Month: February 2013

The majority of exploits detected were related to four vulnerabilities (two Windows and two Java), most likely a result of the fact that today’s popular exploit kits, BlackHole and Cool Exploit, include exploits for these vulnerabilities. All of these vulnerabilities were reported in the last two years and have already had security patches released by their vendors – a reminder of the importance of keeping software updated.

“Criminals in the malware system each handle their own little niches, their own little links in the chain,” says Sean Sullivan, Security Advisor at F-Secure.

Android malware accounted for 79 percent (238) of all new, unique mobile malware variants in 2012, a number that speaks to the platform’s domination of the mobile market.

“On the inside it’s still the same malware family, but there can be a myriad of different ways to dress it up to try to disguise it…. At F-Secure, we have a more holistic understanding of the security landscape, that it cannot be dependent on merely one data point,” says Sullivan.

New business models like “rent-a-botnet” schemes are flourishing, where cybercriminals rent a whole network of infected computers and use it to perform their attacks.

Link: http://www.net-security.org/virus_news.php?id=2399

The region’s healthy economic growth has attracted players from other regions to expand their businesses in Latin America, further enhancing the scope of the MSS market. This affects firms’ decision to hire or continue security services and often companies, which have not yet been victims of attacks, fail to recognize the need for security services.

Link: http://news.yahoo.com/frost-sullivan-increasing-number-complexity-194500406.html

Stuxnet and Flame, which were identified in 2010 and 2012 respectively, have both been linked to the US and Israeli governments, who are alleged to have used the malware to sabotage critical infrastructure systems of various global targets, including Iran.

“It’s going to be keeping security officers in a lot of countries quite busy, so from their perspective that’s going to be a major player this year,” said Ben-Itzhak. However, he was less sure about the continued influence of so-called ‘hacktivist’ groups, the threat from which be believes has been hyped up by the media. “Even now, ICQ [a social networking program launched in 1996, but now of diminished consumer interest] is still a main place for them – it’s mainly populated by hackers now.”

Ben-Itzhak said that “headlines and slogans calling [hacktivists] ‘Anonymous’ is pretty in the press”, but the only real advantage the hackers have over the “dialup days” is an increased and sustained global connectivity. However, Ben-Itzhak suggested that while internet-based press coverage of world political events speeds up the response of hacktivists to these events, the same fast channel of news reporting is also building an undeserved reputation for the groups as they become linked to the events.

Link: http://www.computing.co.uk/ctg/news/2241743/2013-will-see-more-stuxnet-and-flamelike-malware-attacks-says-avg-cto