CyberSecurity Institute

Cyber espionage designed to steal intellectual property is also on the rise, with the small to medium sized enterprises (SME) the most vulnerable because of smaller amounts spent on internet security, according to the report. Their motivations are financial and political in some aspects,” said Johnny Karam, the managing director of Symantec for the Middle East and North Africa.

Last year Symantec discovered 1.6 new malicious software (malware) variants every day, one in 532 websites were infected with malware and the company blocked 250,000 web attacks each day, of which about 65 per cent were handled automatically.

The “watering hole” strategy, by which hackers wait for their targets to come to a website they have infected, is becoming more sophisticated.

Most recently, the Associated Press Twitter account was hacked into, with a false tweet posted stating that the US president Barack Obama had been injured in explosions at the White House.

“Mobile is an area where attacks are growing, spam remains as one of the key methods of attacks, as well as web pages and financial sector phishing”.

Link: http://www.cyberwarzone.com/saudi-arabia-top-target-cyber-attacks

The DHS alert is in response to chest-thumping declarations from anonymous hackers who have promised to team up and launch a volley of online attacks against a range of U.S. targets beginning May 7.

But Rodney Joffe, senior vice president at Sterling, Va. based security and intelligence firm Neustar, said all bets are off if the campaign is joined by the likes of the Izz ad-Din al-Qassam Cyber Fighters, a hacker group that has been disrupting consumer-facing Web sites for U.S. financial institutions since last fall.  Joffe said it’s easy to dismiss a hacker manifesto full of swear words and leetspeak as the ramblings of script kiddies and impressionable, wannabe hackers who are just begging for attention.  “The damage they’re capable of doing may be out of proportion with their skills, but that’s been going on for seven months and it’s been brutally damaging.”

What’s more, the DHS warning comes just days after the FBI issued a flash alert on Brobot (PDF) warning that hackers have been modifying the attack scripts to ensure they can evade their targets’ mitigation efforts. “Because the attacks have been ongoing for seven months, the actors are changing their attack methodology to circumvent mitigation efforts of the financial institutions,” reads an FBI alert obtained by BankInfoSecurity.com. “The latest version of the ‘Brobot’ attack scripts that have been utilized to attack the login capabilities of a financial institution’s website spoofs a fraudulent access cookie, user-agent string and referrer. The FBI alert notes that the hard-coded string does not affect the new attack script, but can be used as signatures for intrusion detection and intrusion prevention devices to detect and block attacks from the Brobot botnet.

Link: http://m.krebsonsecurity.com/2013/05/dhs-opusa-may-be-more-bark-than-bite/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29