What's happening: The House Ethics Committee announced that a document containing the names of more than two dozen members of Congress being investigated by the Committee—together with the status of the investigations—had surfaced on a part of the web known as "peer-to-peer."
What it means: The embarrassment to the Ethics Committee caused by the breach and the risk to the reputation of lawmakers resulting from it serve to illustrate the danger of peer-to-peer networks—used primarily for the illegal sharing of copyrighted material. Sensitive information can be all-too-easily sucked up into a peer-to-peer network becoming accessible to anyone on the same peer-to-peer. Cyber-criminals regularly troll peer-to-peer networks looking for sensitive information (like credit card numbers) that they can monetize. Peer-to-peer networks are very dangerous and serve no useful purpose in the business environment.
What to do: Management must outlaw peer-to-peer networks in the corporate environment and must make sure the network (including all remote computers) is regularly scanned for the presence of peer-to-peers. Users also need to be trained about the dangers of peer-to-peer networks and should be strongly discouraged from using them at home.
**********************************
New York Times: Ethics Inquiries Into Lawmakers Surface via Security Breach
WASHINGTON — The House ethics committee announced Thursday that it would begin full investigations into two House members ... but a security breach threatened to make public the names of many other members facing ethics inquiries.
http://www.nytimes.com/2009/10/30/us/politics/30ethics.html?_r=1&scp=5&sq=ethics%20committee&st=cse
Thursday, October 29, 2009
Wednesday, October 28, 2009
Facebook users attacked with phony password reset emails
What's happening: Facebook users are receiving emails saying their passwords have been reset and instructing them to open an attachment containing their new passwords.
What it means: Users opening the attachment risk having their computers taken over by cyber-criminals.
What to do: Make sure the IT Department is blocking these messages at the spam filter. Alert staff to disregard these emails, both at work and at home, should they get through spam filters. Consider replacing your anti-malware solution with an intrusion detection and prevention system..
**********************************
Computer World: Massive bot attack spoofs Facebook password messages. 'Bredolab' Trojan rides fake reset messages, reaches at least 735,000 users
A massive bot-based attack has been hitting Facebook users, with nearly three-quarters of a million users receiving fake password reset messages, according to security researchers.
http://www.computerworld.com/s/article/9140058/Massive_bot_attack_spoofs_Facebook_password_messages?source=CTWNLE_nlt_security_2009-10-29
What it means: Users opening the attachment risk having their computers taken over by cyber-criminals.
What to do: Make sure the IT Department is blocking these messages at the spam filter. Alert staff to disregard these emails, both at work and at home, should they get through spam filters. Consider replacing your anti-malware solution with an intrusion detection and prevention system..
**********************************
Computer World: Massive bot attack spoofs Facebook password messages. 'Bredolab' Trojan rides fake reset messages, reaches at least 735,000 users
A massive bot-based attack has been hitting Facebook users, with nearly three-quarters of a million users receiving fake password reset messages, according to security researchers.
http://www.computerworld.com/s/article/9140058/Massive_bot_attack_spoofs_Facebook_password_messages?source=CTWNLE_nlt_security_2009-10-29
Tuesday, October 27, 2009
New Study Continues to Show Internet Becoming Increasingly Dangerous as Malware Infections Rise Rapidly
What's happening: According to the latest statistics, the number of web sites hosting malware—either intentionally or inadvertantly—continues to rise at an alarming rate.
What it means: This latest report confirms what IBM said in their "Online Threat Report" of last August. (See our blog post: IBM Online Threat Report: Trust No One)
What to do: Management needs to make sure their information systems security management program is up-to-date, with the defense-in-depth required to deal with these new threats.
**********************************
cnet News: Elinor Mills: Web-based malware infections rise rapidly, stats show
The number of Web sites hosting malicious software, either intentionally or unwittingly, is rising rapidly, according to statistics to be released on Tuesday from Dasient. More than 640,000 Web sites and about 5.8 million pages are infected with malware, according to Dasient, which was founded by former Googlers to offer services to help Web sites stay malware-free and off blacklists. That figure for infected pages is nearly double what Microsoft estimated in a report in April. Meanwhile, the Google blacklist of malware infected sites has more than doubled in the last year, registering as many as 40,000 new sites in one week.
http://news.cnet.com/8301-27080_3-10383512-245.html
What it means: This latest report confirms what IBM said in their "Online Threat Report" of last August. (See our blog post: IBM Online Threat Report: Trust No One)
What to do: Management needs to make sure their information systems security management program is up-to-date, with the defense-in-depth required to deal with these new threats.
**********************************
cnet News: Elinor Mills: Web-based malware infections rise rapidly, stats show
The number of Web sites hosting malicious software, either intentionally or unwittingly, is rising rapidly, according to statistics to be released on Tuesday from Dasient. More than 640,000 Web sites and about 5.8 million pages are infected with malware, according to Dasient, which was founded by former Googlers to offer services to help Web sites stay malware-free and off blacklists. That figure for infected pages is nearly double what Microsoft estimated in a report in April. Meanwhile, the Google blacklist of malware infected sites has more than doubled in the last year, registering as many as 40,000 new sites in one week.
http://news.cnet.com/8301-27080_3-10383512-245.html
Monday, October 26, 2009
FBI Issues Warning to Business in Light of Increase in Online Bank Theft
What's happening: Online bank theft by cyber-criminals has risen to the point that the FBI has taken the unusual step of issueing a public warning. According to Steve Chabinsky, deputy assistant director of the FBI's Cyber Division, "We don't believe there's cause for a crisis of confidence in online banking, but we want to make sure we message this early before this becomes a much larger problem. Our concern is that these numbers will grow if we don't educate people now to take precautions."
What it means: Lest there be any doubt, the risk of online bank theft is real. And it's growing. And right-now, the cyber-criminals are winning.
What to do: Review your information systems security management program and improve as needed.
**********************************
From Brian Krebs; Washington Post: FBI: Cyber crooks stole $40M from U.S. small, mid-sized firms
Cyber criminals have stolen at least $40 million from small to mid-sized companies across America in a sophisticated but increasingly common form of online banking fraud, the FBI said this week.
http://voices.washingtonpost.com/securityfix/2009/10/fbi_cyber_gangs_stole_40mi.html
What it means: Lest there be any doubt, the risk of online bank theft is real. And it's growing. And right-now, the cyber-criminals are winning.
What to do: Review your information systems security management program and improve as needed.
**********************************
From Brian Krebs; Washington Post: FBI: Cyber crooks stole $40M from U.S. small, mid-sized firms
Cyber criminals have stolen at least $40 million from small to mid-sized companies across America in a sophisticated but increasingly common form of online banking fraud, the FBI said this week.
http://voices.washingtonpost.com/securityfix/2009/10/fbi_cyber_gangs_stole_40mi.html
Thursday, October 22, 2009
Citadel's Stan Stahl Talks About Cyber-Crime with Cindy Rakowitz
Listen to the interview at our web-site: www.citadel-information.com.
Wednesday, October 14, 2009
Adobe closes 29 vulnerabilities in Reader and Acrobat
What's happening: Adobe has closed the vulnerabilities announced on our Blog Post of Oct 9.
What it means: Once these patches are installed, computers will no longer be vulnerable to them.
What to do: Have IT staff install all patches in the corporate environment. Instruct staff to install the patches on home PCs .
**********************************
Information Week: Adobe Fixes 29 Flaws In Acrobat And Reader
Adobe released a fix for 29 vulnerabilities in its Acrobat and Acrobat Reader software, warning that the vulnerabilities could be exploited to cause crashes and to take control of the user's computer.
Adobe rates the update as "crtical" and warns that one of the vulnerabilities (CVE-2009-3459) is actively being exploited.
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=220600883
What it means: Once these patches are installed, computers will no longer be vulnerable to them.
What to do: Have IT staff install all patches in the corporate environment. Instruct staff to install the patches on home PCs .
**********************************
Information Week: Adobe Fixes 29 Flaws In Acrobat And Reader
Adobe released a fix for 29 vulnerabilities in its Acrobat and Acrobat Reader software, warning that the vulnerabilities could be exploited to cause crashes and to take control of the user's computer.
Adobe rates the update as "crtical" and warns that one of the vulnerabilities (CVE-2009-3459) is actively being exploited.
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=220600883
Tuesday, October 13, 2009
Microsoft Plugs 34 Security Holes in Record-Setting "Patch Tuesday"
What's happening: Microsoft has released a record number of patches to address a host of Windows vulnerabilities.
What it means: These patches close 34 'security holes' through which cyber-criminals could gain access to computers running Windows.
What to do: Have IT staff install all patches in the corporate environment. Instruct staff to install the patches on home PCs .
**********************************
From Brian Krebs; Washington Post: Microsoft Issues Record Number of Security Updates
Microsoft Corp. on Tuesday issued an unprecedented number of updates to fix security problems in PCs powered by its Windows operating systems and other software: The software giant released patches to plug at least 34 security holes, the highest number of vulnerabilities it has ever addressed in a single month.
http://voices.washingtonpost.com/securityfix/2009/10/microsoft_releases_record_numb.html
What it means: These patches close 34 'security holes' through which cyber-criminals could gain access to computers running Windows.
What to do: Have IT staff install all patches in the corporate environment. Instruct staff to install the patches on home PCs .
**********************************
From Brian Krebs; Washington Post: Microsoft Issues Record Number of Security Updates
Microsoft Corp. on Tuesday issued an unprecedented number of updates to fix security problems in PCs powered by its Windows operating systems and other software: The software giant released patches to plug at least 34 security holes, the highest number of vulnerabilities it has ever addressed in a single month.
http://voices.washingtonpost.com/securityfix/2009/10/microsoft_releases_record_numb.html
Friday, October 9, 2009
Zero-Day Attacks Exploit Reader, Acrobat Vulnerabilities
What's happening: Adobe has issued an alert that cyber-criminals are exploiting several vulnerabilities in their Reader and Acrobat programs for which Adobe does not yet have patches.
What it means: Until these vulnerabilities are patched, users of Acrobat & Reader are at-risk of having cyber-criminals take control of their computers.
What to do: Inform staff to be wary of opening unexpected PDFs sent sent via email or PDFs downloaded from the internet. Alert IT staff to be prepared to install patches when they become available. Consider replacing your current anti-malware solution with a host intrusion prevention solution.
**********************************
From Brian Krebs; Washington Post: Adobe Warns of Critical Threat to Reader, Acrobat Users
Adobe Systems Inc. late Thursday issued an alert saying that hackers are exploiting a newly-discovered vulnerability in its free PDF Reader and Acrobat products to break into Microsoft Windows systems.
http://voices.washingtonpost.com/securityfix/2009/10/adobe_warns_of_critical_threat.html
What it means: Until these vulnerabilities are patched, users of Acrobat & Reader are at-risk of having cyber-criminals take control of their computers.
What to do: Inform staff to be wary of opening unexpected PDFs sent sent via email or PDFs downloaded from the internet. Alert IT staff to be prepared to install patches when they become available. Consider replacing your current anti-malware solution with a host intrusion prevention solution.
**********************************
From Brian Krebs; Washington Post: Adobe Warns of Critical Threat to Reader, Acrobat Users
Adobe Systems Inc. late Thursday issued an alert saying that hackers are exploiting a newly-discovered vulnerability in its free PDF Reader and Acrobat products to break into Microsoft Windows systems.
http://voices.washingtonpost.com/securityfix/2009/10/adobe_warns_of_critical_threat.html
Thursday, October 1, 2009
Protecting Your Business from Social Networking Attacks
Sally, the accounting manager of Acme Enterprises, a medium-sized business, regularly checked her Facebook account while at work. One day she received an email. The email said that a long-lost friend, Bob, had added her as a friend in Facebook. There was a link in the email for Sally to follow to confirm the friend request. Sally clicked the link. Over the next week, cyber-thieves withdrew nearly $1,000,000 from her employers' bank account.
Welcome to the newest nastiest twist in cybercrime.
You see, the email wasn't from Bob and the link didn't go back to Facebook. Bob's on Facebook just like Sally is. That's how the cyber-thieves found them and discovered that they might know each other. That's also where they learned that Sally worked in the accounting department.
After that it was a simple matter to set the trap by sending Sally a friend request from Bob. "How great," thought Sally, "an email from Bob. Let me just follow this link and we can be friends again."
Link followed. Trojan horse installed. $1,000,000 stolen.
According to Breach Security, the number of web security incidents was up 30 percent in the first half of 2009. And social networking sites like Facebook, MySpace and Twitter were the target of 19% of all attacks, more than any other category. That's a big change from last year's report when government networks were the most often attacked and social networks weren't even on the list.
Making matters worse, many of these attacks succeed by taking advantage of missing patches and using obscure technology like "0-day exploits" that get past traditional antivirus and antispyware defenses.
As if that's not bad enough, businesses shouldn't expect their banks to cover losses. Regulation E of the Federal Deposit Insurance Corporation (FDIC) stipulates consumers are protected by cyber crime involving their banks. The FDIC regulation does not cover businesses, however.
Here are five things you can do to inoculate your business against social network attacks:
Thanks to our friends at Lighthouse Consulting who were kind enough to publish this in their newsletter.
Welcome to the newest nastiest twist in cybercrime.
You see, the email wasn't from Bob and the link didn't go back to Facebook. Bob's on Facebook just like Sally is. That's how the cyber-thieves found them and discovered that they might know each other. That's also where they learned that Sally worked in the accounting department.
After that it was a simple matter to set the trap by sending Sally a friend request from Bob. "How great," thought Sally, "an email from Bob. Let me just follow this link and we can be friends again."
Link followed. Trojan horse installed. $1,000,000 stolen.
According to Breach Security, the number of web security incidents was up 30 percent in the first half of 2009. And social networking sites like Facebook, MySpace and Twitter were the target of 19% of all attacks, more than any other category. That's a big change from last year's report when government networks were the most often attacked and social networks weren't even on the list.
Making matters worse, many of these attacks succeed by taking advantage of missing patches and using obscure technology like "0-day exploits" that get past traditional antivirus and antispyware defenses.
As if that's not bad enough, businesses shouldn't expect their banks to cover losses. Regulation E of the Federal Deposit Insurance Corporation (FDIC) stipulates consumers are protected by cyber crime involving their banks. The FDIC regulation does not cover businesses, however.
Here are five things you can do to inoculate your business against social network attacks:
- Prohibit use of social network sites from the office. These sites can be blocked at the corporate firewall. This can become particularly challenging if employees work remotely as it may not be feasible to block access to social networks from home computers. Making matters worse, Trojan horses are like communicable diseases and Sally's work-at-home computer can be infected from her son's. That's why the next four recommendations are so important.
- In addition to antivirus / antispyware defenses, add advanced defenses like intrusion detection and prevention designed to block internet-based attacks like the link in Sally's email and 0-day exploits.
- Your IT staff can block known internet-based attacks by comparing links against a database of known bad links like www.stopbadware.org/home/reportsearch.
- Keep your systems patched. This means not just Windows patching but all your applications, those you know about - like Office and Adobe Reader - and those you might not even know about - like Flash and Java. This also includes your Macintosh computers as they are every-bit as vulnerability-prone as Windows PCs.
- Finally, don't expect to rely on technology alone. Users are often the weakest link so it's very important to train them to detect the subtle signs of an attack so they can keep from becoming victims. They also need to be given guidance on what information is safe to put on a social networking site. Sally put a big bulls-eye on her back when she wrote that she works in Acme's accounting department.
Thanks to our friends at Lighthouse Consulting who were kind enough to publish this in their newsletter.
Subscribe to:
Posts (Atom)