Users from Vietnam, India, China, Taiwan and possibly other countries, were targeted as part of an attack campaign that uses Microsoft Word documents rigged with exploits in order to install a backdoor program that allows attackers to steal information, according to researchers from security firm Rapid7. One of the malicious…
Survey shows 79% of businesses experienced a mobile security incident in past year
Mobile security incidents common and costly for large & small firms – 52% of large businesses report mobile security incidents have cost more than $500,000 in the past year, in staff time, legal fees, fines and remediation.
Android has the greatest perceived security risks – Android was cited by 49% of businesses as the platform with greatest perceived security risk (up from 30% last year), compared to Apple, Windows Mobile, and Blackberry.
Lost data is the biggest concern in mobile security incidents – 94% of respondents said lost information was their biggest concern in a mobile security incident; just 10% expressed concern over a compliance violation or fine.
Tomer Teller, security evangelist and researcher at Check Point Software Technologies, said: “Without question, the explosion of BYOD, mobile apps, and cloud services, has created a herculean task to protect corporate information for businesses both large and small.
RSA’s Art Coviello points to Big Data approach to combat cyber security challenges
An intelligence-driven security model, on the other hand, leverages Big Data analytics for pervasive monitoring, threat information sharing and intelligent controls and is designed to allow for more rapid detection of attacks and shortening an attacker’s dwell time within a breached enterprise. He said, “The ongoing expansion of the attack surface and the escalation in the threat environment require urgent action, there must be a sense of urgency to understand the security implications in everything we do so that we develop and implement the right security model.”
Create a transformational security strategy – Practitioners must look critically at their budgets and design a plan that transitions the existing infrastructure to an intelligence-driven approach that incorporate Big Data capabilities.
He went on to explain government’s key role of acting as a central repository to exchange pertinent security information about current threats and attacks as well as to set the tone for cooperation internationally.
The security vendors were called upon to help close the technology and skills gap for defending against attacks that has been created as a result of the growing attack surface and the escalating threat environment.
In closing he offered that these approaches can help enable the industry to manage cyber security risk to acceptable levels so that all societies around the world can reap the benefits and meet the goal of a more trusted digital world.
Targeted attacks on the rise
One significant element behind this growth in North America was the return of ‘pump and dump’ spam campaigns, which targeted would-be investors hoping to capitalise on all-time equity market highs.
Each quarter, the McAfee Labs team of more than 500 multidisciplinary researchers in 30 countries monitors the global threat landscape, identifying application vulnerabilities, analysing and correlating risks, and enabling instant remediation to protect enterprises and the public.
Koobface, a worm first discovered in 2008, had been relatively flat for the last year yet it tripled in the first quarter of 2013 to levels never previously seen.
McAfee’s latest analysis of the Citadel Trojan found that criminals have re-purposed the bank account threat to steal personal information from narrowly targeted victims within organisations beyond financial services.
New PC malware samples increased 28 percent, adding 14 million new samples to McAfee’s malware “zoo” of more than 120 million unique malware threats.
Link: http://networking.cbronline.com/news/targeted-attacks-on-the-rise
Understanding Risk in Real-Time: Where Will Your Next Breach Come From?
This is where predictive analytics come in — the same technology that an online retailer might use to better target product offers to customers based on recent buying behavior, for example. Consider a salesperson that might have the right to download an entire customer database, but if he does it at 2 a.m. on a Sunday morning from his home office, this might raise a few questions. By identifying patterns or anomalies from “normal” — and serving them up in graphical profiles — security staff have a never before seen, real-time view into potential risk.
Here’s the key point: with this new approach, risk is assessed from live data, not anticipated scenarios that have been coded into the system, alerting security staff to actions already defined as “bad.” Real-time, predictive analytics lets companies truly understand where their greatest risks lie by harnessing existing company data to sound alarms before a loss – when the risk around an individual or resource spikes.
By having a way to analyze risk associated with user access on a continuous basis, companies can truly understands who someone is, what they should access, what they are doing with that access and what patterns of behavior might represent threats. With this insight, companies will also have a better understanding of where their next breach could take place, and whether that threat is internal or external.
91% of targeted attacks start with spear-phishing email
Threats are not new and IT departments have already seen various kinds of advanced persistent threats (APTs) or malware-based espionage attacks that have been around for years. Trend Micro has not determined the total number of victims in the campaign but apparently, about 12,000 unique IP addresses spread over more than 100 countries were connected to two sets of command-and-control (C&C) infrastructures related to this threat and the average number of actual victims was counted at 71 per day.
As this threat identified by Trend Micro has the potential to affect people all across the world, enterprises should focus on detecting and mitigating attacks and leverage core components of a defence strategy as presented by the report.
Enterprises should also empower human analysts and also leverage technologies available today to gain visibility, insight, and control over networks to defend against targeted threats.
Once an attack is identified, the cleanup strategy should focus on determining the attack vector and cut off communications with the command-and-control (C&C) server.