Category: Trends

Information technology security spending will apparently keep growing forever, but it’s unclear what the returns look like.

Security requirements aren’t going to go away as long as the bad guys are out there.

Canalys noted that security remains a priority for businesses even as they cut back elsewhere. Asia Pacific IT security spending will be up 9 percent in 2013 with North America growing 5 percent.

Meanwhile, medium sized businesses will grow IT security spending a 7 percent clip to hit $8.5 billion in 2017.

Link: http://www.zdnet.com/it-security-spend-keeps-rising-is-there-roi-7000019277/?s_cid=e589&ttag=e589

As to where the money is going, respondents said five areas were ‘priority one or two’ (where one is most important and five is least important).

Notable changes occur in spending priorities between 0-12 months (FY 2013) and 12-24 (FY 2014) months on data security, document security and social media security.

54% of respondents indicated spending on data security would be high priority in 2014 (up from 38% in 2013). 38% of respondents indicated spending on document security would be high priority in 2014 (more than double the 15% in 2013). 23% of respondents indicated spending on social media security would be high priority in 2014 (more than triple the 8% in 2013).

Link: http://www.net-security.org/secworld.php?id=15346

Automated credential guessing is a malicious attack in which the perpetrator uses software to guess log-in credentials of users and can inherit user specific privileges to the system, based on the identity established by the supplied credentials.

Findings show that while most companies place security emphasis on computer viruses, trojans and worms, security breaches as a result of viruses account for less than one percent of incidents. Port scanning and automated credential guessing are by far the most prevalent types of IT network security breaches among remote locations and branch offices. Remote locations typically do not have the level of security oversight and resources as a large, centralized corporate network location to combat these threats.

“Our recommendation to businesses is to apply the appropriate IT security protocols and technology that mitigate the risk of network vulnerabilities.”

Link: http://mitechnews.com/articles.asp?id=15851&sec=24

The service simply required attackers to inform it of which site they wish to launch a DDos attack against, decide how much they are willing to pay, and initiate the service.

This is just one example of a vast array of services and tools that make up a tumescent online marketplace wannabe cybercriminals can use to gather components of a cyberattack – or outsource the process altogether, the study found.

Stolen bank login information commands a higher price than credit card numbers, with prices ranging from two to 10 per cent of the account’s balance.

Meanwhile, so-called “bulletproof” hosting providers – firms which knowingly provide web or domain hosting to cybercriminals – can charge between $50 and $400 for their services per month.

Troels Oerting, head of EC3 European Cybercrime Centre – who wrote the white paper’s foreword, said: “Today’s cybercriminals do not necessarily require considerable technical expertise to get the job done, nor, in certain cases, do they even need to own a computer.

A marketplace offering cybercrime tools and services provides would-be criminals with an arsenal that can either be used as a component of a cyberattack or a handy way of outsourcing the process entirely.”

Link: http://www.channelweb.co.uk/crn-uk/news/2279505/ddos-attacks-on-sale-for-usd2-an-hour

vents—Some of the bigger stories surrounding email and web threats over the past six months include malware campaigns leveraging the Boston Marathon bombings, the continuing rise of mobile malware, and DSD: a distraction technique used by cybercriminals as they’re emptying your bank accounts.

“If you notice a deluge of spam in your email inbox, it’s best not to try to monitor your email, but instead go directly to your account(s) activity because the people behind this spam blast have somehow obtained your personal account information and email address,” says Touchette. “In order to hide purchase receipt emails or balance transfer confirmation emails, the attackers, just before they make the illegal transactions, turn on this deluge of spam email in order for these very important emails to get lost in the flood.

As for server side vulnerabilities, some of the biggest exploits so far in 2013 have included cross-site scripting, cross-site request forgery, broken authentication systems, Ruby vulnerabilities, universal plug and play problems, and an Adobe issue with ColdFusion.

Metrics—In addition to the familiar data regarding email spam and viruses, this report includes some baseline data about web-based malware that AppRiver will track over the months ahead. As web-based malware and “drive-by downloads” become more widespread, this data will expose trends and patterns that can help improve security for users.

The Cyber World—This section of the report discusses major cybercrime arrests like that of Hamza Bendelladj for leading a major Zeus botnet, along with Hacktivism activities, and the evolution of cyber espionage from simple murmurings to mainstream conversation with attention-grabbing incidents such as Stuxnet, targeting a very specific system for enriching Uranium in a very specific location, not to mention the talk of cyber exchanges between the U.S. and China.

Link: http://www.heraldonline.com/2013/07/02/4994746/appriver-releases-mid-year-global.html