Category: Trends

“Although we don’t have complete data for all the aforementioned locations, we can see that 30 percent to 40 percent of computers in some of these locations do not have up-to-date real-time anti-virus software installed, compared to the worldwide average of 24 percent,” Rains wrote.

More than 8 million computers worldwide are infected with Sality, a virus that infects files with certain extensions such as “.scr” and “.exe” and can also shut down the processes and services of security software, he wrote.

To infect computers, Sality has used a vulnerability that was also targeted by Stuxnet, the malware designed to wreck Siemens equipment used by Iran in its nuclear fuel refinement program.

Link: http://www.computerworld.com/s/article/9239326/In_a_sea_of_malware_viruses_make_a_small_comeback?source=CTWNLE_nlt_dailyam_2013-05-17

Given that situation, it’s no surprise that China, the United States and Germany — which all sport a relatively large Internet infrastructure — are also tops for DDoS attack origin. But Prolexic’s report said it’s odd that Iran, which has a very small Internet architecture by comparison, should be the source of so many attacks.

As DDoS attack sizes increase, so do fears of an Armageddon scenario, in which the attack not only disrupts a targeted site, but every site or service provider in between. According to Prolexic’s report, the largest single attack it’s mitigated to date occurred in March, when an “enterprise customer” was hit with an attack that peaked at 130 Gbps. While that wasn’t equal to the 300 Gbps attack experienced by Spamhaus, it still represents well more than most businesses can handle, unless they work with their service provider or third parties to build a better DDoS mitigation defense.

“There are a number of DDoS mitigation technologies out there, and we see organizations that are deploying the technologies in their own infrastructure and in their own environments,” as well as working with service providers, said Chris Novak, managing principal of the RISK Team at Verizon Enterprise Solutions, speaking recently by phone.

Link: http://www.informationweek.com/security/attacks/ddos-attack-bandwidth-jumps-718/240153084?cid=RSSfeed_IWK_security

Online hackers are leaving surprising clues for cyber sleuths based on the time of their attacks — a trail suggesting the computer criminals are punching a clock for shift work. Chinese hackers, for instance, are on a Monday-Friday, 9 a.m. to 5 p.m. schedule, Beijing time, indicating they are likely…

Conventional file infector malware was a major issue in the region, which Trend takes to suggest that patching is poor, operating systems run in insecure states and indicative of a general complacency among consumers about the risks of poor software behaviour.

This includes gangs that develop their own crimeware kits, with 2012’s ‘PiceBot’ a good example of banking malware that heralds a new level of sophistication for homegrown malware.

Protection for Industrial Control Systems (ICS) is also a worry with many Internet-facing systems open to attack; Trend itself recorded 39 attacks on infrastructure systems in the geography in a single month during 2012, 12 of which it classified as automated, repeated and targeted.

Money, expertise, and a lack of cyber-awareness remains an issue although Trend did find that many countries were now being positively galvanised by the emerging global culture in government cyber-defence.

“On the whole, political leaders are aware of the dangers of cybercrime and hacking but efforts are often restricted by the lack of resources dedicated to building cybersecurity capacity and shortage of specialized knowledge and expertise to implement technical policies,” said Trend’s researchers.

Link: http://news.techworld.com/security/3445748/cybercrime-booming-in-latin-america-caribbean-trend-finds/

Local and state government offices that may not see themselves as prime targets for theft of intellectual property or financial information can be used as the weak link to get at financial institutions, Ling said.

The business models of large anti-virus vendors such as Symantec and McAfee incorporate everyone who has a computer, because perimeter defense is an important aspect of protection and is mandated by many federal regulations, including the Health Insurance Portability and Accountability Act (HIPAA).

As with other vendors, FireEye’s starting point is that malware threats evolve so quickly that the traditional protection model is antiquated, explained Phillip Lin, director of product marketing.

“When we were working for McAfee, we investigated large breaches such as Aurora,” recalled Dmitri Alperovitch, a CrowdStrike co-founder and former vice president of threat research at McAfee.

Based in Orange County, Calif., CrowdStrike was founded in 2011 by George Kurtz, the former worldwide CTO of McAfee; Alperovitch; and Gregg Marston, who worked as chief financial officer of Foundstone Inc., a cybersecurity forensics firm that Kurtz sold to McAfee.

Mike Maxwell, director of Symantec’s state and local government organization, said anti-virus continues to be an important tool for containing and blocking malware, but other approaches are necessary to complement it. This makes it difficult for traditional ‘signature-only’ anti-virus approaches to keep up with these evolving threats,” he explained in an email response to questions from Government Technology. But it also builds a list of bad stuff such as the application is communicating with a known bad IP address or it is attempting to insert files in other common load points, such as the registry, removable storage or file system, so this may be suspicious activity that would be blocked, logged or alerted based on configured policy.

Yet Howard said he has seen real change during the past few years: More organizations are moving away from denying that they are under attack; instead they are trying to figure out how they can limit the damage.

Booz Allen Hamilton’s Ling said that although these new companies may be good at what they do, it’s difficult to create a business model around any one aspect of protection, and a chief information security officer may not want to create a mix-and-match solution, because then the risk is assumed by the decision-maker, not the solution provider.

Link: http://www.govtech.com/security/Cyber-Responders-Seek-New-Ways-to-Respond-to-Cyberattacks.html