Downadup/Conficker One Year Later

By admin | March 29, 2010 | Leave a Comment 

admin

This week is the one-year anniversary of the Downadup/Conficker threat’s April 1, 2009 “trigger” date. Although, Conficker did not turn into a widespread threat or cause the significant damage it had the potential to inflict, one year later, we know that those behind Downadup/Conficker still potentially have the keys to some 6.5 million of these computers. These computers have not been fixed by their owners, leaving them open to be victimized at any time by cybercriminals.

While 6.5 million infected computers remain wide open to further attack, they are monitored very closely by law enforcement and by members of the Conficker Working Group. Should the criminal(s) attempt to use them, the alarm will sound. For the criminals holding the keys, too much attention may be a turn off and it will likely prevent them from carrying out their original malicious plans.

So, are we out of the woods in terms of Downadup/Conficker?

Probably not. Downadup/Conficker may not be the biggest known botnet on the block, but it still has the potential to do serious harm. Industry groups and law enforcement are being vigilant but the 6.5 million infected PC are very much so like a loaded gun, waiting to go off.

Here’s what we know today:
• Approximately 6.5 million systems are still infected with either the .A or .B variants.
• The .C variant, which used a peer-2-peer method of propagating, has been slowly dying out over the past year. From a high of nearly 1.5 million infections in April of 2009, the infection rate has steadily decreased to between 210,000 to 220,000 infections. This indicates some computer users are fixing the issue and getting rid of the infection.
• Symantec also observed another variant, .E, released on April 8, 2009, but this variant deleted itself from infected systems on or after May 3, 2009.
• Thus far, the machines still infected with Downadup/Conficker have not been utilized for any significant criminal activity, but with an army of nearly 6.5 million computers strong, the threat remains a viable one.

Symantec has put together the following video highlighting the evolution of Downadup/Conficker to help give computer users background on the threat and information about where it is today:

Orla Cox, Security Operations Manager at Symantec Security Response

Mobile hacking highlights need for mobile security

By admin | March 25, 2010 | 1 Comment 

admin

Following reports on a The Register and ZDNet regarding the ease of hacking smartphones, the growing issue of mobile security looks set to come under the spotlight.

Although the loss or theft of the physical device is seen as the biggest problem around mobile security, there is also the problem resulting from the increasing volume of ‘stealable’ business data which is held on them, made worse by the current poor encryption.
                                                   
Mobile platforms have so far been down the ‘pecking order’ of cyber criminals compared to desktops computers with just 400 different viruses in existence compared with 4 million in Windows. Although currently a drop in the ocean, the increased standardisation of mobile platforms will make it more profitable and easier for malware writers to infiltrate mobile devices.

If phones are infected, then there are a number of security risks that the user and their organisation is left open to. Industrial espionage becomes a very real risk, with data being hacked, the device being cloned without users knowledge and malicious emails distributed to contacts within the address book. The phone may also be used to send SMS messages to premium rate numbers and rack up huge bills in the process

To avoid these security breaches, Symantec recommends that organisations ensure all data is encrypted, secure password settings are in place, remote wiping of data is enabled should the handset be lost and that a sound user policy is in place.

Candid Wueest

 
Photo by Flickr user csaila, licensed under CC BY 2.0.

Symantec helps the House of Lords tackle cyber warfare

By Greg Day, EMEA Security CTO for Symantec | March 19, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

cyberwarfareYesterday the House of Lords released its report examining how to protect Europe against large-scale cyber-attacks. The publication of the report follows a committee meeting on the topic last year in which Symantec’s Director of Government Relations EMEA & APJ, Ilias Chantzos, was one of two cyber security experts invited to give evidence.

The report’s findings have been welcomed by Symantec, in particular the recommendation for an EU-wide approach to address cyber related issues that don’t just affect the UK. Ensuring industry and government are collaborating to address the issues will be crucial to success of such an initiative.

Commenting on the need for public and private cooperation to tackle cyber warfare, Ilias Chantzos said, “One of the biggest problems with supposed acts of cyber warfare is where and when to use the term. It is very difficult to determine the origin of an internet-based attack, and almost impossible to pinpoint either the identity or motivation of its perpetrators: whether they’re a criminal, an activist or a government agent.

“For security agencies, following the trail of evidence left by alleged cyber warfare operations is made doubly complex by the fact that this evidence typically crosses international jurisdictions. Tackling this requires international co-operation, but the current levels of co-operation between nation states are often not able to police cybercrime, much less track covert activities.”

“Another problem is that government no longer controls most of the critical infrastructure; much of it is under the control of the private sector. It is in the interest of industry and government to better cooperate to tackle these issues.”

The full recommendations from the House of Lords report can be viewed here.

Dominic Cook

And the Academy Award for the most dangerous search term goes to…

By abigail_lovell | March 10, 2010 | Leave a Comment 

abigail_lovell

The team at Norton have been busy digging through the gossip since Sunday’s glamorous Oscar ceremony. They weren’t just looking for juicy rumours though; they’ve been looking for malware around the Academy Awards.

Cybercriminals often take advantage of public interest in both individual celebrities and world entertainment events, so it is no surprise that when the two combine, crooks get busy infecting websites. Norton found that around 50% of Oscar related internet search results lead to “poisoned” sites.

 Some of the most dangerous search terms (and the percentage of infected results) include:

  • “Oscar 2010 Winners” – 60% infected
  • “Music By Prudence” – 58% infected
  • “Kathryn Bigelow height” – 48% infected
  • “Sandra bullock Meryl Streep kiss” – 43% infected

Criminals predict public curiosity and infect pages that contain key words with malware. When a victim clicks through on links from search engines they inadvertently end up with their computer infected with a virus or inundated with pop-ups for fake, and in some cases dangerous, “anti-virus software.”
 
When searching for anything online, Oscar-related or not, it is important to be on guard. Make sure you have legitimate antivirus software that includes all the latest updates, and if you don’t, make sure you buy software from a reputable source.
 
Abigail Lovell

Photo by Flickr user Zadi Diaz, licensed under CC BY 2.0.

Importance of end-to-end encryption in the retail space

By dominic_cook | March 9, 2010 | Leave a Comment 

dominic_cook

CardFraudOur attention was caught recently by an interesting article on Retail Week by Verifone, which examined the importance of credit and debit card protection in the retail industry. As Verifone quite rightly points out, the theft of credit and debit card details is a highly lucrative activity and its popularity is growing rapidly worldwide. Indeed, our recent State of Enterprise Security Report revealed that 75% of enterprises have experienced a cyber attack in the past 12 months and that the average associated cost over the year for such attacks was as high as $2million – some pretty striking statistics.

Furthermore, the nature of credit and debit card theft is becoming increasingly sophisticated such that retailers will often process a payment transaction and not even be aware that a data breach has occurred – something that could have a serious impact not only on a retailer’s revenues, but also on their brand reputation. With such serious consequences at risk, Verifone states that it is time for companies to go beyond Payment Card Industry Data Security Standard (PCI DSS) guidelines, and secure entry points across the entire transaction chain.

The article has some good advice to offer retailers and with cybercrime continuing to grow at such a rapid rate, it’s advice that retailers can simply not afford to ignore.

Dominic Cook

UK ID fraud cases jump a third as malicious insiders turn to cybercrime

By admin | March 8, 2010 | Leave a Comment 

admin

CIFASID fraud in the UK has increased by nearly a third (31.79 per cent) in 2009, according to a new report from CIFAS, the UK’s Fraud Prevention Service, as compromised identity details continue to be sold over the internet. The report points to an increase in gangs using collusive staff within organisations to steal personal data online for criminal gain. The CIFAS findings are gathered from its 265+ members across industries including banking, retail and telecoms.

Businesses need to be better protected against the dangers of the enemy within, particularly in industries such as finance and banking, where the value of the personal data held in online databases can be incredibly high. Our recent State of Enterprise Security report found that 40 per cent of businesses experienced a high number of internal, malicious attacks in 2009. In addition, a great deal of damage was also done unintentionally by staff, with 39 per cent of IT managers surveyed saying it’s a ‘high’ or ‘extremely high’ problem.

IT security was, for many years, focused on protecting against external threats and attacks. While those threats still remain, a more insidious threat – the malicious insider – has been steadily rising. The fact that cybercriminals are so well networked within UK businesses in order to bring about this kind of ID fraud, points to their increased professionalism and savvyness.

Symantec recommends that companies assess their policies and processes around employee access to sensitive data ensuring that they are appropriate for the employee’s position and are enforced and regularly reviewed. It advises that data loss prevention (DLP) solutions that offer protection at the endpoint, network and storage levels can also help.

Andy Ng, Data Loss Prevention Consulting Manager for EMEA

The Butterfly effect – Mariposa

By Greg Day, EMEA Security CTO for Symantec | March 5, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

A virus-infected network of nearly 13 million computers around the world has been smashed by Spanish police. The Mariposa, or Butterfly, botnet included PCs inside more than half of America’s 1,000 biggest companies and more than 40 major banks.

Our colleague Vikram Thakur recently wrote a blog about the threat. Symantec has been tracking the threat since October 2009. At that time, a security company had reported that a large number of Fortune 100 companies had been infected. The same firm has worked with authorities in arresting alleged key members of the botnet ‘ring’.

Symantec products detect this malicious worm under multiple names, the most prominent of which is W32.Pilleuz. Pilleuz and its variants have been extremely active over the past several months. The threat itself has multiple capabilities and is able to spread via USB devices, instant messaging clients, and P2P. It has the ability to steal credentials and personal information, as well as accept commands from its command-and-control (C&C) server. One such command could be to flood network traffic to a certain domain, thereby performing a distributed denial of service (DDoS).

Details about what role the arrested people played in Pilleuz’s day-to-day operations are still sketchy. We’re hopeful that the arrests will have a significant impact on the infections Symantec is seeing.

Photo credit

The RSA Conference – Cloud, devices & social changing the game?

By abigail_lovell | March 5, 2010 | Leave a Comment 

abigail_lovell

The weather may still be cold in London, but San Francisco has been hot this week, especially for the security industry. The USA RSA Conference is one of the premier security events, educating and connecting security professionals from around the world.

Symantec’s CEO Enrique Salem took the stage earlier in the week as one of the keynote speakers.

He discussed the information economy, and how this decade will change the way we think about it. The two major trends Enrique thinks will change the information economy significantly are the adoption of cloud computing and the explosion of digital devices. Along with the rise of social media, these trends make a trio that are linked and will accelerate the need for an information-centric approach to security.

All three rely on trust, and that trust requires security, privacy and compliance measures in place so that information can be accessible by the right people, on any device and from any place in order for the information economy to reach its full potential.

I found this really interesting. Enrique said that security is not only about putting up higher walls around information or locking down devices, it is about delivering solutions that provide trust and confidence. And he also spoke about how it is an opportunity for the security industry to enable, nurture and navigate through this future of the information economy.

It would be great to know what you are you doing in your organisation to securely allow information to flow freely between the right people. What has changed over the past five years and what predictions do you have for the next five?

Abigail Lovell

Photo credit

Financial Data and the Mobile Generation

By Greg Day, EMEA Security CTO for Symantec | March 4, 2010 | 1 Comment 

Greg Day, EMEA Security CTO for Symantec

Last week we blogged about a report forecasting an increase in people using mobile devices to interact with their banks. At around the same time, Cisco also announced the findings of its US retail bank study, looking at How the Post-Crisis Financial Needs of Younger Consumers Will Transform Retail Banking Services.

The report looked at US Generation Ys, defined as being born between 1980 and 1992, and found that 97 per cent use mobile phones, a number that’s likely to be very similar in the UK – not unsurprising you might say. The really interesting finding is that Gen Y consumers are four times more likely than ‘boomers’ and ‘silvers’ (those born before 1960) to have posted a question about financial matters to a blog or online forum. Furthermore, 40 per cent of Gen Y customers use web-based personal financial management tools to manage expenses, reduce debt, and maximise long-term savings.

Generation Ys across the pond are clearly making the most of mobile technology to handle their finances, as they are most likely doing here in the UK.

As we blogged last week, more and more valuable information, like bank account numbers or passwords, are being stored on devices, like smartphones, and is presenting increased opportunities for cybercriminals. The banks who are offering mobile services need to ensure adequate security measures are in place and, most importantly, that Gen Y and other users who want to take advantage of the benefits and convenience of mobile banking are better educated about how to keep their data safe.

Photo credit: D Sharon Pruitt

Is online security hindered by computer jargon?

By Greg Day, EMEA Security CTO for Symantec | February 26, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

Whether computer jargon is creating a barrier preventing people from learning how to protect themselves online is a discussion taking place at this week’s EastWest Institute meeting of global security experts. The EastWest Institute is a ‘think-and-do tank’ dedicated to debating pressing global security concerns and working with a network of individuals, institutions and nations to discuss and implement solutions.

The importance of using plain language to discuss computer threats isn’t a top priority of their seventh annual Worldwide Security Conference, headlined by Pakistan’s Foreign Minister, but it is still an important conversation.

“We use a lot of complex terminology where it’s not needed. We don’t encourage people to think enough,” said Steve Purser, head of technical competence at the European Network and Information Security Agency, speaking to Reuters.

People shouldn’t be made to feel baffled by IT security. Part of the job of vendors like Symantec, and other industry professionals, is to demystify it. Cybercriminals are evolving different tactics and increasingly new threats don’t always have a textbook answer. That’s why it’s incredibly important for people to have accessible sources of information in simple, easy-to-understand language. It’s particularly critical for smaller businesses who often don’t have a dedicated IT person to turn to. Do you feel that as an industry we need to be better at getting past the jargon?

« Previous PageNext Page »