Tag Archives: McAfee

Updates on Cyber Security

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance solutions, helping the world’s leading organizations succeed by solving their most complex and sensitive security challenges. Every year RSA host a conference for the security industry, presenting the latest research, findings, treats and challenges of the internet. Here’s a collection of this years headlines, as they were published during the conference in San Fransisco last week.

“Attackers are using malware samples that researchers have never seen before — and will never see again — to successfully steal data from unsuspecting organizations, governments and individuals.”

RSA, The Security Division of EMC



RSA fraud prevention solutions reduce the risk of fraud and identity theft by assuring user identities, monitoring for high-risk activities and mitigating the damage caused by external threats such as phishing, pharming, Trojans and other cyber threats. The key words of 2011 is “cloud computing;” “phishing,” “smart grids” and “espionage.”

The Top Story:

Cloud computing contracts: tread carefully

RSA panel offers advice on legal considerations for organizations entering cloud service provider contracts.

FULL STORY

Collaboration crucial for fighting phishing techniques
Phishing’s not going away any time soon, but clear communication and cooperation between organizations sending emails to their customers and the web mail providers that filter those emails can help cut down on the number of phishing attempts that hit in boxes, said a panel at RSA Conference 2011.

McAfee-Wind River partnership to foster mobile, embedded system security
The deal will put McAfee’s ePolicy Orchestrator agent inside Wind River’s embedded operating systems, enabling enterprises to boost embedded system security to non-traditional endpoints.

RSA attendees skeptical about cloud service provider security
Attendees at the RSA Conference 2011 said cloud computing is good for certain business applications, but they’re leery of putting sensitive applications, such as those used in health care or education, in the cloud.

Smart grid security issues hinge on infosec, operator teamwork
Bridging the chasm between information security and utility infrastructure teams is the only way to solve smart grid security issues. Fortunately, NERC CIP compliance is forcing change.

Cloud computing compliance: Visibility key
Transparency is essential for security and compliance when working with cloud services providers, RSA panelists say.

APT detection, prevention are hard, but possible
A panel at RSA 2011 explains the organization and methodology behind targeted persistent attacks and what organizations can do to detect and respond to APT.

Unique attacks highlight Internet espionage trends
Attackers are using malware samples that researchers have never seen before — and will never see again — to successfully steal data from unsuspecting organizations, governments and individuals.

Survey reveals skills needed in IT security pros
A survey by certification firm (ISC)2 found a need for IT security professionals to improve application development processes and expertise to weigh cloud computing risks.

RSA panel debates cyberwar definition, realities
At RSA Conference 2011, a panel of experts, including Bruce Schneier and former DHS secretary Michael Chertoff, discussed cyberwar, espionage and how the ground rules for handling such conflicts will be decided.

Move to IPv6 could help spambots churn out more spam, malware says botnet expert
Antispam measures that rely on IP blacklisting could be less effective if Internet Service Providers take the wrong approach to IPv6, said prominent malware expert Joe Stewart.

RSA 2011: Schmidt-led Town Hall confronts public-private cooperation – again
At RSA Conference 2011, a Town Hall-style meeting of government cybersecurity officials, pressed for continued public-private sector cooperation.

Kaminsky, DNSSEC deployments experts say protocol will boost security
Network security expert Dan Kaminsky touts the security improvements DNSSEC provides, but admits that it will take time for businesses and consumers to reap the benefits.

Signature-based antivirus dying, but bigger problems loom
While security pros should be concerned with the decreasing efficacy of signature-based antivirus, employee threats should warrant increasing attention.

Cloud computing contracts: Tread carefully
RSA panel offers advice on legal considerations for organizations entering cloud service provider contracts.

Microsoft security chief stumps for Internet health check system
Microsoft Vice President of Trustworthy Computing Scott Charney at the RSA Conference 2011 discussed Collective Defense, Microsoft’s proposed Internet health check system for consumer computers, and how it should be implemented not by governments and ISPs, but by enterprises.

Focus on people, not technology, cryptographer says
A prominent encryption expert at the annual cryptographer’s panel at RSA Conference 2011 said poorly implemented encryption deployments are being stymied by employee errors.

Software fraud, phony electronic parts pose serious security risks, expert says
A supply chain management expert studying ways companies can crack down on cheaply made imitation parts and software is urging software makers and manufacturers of electronic devices to develop better technologies to weed out fraudulent items.

White House CIO talks up cloud computing strategy
White House chief information officer (CIO) Vivek Kundra on Monday outlined the U.S. government’s strategy for cloud computing, a shift he said is critical in order to cut costs and improve efficiency.

Better methods needed to discover network configuration flaws
Examining firewall logs is not enough and most common network penetration tests often miss network misconfiguration issues, leaving sensitive information vulnerable to outside attackers, said a prominent network security expert.

Symantec turns to reputation security to bolster malware signatures
Symantec Corp. is adding new reputation scoring technology to its enterprise endpoint protection suite in a move security experts and analysts say will force its competitors to react by bolstering similar technologies.

Emerging theme at RSA Conference 2011 may be ‘mostly cloudy’
For the last several years, security experts and vendors at the RSA Conference have explained the risks associated with the use of cloud-based services. Far fewer have identified specific ways to protect data in the cloud. That may change at RSA Conference 2011..

Cloud computing security summit draws growing crowd
Cloud Security Alliance event expands to accommodate growing interest.

IT security career experts to dish out practical advice at RSA Conference 2011
Information security growth is fueling fierce competition among job applicants, according to Lee Kushner and Mike Murray, IT security career experts who follow the industry closely. Both career experts will be participating in an information security career development session at the RSA Conference 2011.

Security B-Sides brings its buzz back to San Francisco and RSA Conference
Security B-Sides isn’t just for big conference rejects any more. This little-conference-that-could has grown up and become a force on the information security speaking scene. Its latest incarnation springs up Monday, a day ahead of the official start of RSA Conference 2011, around the corner from the giant Moscone Center, home to the security industry’s biggest annual event.

Source: SearchSecurity.com


Related by the Econotwist’s:

2 Comments

Filed under 1

Online Banking Malware Has Surfaced

After several months f speculations, it is now finally confirmed that a new combination of a two pieces of advanced online banking malware has stated to spread. What appears to be a beta version of a malware-piece that has bits of both the Zeus virus and the SpyEye virus is now in circulation, albeit just among a few people, according to CTO and co-founder of  Seculert, Aviv Raff.

“It seems to be still under development, with bug fixes released almost daily.”

Aviv Raff

Seculert has published screen shots of the new malware, which has two versions of a control panel used for managing infected computers. One of those control panels resembles one in Zeus, and the other resembles that in SpyEye. Both of the control panels are connected to the same back-end command-and-control server, Raff says.

The reason for the dual control panels is “because many of the criminals are used to the look-and-feel of the Zeus administration panel and will find it easier to migrate to the new version.”

PC World writes on their website that for some time, vendors including Trend Micro and McAfee as well as security writer Brian Krebs, have written about rumors that the Russian hacker who wrote Zeus was getting out of the business.

The source code for Zeus was rumored to have been transferred to the creator of SpyEye, and it was anticipated that the two pieces of malware would be combined.

“That evidence has just emerged now,” Raff says.

More Trouble for Banks

The pretty well known Zeus virus/trojan/malware, that is tailored to evade security software, grab online banking credentials and execute transactions on the fly, has so fa been more than annoying.

Zeus has been used by several highly organized criminal rings to transfer money out of victims’ accounts.

Last year, dozens of people were arrested in the US and UK and accused of being money mules for the gangs, PC World reports.

The new malware also has at least a couple of new features.

One of those is designed to defeat Rapport, a browser add-on from the security vendor Trusteer that intends to protect connections between a client and a bank server and resist man-in-the-middle attacks.

“Previously, the anti-Rapport feature was a separate module for Zeus, but now it has been baked in,” Raff says.

The malware writers have also added a way to remotely connect to a victim’s computer using the Remote Desktop Protocol, a Microsoft protocol that allows a remote user to access a computer using the normal Windows graphical interface rather than a command line.

So far,  it appears that only a few cyber-criminals are using the new version.

He declined to say how Sec.

ulert obtained the malware or how much it might be selling for on the malware market.

“It seems to be still under development, with bug fixes released almost daily,” Raff says.

Just don’t tell me you’re surprised….

Blogger Templates

 

Related by the Econotwist’s:

11 Comments

Filed under Laws and Regulations, Technology

Internet Nuke Bomb Ready To Blow (Update)

The Econotwist’s have been warning about this since last summer when the mysterious Stuxnet worm was discovered at several critical energy and water supply facilities around the world. However, research by Symantec have later reveled that 60% of the infections are found inside Iranian borders. The threat from cyber space has risen to the top of the list over potential global risks in 2011, alongside pandemic diseases and terrorism. The internet, once seen as the solution to all of mans problems, have instead become one of the most severe threats to all of us.

“The primary involvement of states in cyber security, as both protagonists and principal targets, fundamentally changes the nature of the risk.”

Eurasia Group


By the end of 2010 McAfee Security counted 60.000 new pieces of malicious software being released on the internet every day, the hacker attacks on Java platforms (used in practically every security system, including online banks and the Pentagon) rose by 1.200% last year, and for the first time ever the value of theft of digital assets exceeded the theft of physical assets. And for Stuxnet; that’s only the beginning.

More than 100 foreign intelligence organizations are trying to break into US networks, Deputy Defense Secretary William Lynn wrote in the September/October issue of the journal Foreign Affairs. Some already have the capacity to disrupt U.S. information infrastructure, he says.

The US government’s main code-making and code-cracking agency now works on the assumption that foes may have pierced even the most sensitive national security computer networks under its guard, Reuters reports.

“There’s no such thing as ‘secure’ any more,” Debora Plunkett of the National Security Agency said last month, amid US anger and embarrassment over disclosure of sensitive diplomatic cables by the web site WikiLeaks.

“The most sophisticated adversaries are going to go unnoticed on our networks,” she said.

Plunkett heads the NSA’s Information Assurance Directorate, which is responsible for protecting national security information and networks from the foxhole to the White House.

“We have to build our systems on the assumption that adversaries will get in,” she told a cyber security forum sponsored by the Atlantic and Government Executive media organizations.

The United States can’t put its trust “in different components of the system that might have already been violated,” Plunkett added in a rare public airing of NSA’s view on the issue.

“We have to, again, assume that all the components of our system are not safe, and make sure we’re adjusting accordingly.”

The NSA must constantly fine tune its approach, she said, adding that there was no such thing as a “static state of security.”


And the US is not the only nation struggling to keep its sensitive data safe.

According to Iain Lobban, head of GCHQ, the UK’s core infrastructure is under constant attack. He says thousands of targeted emails are hitting the systems every month, planting worms that cause “significant disruptions.”

Mr. Lobban’s claims are supported in a national security report, naming cyber attacks as a top threat to the UK, alongside pandemic diseases and terrorism, according to the PC Pro Magazine.

A Global Threat

“Cyberspace is contested every day, every hour, every minute and every second,” the British security expert says.

The international risk analysis company Eurasia Group put cyber security at number 3 amongst the top 10 risks of 2011.

“For the past decade, increasingly technologically capable hackers and organized crime organizations have elevated cyber security as a business risk, but not as a political risk. The centralization of data networks, both in energy distribution (the move to the smart grid) and information technology more broadly (the shift to cloud computing) are now metastasizing the cyber risk, and governments are becoming more directly and actively involved in playing both offense and defense in cyberspace. The primary involvement of states in cyber security, as both protagonists and principal targets, fundamentally changes the nature of the risk. The new roles of governments and their antagonists bring geopolitics and cyber security together in three different ways,” Eurasia writes.

(Link to full report below).

Java Systems Under Heavy Fire

One of the main components in practically every security system today is the Java platform, produced by Oracle.

So it’s no wonder that attacks on the Java system increased by more than thousand percent in 2010.

“The number of attacks against flaws in Java has jumped by 1.000% – even outstripping attacks against vulnerabilities in Adobe PDF’s,” Microsoft says.

The attacks against Java code – not the Java script – rose from 500.000 at the beginning of last year to about 6 million in the last quarter of 2010.

Even if Oracle have manged to patch the vulnerabilities in Java, the have the same problem as Adobe – people forget to update their software.

And on top of that; Java is a piece of software that’s used in almost everything, it runs in the background, making more visible components work, PC Pro Magazine points out.

“How do you know if you have Java installed, or if it is running?” researcher at Microsoft Malware Protection, Holly Stewart rightfully asks.

(If you want to know more about Java, click the link below.)

1 in 3 Companies Exposed To Data Theft

According to the latest issue of Kroll Annual Global Fraud Report, suggest that the theft of digital assets has overtaken that of physical stock for the first time ever in 2010.

A Survey, conducted in cooperation with the Economist Intelligence Unit, indicates that the numbers of companies reporting theft of information has risen sharply – from 18% to 27,3% – in 2010.

“There’s a growing awareness among thieves of the intrinsic value of intellectual property,” Kroll vice president, Robert Brenner explains.

The survey also suggest that 88% of the  participating companies had been victim of some kind of fraud over the past year, nearly half of them are now fearful of expanding globally because of the cyber threat.

The experts emphasize that the numbers probably not are 100% accurate.

However, the message is pretty clear.

(Download the report below)

The Most Scary Thing

I guess most of you have heard about the Stuxnet worm/virus/malware in the news by now, and are familiar with the speculations that the extremely sophisticated malware might be some kind of cyber weapon, developed by government related scientists somewhere.

I sounds like a plot in James Bond movie – but the truth might be even more vicious.

Davey Winder

According to experts is not unlikely to be a prototype of the first ever cyber-weapon-of-mass-destruction.

Davey Winder, award-winning journalist, business consultant and security expert, explains:

“So what do we know about Stuxnet and the SCADA (Supervisory Control and Data Acquisition) systems?  Well, we know that Stuxnet is designed to be disseminated via USB sticks, and that it was developed to exploit specific zero-day vulnerabilities in the Windows operating system. To expand on that a little, Stuxnet actually exploits no fewer than four zero-day Windows vulnerabilities, a statement that alone should set the hair on the back of any security analyst’s neck prickling. Zero-day vulnerabilities are extremely valuable to the shady world of both hackers – where a zero-day is a kudos-generating device – and to criminals where zero-day equals pay-day. It’s relatively rare to see a single exploit being used in a piece of malware, and totally unheard of to see four expended in such a way.”

“Ask yourself, why would anyone waste three highly valuable zero-day exploits in a single piece of code when one would most likely do the job? Security experts recognize that this isn’t the modus operandi of the average hacker, nor the average criminal,” Winder writes in a recent article.

Personally, I believe that Stuxnet 2.0 is already out there – it just hasn’t been discovered yet.

The Internet Nuke Bomb

According to trend analyst, Gerald Celente, CEO and founder of Trends Research Institute, will cyber wars cause stir and come to fore in 2011.

And. as Eurasia, he is concerned about the government’s involvement.

.

Here are some of the other highlights in Mr. Celente’s predictions for the year to come:

  • Every citizen in 2011 will realize that we are in the “greatest depression”
  • In 2011, the game’s gonna run out
  • Digital money, not worth the paper it’s not printed on
  • The youth of the world has mountains of debt to climb, and no way to get to the top
  • The greatest fear that governments have is freedom of speech
  • Your growth industries are the gangs
  • Crackdown on crime will lead to crackdown on liberties
  • Drones flying over your city looking in windows
  • The more government loses control, the harder they crack down

You may not take all of Gerald Celente’s forecasts equally serious, but many of the situations he describes is. in fact, common human behavior, observed in times of crisis since the collapse of the Roman empire thousands of years ago and up to our time.

At the latest count by McAfee Security Lab, about 60.000 pieces of malicious software is released on the internet every day.

And here’s how the last six months of 2010 looked like from the security software producer Kaspersky‘s point of view:

.


Perhaps it’s time to upgrade?

 

Blogger Templates

Related by The Swapper:

Reports and Research:

.

4 Comments

Filed under International Econnomic Politics, National Economic Politics, Technology, Uncategorized