admini – Page 62 – CyberSecurity Institute

Business users visit most malicious websites, security academics find

Posted on July 16, 2013December 30, 2021 by admini

Just 2 per cent of malicious websites visited by Australian users were actually hosted in Australia, while 62 per cent originated in the United States – lending support to earlier reports that notorious malware host China was actually losing its one-time dominance.

The project “allows us to apply large scale analytics techniques to analyse massive volumes of Trend Micro malware sensor data,” said Professor Yang Xiang, director of the Network Security and Computing Lab within the Deakin University School of Information Technology, in a statement.

Interestingly, many of the hosts were unaware of their infection with malware: of 24 servers compromised by the Blackhole Exploit Kit and noted by the research team, 12 were still delivering the malware-compromised pages a week later.

Link: http://www.cso.com.au/article/520498/business_users_visit_most_malicious_websites_security_academics_find/

Study: Network Reconnaissance On Rise Posing Computer Threat

Posted on July 12, 2013December 30, 2021 by admini

Automated credential guessing is a malicious attack in which the perpetrator uses software to guess log-in credentials of users and can inherit user specific privileges to the system, based on the identity established by the supplied credentials.

Findings show that while most companies place security emphasis on computer viruses, trojans and worms, security breaches as a result of viruses account for less than one percent of incidents. Port scanning and automated credential guessing are by far the most prevalent types of IT network security breaches among remote locations and branch offices. Remote locations typically do not have the level of security oversight and resources as a large, centralized corporate network location to combat these threats.

“Our recommendation to businesses is to apply the appropriate IT security protocols and technology that mitigate the risk of network vulnerabilities.”

Link: http://mitechnews.com/articles.asp?id=15851&sec=24

Hunting for ‘Whales’ Using Targeted Malware

Posted on July 10, 2013December 30, 2021 by admini

Of course, spear phishing isn’t new, but the targets and tactics are evolving, and most users who might have known to not give away their banks account numbers at home may be handing over sensitive information in an enterprise setting due to lack of training and awareness.

Administrative assistants, accountants, salesmen, IT managers, and pretty much everyone else in an enterprise hold a great deal of company knowledge that criminals can use to ultimately unlock a company’s secrets.

But beyond simply explaining the threat to them, ask your staff to take a step back to see what information a cyber criminal can easily dig up. This may sound completely narcissistic to them, but I recommend you ask them to “Google” themselves from time to time in order to see what pops up in search results. The idea is to familiarize one’s self with what is public knowledge — so you aren’t caught off guard when it’s used to gain your trust.

Even though you aren’t likely to be considered a “whale” by Las Vegas casino standards, you and your staff need to understand that your position within a large organization probably makes you a pretty big fish in the eyes of a cyber criminal. And in order to help combat against these attempts, your best bet is to try and see what a hacker can see on the Internet so it can’t be used against you

Link: http://www.enterpriseefficiency.com/author.asp?section_id=1076&doc_id=265441&f_src=enterpriseefficiency_iwkfeed

Companeis lack the ‘intelligence’ to deal with cyber threats

Posted on July 9, 2013December 30, 2021 by admini

Malcolm Marshall, KPMG partner and head of the firm’s Information Protection & Business Resilience team, says: “Increased awareness of cyber security threats is a positive trend, but indications are that organisations now need to focus on putting into place the fundamentals of intelligence management to gain real value from what they know. These revolve around creating an intelligence-led mindset within organisations, implementing an operating model similar to those employed by the intelligence community and building a decision-making process which is centred on a tightly controlled ‘information gathering programme’.

‘Cyber threat: intelligence and lessons from law enforcement’ argues that an intelligence-led mindset establishes a direct connection between the threats and vulnerabilities organisations face and the consequences of their compliance or inaction.

For example, rather than simply collating data, KPMG’s report urges organisations to set parameters for the type of information being gathered, so that haphazard approaches to analysis and actions can be avoided.

Link: http://www.actuarialpost.co.uk/article/companeis-lack-the—–039intelligence—-039-to-deal-with-cyber-threats-5096.htm

New EU laws approve tougher sentences for cyber criminals

Posted on July 5, 2013December 30, 2021 by admini

For example, the Srizbi botnet, estimated to be either the world’s largest, or second-largest botnet, is thought to be made up of around half a million machines.

Botnet creators add machines to their networks through spam emails and malware, often building up networks before renting or selling it to other criminals. Anyone found setting up a botnet will face a minimum of three years in jail, and if the system is used to threaten national infrastructure then again, the minimum sentence rises to give years.

Member states have two years to sign the new directives into law, with only Denmark choosing to opt out in favour of its own rules.

Link: http://www.independent.co.uk/life-style/gadgets-and-tech/new-eu-laws-approve-tougher-sentences-for-cyber-criminals-8690635.html

DDoS attacks on sale for $2 an hour

Posted on July 4, 2013December 30, 2021 by admini

The service simply required attackers to inform it of which site they wish to launch a DDos attack against, decide how much they are willing to pay, and initiate the service.

This is just one example of a vast array of services and tools that make up a tumescent online marketplace wannabe cybercriminals can use to gather components of a cyberattack – or outsource the process altogether, the study found.

Stolen bank login information commands a higher price than credit card numbers, with prices ranging from two to 10 per cent of the account’s balance.

Meanwhile, so-called “bulletproof” hosting providers – firms which knowingly provide web or domain hosting to cybercriminals – can charge between $50 and $400 for their services per month.

Troels Oerting, head of EC3 European Cybercrime Centre – who wrote the white paper’s foreword, said: “Today’s cybercriminals do not necessarily require considerable technical expertise to get the job done, nor, in certain cases, do they even need to own a computer.

A marketplace offering cybercrime tools and services provides would-be criminals with an arsenal that can either be used as a component of a cyberattack or a handy way of outsourcing the process entirely.”

Link: http://www.channelweb.co.uk/crn-uk/news/2279505/ddos-attacks-on-sale-for-usd2-an-hour