Online hackers are leaving surprising clues for cyber sleuths based on the time of their attacks — a trail suggesting the computer criminals are punching a clock for shift work. Chinese hackers, for instance, are on a Monday-Friday, 9 a.m. to 5 p.m. schedule, Beijing time, indicating they are likely…
Cyber crime hits most Canadian businesses
Sixty-nine percent of Canadian companies have reported some kind of cyber attack over the past year, indicating that cyber crime is fairly prevalent among Canadian businesses, according to a study released Wednesday.
The study, conducted by The International Cyber Security Protection Alliance, a non-profit organization comprising large national and multi-national companies, was based on 520 small, medium and large Canadian businesses.
About a quarter of those interviewed said that attacks had a considerable impact on their business both in terms of financial loss and reputational damage, with a total of more than 5 million Canadian dollars loss reported.
Large businesses are somewhat better prepared than medium and small ones, but still much remains to be done to prevent and deal with such attacks.
The help of external agencies to assist with cyber crime incidents was reported by 44 percent of affected organizations, with private agencies far more likely to be engaged than those from government.
The study reinforced the need for close collaboration between the public and private sector in fighting cyber crime through the pooling of knowledge and resources, it said.
Link: http://europe.chinadaily.com.cn/world/2013-05/09/content_16487561.htm
Hacking back: Digital revenge is sweet but risky
This law has undergone numerous revisions since it was first enacted in 1986, but Title 18, Sec. 1030 is clear on the point that using a computer to intrude upon or steal something from another computer is illegal. “There is no law that actually allows you to engage in an attack,” says Ray Aghaian, a partner with McKenna Long & Aldridge, and a former attorney with the Department of Justice’s Cyber & Intellectual Property Crimes Section.“
According to Ahlm, the companies tracking the bad guys collect vast amounts of data on Internet activity and can hone in on specific “actors” who engage in criminal activity. “Without touching or hacking the individual, they can tell you how trustworthy they are, where they are, what kind of systems they use,” says Ahlm.
While private companies cannot take offensive action with any such intelligence, they can use it defensively to thwart suspicious actors if they’re found to be sniffing around company data. “Based off your intelligence of who’s touching you,” says Ahlm, “you can selectively disconnect them or greatly slow them down from network access.”
In the grand scheme of fight-back tricks, this is one that causes relatively little harm but does a lot of good,” says Matthew Prince, co-founder and CEO. This company drew raves—as well as criticism—for creating a way to spam back at spammers, clogging their systems and preventing them from sending out more spam.
Hacking back can also have unintended consequences, such as damaging hijacked computers belonging to otherwise innocent individuals, while real criminals remain hidden several layers back on the Internet.
Link: http://www.pcworld.com/article/2038226/hacking-back-digital-revenge-is-sweet-but-risky.html
Information security can learn from physical security
Van der Merwe has headed the information security of the largest diamond company in the world, by value, since its information security team was established.
“Understand who you are dealing with,” said Van der Merwe, “because it is often much more complex than you realise.”
“If someone asks, ‘how much information am I losing really?’, this is a very hard question to answer,” explained Van der Merwe.
“If you have a really strong threat model, the people in your organisation may become a victim of it,” explained Van der Merwe. Know that people within your organisation could be targeted to become a pawn in the enemy’s game, he added.
“You have to be able to integrate all your teams when dealing with a strong targeted threat model,” said Van der Merwe.
“The only way to make sure all your systems are on standard is to have proper management systems in place that understand the objectives and are driven to reach them,” said Van der Merwe.
Link: http://www.itweb.co.za/index.php?option=com_content&view=article&id=63857
Sweet Password Security Strategy: Honeywords
“Sometimes administrators set up fake user accounts (“honeypot accounts”) so that an alarm can be raised when an adversary who has solved for a password for such an account by inverting a hash from a stolen password file then attempts to login,” they said.
Accordingly, they recommend adding multiple fake passwords to every user account and creating a system that allows only the valid password to work and that alerts administrators whenever someone attempts to use a honeyword. “This approach is not terribly deep, but it should be quite effective, as it puts the adversary at risk of being detected with every attempted login using a password obtained by brute-force solving a hashed password,” they said.
On the other hand, if numerous attempted logins are made using honeywords, or if honeyword login attempts are made to admin accounts, then it’s more likely that the password database has been stolen. But as numerous breaches continue to demonstrate, regardless of the security that businesses have put in place, they often fail to detect when users’ passwords have been compromised. But that approach is insecure, and password-security experts have long recommended that businesses use built-for-purpose password hashing algorithms such as bcrypt, scrypt or PBKDF2, which if properly implemented are much more resistant to brute-force attacks.
That’s why an early warning system such as the use of honeywords might buy breached businesses valuable time to expire passwords after a successful attack, before attackers have time to put the stolen information to use.
Stats confirm malware built at record rates
PandaLabs said trojans are particularly effective because of their ability to take advantage of vulnerabilities in commonly deployed third-party software, such as Java or Adobe, and be served through compromised websites.
“This attack method allows hackers to infect thousands of computers in just a few minutes with the same trojan or different ones, as attackers have the ability to change the trojan they use based on multiple parameters, such as the victim’s location, the operating system used, etc.,” according to PandaLabs.