, else a CD-Rom or USB drive.  While such incidents (often unreported) represent a statistical outlier, they do garner much attention—both from other organizations and media outlets.
- Take data out of the secure environment to use out of the office and not deleting it.
- Leave data on discarded computers.
- Not carefully manage data shared with third parties.
- Send unsecured data through public delivery systems.
- Not review and update access inventories or email distribution lists

Resolving these problems can happen through increased IT intervention and employee education. In both cases, the goal is to preserve both human and technological resources. For instance, demonizing these insiders and treating them as willfully malicious will not improve situations. It will either cause a loss of talent or a loss of good relations. Training and educating as well as establishing a culture of security through improved and automated IT will reduce risk and maintain effectiveness.

The well-meaning insider is a different type of problem to the malicious outsider. Both can result in data loss and information breaches, but the motivations and relationships to the company vary widely. Because the industry has focused on outsider threats, many companies are unprepared and even unaware of who may be causing the loss of sensitive information. This issue can be addressed. To get more information on the who, how and why of the well-meaning insider – along with recommendations on how to deal with them effectively – read the whitepaper, Organization Security and the Insider Threat: Malicious, Negligent and Well-Meaning Insiders.

About the Author

David S. Wall (BA, MA, M Phil, PhD, FRSA, AcSS) is Professor of Criminology at Durham University where he conducts research and teaches in the fields of cybercrime, policing and intellectual property crime. He has published a wide range of articles and books on these subjects which include amongst others: Cybercrime: the Transformation of Crime in the Information Age (Polity, 2007).

Shanghai to London – Spammers will be following the crowds

By Greg Day, EMEA Security CTO for Symantec | June 23, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

Symantec’s security response team have found that Shanghai World Expo 2010 is the latest major world event to be hijacked by spammers. We’ve been monitoring several different variations of spam that uses World Expo keywords and email subjects to deliver their usual mix of fake promotions, products and services to unsuspecting web users.

With around 70 to 100 million visitors expected to turn up at the World Expo, it’s no surprise that spammers are attempting to take advantage of it. We saw the same thing with Vancouver Olympics, and are observing it right now with the World Cup, and the ticket. And as ticket registration for London 2012 has already begun, the UK could become the next prime target for these scams. To help you avoid the scammers, we’ve put together the following tips.

Do’s

  • Ensure when signing up to receive mail, that you verify what additional items you are opting into at the same time and de-select the ones you do not want to receive.
  • Unsubscribe from legitimate mailings that you no longer want to receive and be selective about the websites that you register your e-mail address on.
  • Avoid clicking on suspicious links in e-mail or IM messages. These may be links to spoofed websites. We suggest typing web addresses directly in to the browser rather than relying upon links within your messages.
  • You must also make sure you delete any spam you receive. It is worthwhile considering a reputable antispam solution to handle your filtering, such as Symantec’s Brightmail messaging security family of solutions.

Don’ts

  • Do not open unknown e-mail attachments or spam messages. These attachments are what could potentially infect your computer.
  • Do not fill out forms with any personal or financial information or passwords. Reputable companies are unlikely to ask for your personal details via e-mail. If you are really unsure, get in touch with the company in question via an independent, trusted mechanism, such as a verified telephone number, or a known Internet address that you type into a new browser window and find out.
  • Never reply to spam as this could simply result in more spam.

 
Photo by Flickr user gustible, licensed under CC BY 2.0.

Tabnapping…

By Guy Bunker | June 8, 2010 | 1 Comment 

Guy Bunker

… What? A new browser-based threat has been created – just to show it can be done. However, rest assured, this will be used for real in the near future. It’s called Tabnapping… sort of like kidnapping, but with the tabs on your browser. The way it works is that you visit in infected site and when you navigate away from a tab, it changes the tab name and the content.

The social engineering at work here is that most people have multiple tabs in their browsers open at the same time – and they don’t really remember which is which (why would you?) so you click on the one you think you need (but it’s been tabnapped) and you reenter details… mistake! As for how easy is is… take a look at this page which shows how it works – then open another tab and wait 5 seconds and return to the old tab!

What to do? Well, the problem with these sorts of attacks is that they are tough to break as there are legitimate uses for the functionality used – think about auto-logout from online banking systems. So… the best way to combat it is to educate people as to the risk – send out an email today! (Of course, hopefully you will have anti-malware installed as well – which will help prevent you from going to dodgy sites etc…)

Guy Bunker

Safari – be careful in the Internet wild

By abigail_lovell | April 21, 2010 | Leave a Comment 

abigail_lovell

ISTR3

The launch of the Internet Security Threat Report has been keeping Symantec’s security experts busy. Articles about the report are everywhere from the BBC to the Independent, Computing to V3, even Vatican Radio in Rome!

There’s clearly lots of interesting information in the report. Some stats that I found particularly interesting is that vulnerabilities of browser-based applications are the fastest-rising information security flaws. During 2009, Mozilla Firefox was the most targeted browser platform, whereas Google Chrome and Apple’s Safari took the longest to gain protection after a flaw was identified.

From the report, we see that the average window of exposure for Internet Explorer in 2009 was less than one day, based on a sample set of 28 patched vulnerabilities. For Safari, the average window of exposure was 13 days, but the maximum time it took for Apple to patch a vulnerability in 2009 was 145 days.

Browser vulnerabilities are a serious security concern due to their role in online fraud and in the propagation of malicious code, spyware, and adware. They are particularly prone because they are exposed to a greater amount of potentially untrusted or hostile content than most other applications. There is an increased reliance on browsers and their plug-ins as the internet becomes integral to business and leisure activities, so it is important that when a vulnerability is identified, they are patched right away.

Abigail Lovell

Criminals rack up more than 100 potential attacks a second on the world’s computers, reveals Symantec report

By Greg Day, EMEA Security CTO for Symantec | April 20, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

ISTR4 (3)Symantec today released its new Internet Security Threat (ISTR) report, highlighting key trends in cybercrime – and what a year 2009 has been. The web saw two very prominent Cyber attacks – Conficker in the opening months of the year and Hydraq at the very end – and Symantec’s ISTR reveals continued growth in both the volume and sophistication of cybercrime threats.

In fact, Symantec blocked an average of 100 potential attacks per second in 2009.

The full report can be viewed online here, but we’ve outlined the key findings below in an easy to digest form. Over the course of the week we will be investigating in more detail some of the top findings, so for more in depth analysis, join us again tomorrow.

Key ISTR findings:

  • An increase in the number of targeted threats focused on enterprises. Given the potential for monetary gain from compromised corporate intellectual property, cybercriminals have turned their attention toward enterprises. The report found that attackers are leveraging the abundance of personal information openly available on social networking sites to create socially engineered attacks on key individuals within targeted companies.  Hydraq gained a great deal of notoriety at the beginning of 2010, but was only the latest in a long line of such targeted attacks including Shadow Network in 2009 and Ghostnet in 2008.
  • Attack toolkits make cybercrime easier than ever. Cybercrime attack toolkits have lowered the bar to entry for new cybercriminals, making it easy for unskilled attackers to compromise computers and steal information. One such toolkit called Zeus (Zbot), which can be purchased for as little as $700, automates the process of creating customized malware capable of stealing personal information. Using kits like Zeus, attackers created literally millions of new malicious code variants in an effort to evade detection by security software.
  • Web-based attacks continued to grow unabated. Today’s attackers are using social engineering techniques to lure unsuspecting users to malicious websites.  These websites then attack the victim’s Web browser and vulnerable plug-ins normally used to view video or document files.  In particular, 2009 saw dramatic growth in the number of Web-based attacks targeted at PDF viewers; this accounted for 49 percent of observed Web-based attacks. This is a sizeable increase from the 11 percent reported in 2008.

  • Malicious activity takes root in emerging countries. The report saw firm signs that malicious activity is now taking root in countries with an emerging broadband infrastructure, such as Brazil, India, Poland, Vietnam and Russia. In 2009, these countries moved up the rankings as a source and target of malicious activity by cybercriminals. The findings from the report suggest that government crackdowns in developed countries have led cybercriminals to launch their attacks from the developing world, where they are less likely to be prosecuted.

Dominic Cook

Where’s your online data and who’s responsible for protecting it?

By john_turner | April 14, 2010 | 1 Comment 

john_turner

BrusselsYesterday at the European Cyber Security Awareness Day event in Brussels the Business Software Alliance (BSA) released some interesting research. They found that people in Germany, France, Poland, Spain, and the UK are confused over where their online data is stored.

About one in five citizens admitted to being unaware of whether their personal data is being held ‘in the cloud’, and 60% said they didn’t know what ‘in the cloud’ means.

When it comes to who should take responsibility for protecting online data, respondents were confused, with more than a quarter expressing a belief that a combination of stakeholders including government, businesses, technology companies, and consumers should be responsible for securing data held ‘in the cloud.’ The BSA says that this suggests that there may be a need for better coordination between government, businesses, and users and better education on cyber risks and best practices.

Coordination between government and business can go a long way in fighting cybercrime and protecting online data. Sound cyber security policies and technologies that protect the online environment are crucial but education can’t be overlooked. Users need to be made aware of online risks and know how to spot and protect themselves against malicious activity. I believe that better education is key to good cyber security.

John Turner

Credit card dumping on the rise

By Greg Day, EMEA Security CTO for Symantec | April 8, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

Card Security

At Symantec we’ve noted a worrying increase in so-called “credit card dumps” on offer in the criminal underworld over the past year. Dumps, which are copies of the information stored on the magnetic stripe of the original card, are usually obtained via electronic “skimming devices” fitted to the credit card machine or bank teller.

The devices often take the form of an additional card reader that is placed over the original and records any data that passes through it.

Skimming devices can be combined with a doctored keypad that is placed over the real one or a small video camera that records the PIN code entered for each card. Newer versions even contain a GSM module that will send the encrypted dumps back to the attacker. Video footage from surveillance cameras has shown that scammers can install the fake keypad and card reader in under five seconds.

Once the criminals have the information, they have the card number and can clone the credit card. The clones can be almost indistinguishable from authentic cards, often including holograms and embossed gold numbers. If the criminals have recorded the PIN codes, the cards can be used at any ATM to withdraw cash.

Spotting a skimming device is not easy as the devices are highly sophisticated and usually match the look and feel of the credit card or teller machine.

People should look out for any attached keypads or strange looking card slots. Often they are fixed point mounted and create a small overlap that just looks a bit odd and wiggles a bit.

This type of thievery is not confined to the developed economies and travellers should be particularly wary when abroad. For example, thousands of football fans will be travelling to South Africa in a couple of months for the 2010 World Cup. While the country is a developing economy, it has a highly sophisticated and modern banking infrastructure and credit card fraudsters to match it.

Credit card skimming can happen virtually anywhere so while enjoying what South Africa has to offer over and above the World Cup, it is important for travellers to pay special attention to what happens to with bank or credit cards, wherever they are used.

For more information on Internet scams relating to the 2010 Soccer World Cup, visit www.2010netthreat.com.

Candid Wüest, senior threat researcher at Symantec

Symantec urges business to bolster defences in order to avoid new £500k fines for breaches of Data Protection Act

By admin | April 6, 2010 | Leave a Comment 

admin

As new legislation comes into force today which empowers the Information Commissioner’s Office (ICO) to levy fines on businesses of up to £500,000 for serious breaches of the Data Protection Act (DPA), Symantec has cautioned that fines are avoidable – provided adequate security best practice is adhered to.

The ICO is aiming to give the data protection act ‘teeth’ and is clearly concerned about several high profile cases where unencrypted, confidential data residing on laptops and USB sticks has been lost and stolen. The impact of the vast majority of these cases could have been easily mitigated or avoided altogether by following security best practice such as protecting data and having clear guidelines in place for how data is used.

For a data breach to attract a monetary penalty, the ICO must be satisfied that a serious breach is likely to cause “damage or distress” and that it was either “deliberate” or “negligent” and that the organisation “failed to take reasonable steps to prevent it”.

Symantec advises:

Develop and enforce a robust security policy which includes:
-Tight governance regarding use of customer data – it should not physically leave the premises unless absolutely necessary
- Use advanced encryption appropriately for data that does have to leave the premises
- Restrict access to customer data only to those staff for whom it is critical
- Ensure that confidential data cannot be copied on to portable media such as USB sticks or CD’s
- Monitor information leaving via email and websites for appropriateness

Protect and manage all PCs, laptops and servers
-Maintain active, up-to-date antivirus, spyware and firewall protection

Create strong passwords for all systems and hardware
- Use at least eight characters with a combination of numbers, letters and punctuation marks and don’t use the same password which is active on other accounts

Don’t forget non-electronic security
- Shred any documents that contain identifying information before disposing of them
- Don’t leave financial documents and sensitive information in an unsecure environment
- Regular education of employees can help improve awareness of appropriate behaviour

Mike Jones, Principal Product Marketing Manager at Symantec

Next Page »