CyberSecurity Institute

Highlighting the increasing speed of online attacks in research covering the last six months of virus activity, the vendor said the news was mostly grim. Authors of malware such as spam, viruses, phishing scams and spyware increased both the volume and sophistication of their assaults, releasing almost 8,000 new viruses in the first half of 2005 and increasingly teaming up in joint ventures to make money.

The new-virus figure is up 59 percent on the same period last year.

“With financial gain rather than notoriety becoming more of a motivation, spammers and virus writers have been drawn together with more traditional criminal elements,” said Sophos Australia and New Zealand senior technical consultant Sean Richmond.

While the usual virus culprits like Zafi-D, Netsky-P and Sober-N came under the spotlight, Sophos said growth in Trojan attacks — where malicious software allows a remote attacker to gain backdoor access to a PC — was perhaps the most significant development in the malware-creation field. “Sophos has seen a three-fold increase in the number of key-logging Trojans so far this year,” the company said. “Trojans are delivered to target organisations via e-mail attachments or links to Web sites. They are often used by remote hackers to steal priviledged information, and very often to launch further attacks.”

But Sophos made it clear the news wasn’t all bad. “Businesses in Australia and New Zealand mostly have it right when it comes to protecting their desktops, servers and gateways,” said Richmond. Richmond praised the Australian telecomms regulator for its recent move to press charges against Perth-based alleged spammer Wayne Mansfield. Mansfield is one of Australia’s most notorious Internet marketeers and stands accused of sending at least 56 million — mostly unsolicited — e-mails in the period after the Spam Act was enacted in April 2004.

Events further afield also caught Sophos’ attention, as it highlighted several recent prosecutions of virus and privacy-related Internet crime. One dealt with the impending trial of German teenager Sven Jaschan, who has admitted writing the Netsky and Sasser worms, while another involved the arrest of a Cypriot man who was spying on a 17-year-old girl via her own Webcam.

“Four United Kingdom phishers were also jailed this week,” said the company.

http://www.zdnet.com.au/news/security/0,2000061744,39200021,00.htm

The research, conducted by Protegrity, indicates that despite the emphasis these regulations place on data security, 41% of respondents said their companies are spending 10% or less of IT security budgets on data and database security and 87% of respondents believed that internal misuse of sensitive data was the biggest threat to their companies, based on current security solutions in place.

Rapkin pointed out that despite the publicized data thefts occurring during the spring and early summer, the level of investment in securing sensitive data remains very low.

http://www.ebcvg.com/articles.php?id=789

However, two thirds of firms, typically those with more experience of mobile devices, implement basic security policies including offering a limited choice of devices. Those with most advanced mobile usage deploy centralised software management that allows devices to be switched off remotely in case of loss or theft. The survey found very few firms with large-scale PDA deployment. “The vast majority of PDA use is in small pilots or limited numbers of users

The big issue now is whether firms move to a strategy of being device-agnostic to have more flexibility,” said Quocirca analyst Dale Vile. “There is a lot of loyalty to the BlackBerry but firms are realising that they probably need a bit more choice. There is also a growing desire to understand how to pull together different wireless technologies such as GPRS, wireless Lans and 3G.”

The biggest weakness in deploying laptops was seen as user vigilance, with loss and theft the greatest concern. Most companies indicated that well communicated security policies were key to reducing this risk. While firms that embark on PDA pilots mostly cite security and cost as key concerns, these issues give way to concerns over interoperability and compatibility as experience of wireless devices increases.

Cost and complexity of device management was a key concern for over 50 per cent of the respondents, and the survey found that this concern does not diminish with increased experience of the technology. The good news is that security fears diminished with greater experience, but increased PDA use upped the need for user support and training.

The survey, conducted on behalf of Orange, was based on 2,853 interviews with IT professionals.

http://www.vnunet.com/vnunet/news/2139186/pda-security-mobile

IBM’s monthly security report said that phishing jumped 226 percent in May over the previous month to record an all-time high that beat out the earlier record in January of this year.

The surge continued into and through June, said Redwood City, Calif.-based Postini in its own malicious code accounting, with phishing attacks climbing 71 percent over May’s numbers.

“Phishing attempts will continue to plague enterprise users for the foreseeable future,” opined Andrew Lochart, senior director of marketing at Postini, in a statement.

News of most other malware categories was almost as dismal. IBM, for instance, tallied a 33 increase during May in the number of e-mails carrying viruses or worms.

Spam remained flat at around 69 percent of all e-mail for May, said IBM, the third month in a row of little or no growth in junk mail.

http://www.techweb.com/wire/security/164904277