Computer Security Updates Week 4 of Mar 2013

Refer to Computer Security Updates Week 3 of Mar 2013; in which the biggest news was the conclusion by National Intelligence Agency of U.S that cyber security threat is the no.1 threat for U.S.

The chief objective of these computer security weekly updates is to really to find out just how real are cyber security threats out there ? - where are the threats ?

And it is interesting that I was talking someone from the industry last week and I was informed that there were incidents but yet were not reported - they were covered up. Fair enough, but that still doesn't settle for what we are researching for. Also pay attention to Deloitte who reported that 17% of organizations are not confident that their cyber security infrastructures can detect a threat.
While it is acceptable to say that one needs to lock the doors if you have a house - you got to buy some locks. To take it from here, threats are real because:
  • Cyber security incidents happened but were not reported and hence since we don't know about it, it is real.
  • Cyber security incidents were not detected but happened - it is real.

For this week, here are the biggest news - they are very interesting!
  • Sophos reported that IT admin pleads guilty to hacking into and spying on New Jersey mayor's email.
  • Reuters reported that cyber-attacks on South Korea's banks and broadcasters appear to arise from internally.
  • Kaspersky Lab: Only 2 out of 5 organizations use truly effective technologies.
  • Check Point introduces integrated real-time compliance monitoring solution.
  • Reuters reported that Hacker "Guccifer" leaks emails from noted venture capitalist. 
  • CloudFlare helped overcome Spamhaus DDoS attack.
  • Sophos reported that researcher uses botnet to map internet.
  • Symantec reported that Blackhole Exploit Kit takes advantage of Cypriot financial crisis.
  • Symantec discovered Android.Uracto; the Android malware which peeps and spams victim’s contacts.
  • Reuters reported that U.S. computer hacker gets 3-1/2 years for stealing iPad user data.
  • Reuters journalist who allegedly conspired with Anonymous hackers is suspended but will continue with payroll.
  • Sophos reported that cyber security blogger Brian Krebs' website was DDOSed.
  • Palo Alto Networks research reveals that 97% of threats came from organizations internally.

Everybody should pay attention to these computer security weekly updates.

Sophos, Mar 22, 2013 - IT admin pleads guilty to hacking into and spying on New Jersey mayor's email

The former IT administrator for the US city of Hoboken, New Jersey, pleaded guilty on Tuesday to hacking into email accounts to spy on the mayor and other staff.

Patrick Ricciardi, 46, formerly the chief IT officer for the office of Mayor Dawn Zimmer, was charged on three counts, according to court documents.

Get more details.

Reuters, Mar 22, 2013 - Cyber-attack on South Korea may not have come from China after all: regulator

Reuters reported that hackers on Wednesday (20-Mar-2013) brought down the networks of three broadcasters and two banks, initially seen as the work of North Korea using its vast army of "cyber-warriors" to cripple computer servers.

The Korea Communications Commission said closer investigation into the attack on NongHyup Bank showed the IP address was a virtual IP address used within the bank for internal purposes - it looks like an inside job, but we don't know yet.

Get more details.

Mar 21, 2013 - Kaspersky Lab: Only 2 out of 5 organizations use truly effective technologies

Even though over 80% of companies have adopted anti-malware and anti-spam technologies and due to increasing sophistication of cybercriminals, a study conducted by B2B International found that only a little over a third of those surveyed encrypt corporate data, only 43% use systems that detect attacks on IT infrastructure (IPS/IDS), while 15% are not aware that such systems exist or are not interested in using them. Fewer than half of the companies surveyed control the use of external devices or third-party applications, and only 55% use NAC technology.

Traditional antivirus technologies are not designed to provide protection against complex malware and, hence, targeted attacks. The required level of security can be achieved only by using additional protection technologies (encryption) , Automatic Exploit Prevention , System Watcher , script emulator etc.) and by restricting activities that are not directly related to the employee’s work (control of access to the corporate network, devices, applications and the Internet).

Mar 21, 2013 - Check Point Reinvents Security and Compliance Monitoring

Check Point® Software Technologies Ltd., the worldwide leader in securing the Internet, introduced the new Check Point Compliance Software Blade, an integrated real-time compliance monitoring solution that leverages an extensive knowledge of regulatory requirements and IT security best practices.

The Compliance Software Blade ensures that security policies are aligned with global regulations and validates that appropriate security levels are maintained - shortening audit times, improving security and reducing costs for businesses. The new solution is fully integrated into the Check Point Software Blade Architecture, providing a complete view of compliance status across Check Point Gateways and Network Security Software Blades.

Get more details.

Reuters, Mar 21, 2013 - Hacker "Guccifer" leaks emails from noted venture capitalist

Reuters reported that John Doerr, a venture capitalist known for early investments in companies such as Amazon and Google, has become the latest victim of the hacker known as Guccifer, according to the Smoking Gun website.

Get more details.

CloudFlare, Mar 20, 2013 - The DDOS that Knocked Spamhaus Offline

Tuesday, March 19, 2013, CloudFlare was contacted by the non-profit anti-spam organization Spamhaus. They were suffering a large DDoS attack against their website and CloudFlare was asked a favor to help mitigate the attack.

To mitigate the situation, CloudFlare deployed Anycast which serves to effectively dilute it by spreading it across CloudFlare's facilities.

Once diluted, the attack becomes relatively easy to stop at each of our data centers. Because CloudFlare acts as a virtual shield in front of customers sites, with Layer 3 attacks none of the attack traffic reaches the customer's servers. Traffic to Spamhaus's network dropped to below the levels when the attack started as soon as they signed up for our service.

Get more details.

Sophos, Mar 20, 2013 - Researcher uses botnet to map internet

An anonymous researcher just published a paper that claims to have mapped out almost the entire internet for the first, and perhaps the last, time.

This is because the author claims to have achieved this feat rather illegally, and had developed a small virus that was compiled for nine different sorts of router using the software development tools from the OpenWRT project.

OpenWRT is open-source router firmware: a Linux distribution originally targeting the Linksys WRT54 SoHo router, and derived from the source code published by Linksys years ago to comply with the GPL licensing requirements.

Get more details.

Symantec, Mar 20, 2013 - Blackhole Exploit Kit Takes Advantage of Cypriot Financial Crisis

The notorious Blackhole Exploit Kit, exploited the public concern about the Cypriot banking crisis, by sending out emails claiming to be news stories related to the unfolding situation.

In recent days, the European Union (EU) financial crisis has taken a dramatic turn. Cyprus, one of the EU's smallest member states by population, announced plans to impose a one-off levy of up to 10 percent on ordinary bank deposits.

Banks across the island state have been closed while the unprecedented measures are debated in the country's parliament.

The message claims to be from the British Broadcasting Corporation (BBC) news site's article recommendation service. The sending address has been spoofed, as have certain BBC recommendation message headers. It redirects users to a familiar Blackhole Exploit Kit page which attempts several exploits, targeting vulnerabilities in Adobe Flash Player, Adobe Acrobat Reader, and Java.

Get more details.

Symantec, Mar 18, 2013 - Android Malware Spams Victim’s Contacts

Ever heard of an app that allows X-Ray vision through clothes?

The Symantec Response Team recently monitored a malicious app known as Android.Uracto that sends spam messages by SMS to phone numbers stored in the device’s Contacts. Recipients are easily tricked because the invitation to download the app is coming from someone they know rather than from an unknown sender.

The site (shown in the figure below) where the link takes the user to introduces an app called “Infrared X-Ray” that supposedly allows the user to see through clothes when viewed through the device’s camera and of course also allows pictures to be taken. Not surprisingly, the app does not work. However, once executed, details stored in the device’s Contacts are uploaded to a predetermined server.

Further investigations conducted by Symantec has led to the discovery of ten similar apps developed by the same group of spammers. The servers hosting the domains appear to be located in Singapore and in Georgia in the United States.

Though the apps look different in appearance, they can categorised into three main variants:
  1. Steals data stored in the device’s Contacts.
  2. Steals contact details but also sends SMS messages, containing a link to download the malicious app, to all the contacts.
  3. Steals contact details and attempts to scam the victim into paying for fake services.

Get more details.

Sophos, Mar 18, 2013 - Reuters journalist who allegedly conspired with Anonymous hackers is suspended

Reuters journalist Matthew Keys, has been indicted by a US federal grand jury for allegedly handing over the login credentials of his former employer, Los Angeles Times parent company Tribune Co., to people claiming allegiance to the hacker movement Anonymous.

Keys was suspended from work but will be paid, suggesting that its employer believes that he was sabotaged.

If found guilty, Keys is looking at a maximum of 10 years in prison and a fine of up to $250,000.

Get more details.

Reuters, Mar 18, 2013 - U.S. computer hacker gets 3-1/2 years for stealing iPad user data

Reuters reported that a computer hacker was sentenced on Monday to three years and five months in prison for stealing the personal data of about 120,000 Apple Inc iPad users, including big-city mayors, a TV network news anchor and a Hollywood movie mogul.

Andrew Auernheimer, 27, had been convicted in November by a Newark, New Jersey, jury of one count of conspiracy to access AT&T Inc servers without permission, and one count of identity theft.

Get more details.

Sophos, Mar 17, 207 - Hackers launch DDoS attack on security blogger's site, send SWAT team to his home

As if you are watching a Hollywood movie, famous cyber security blogger Brian Krebs, who in his career had exposed some major cyber security incidents through investigative journalism, was targeted by cybercriminals in an apparent retaliation attack of DDOS on his website .

Get more details.

Palo Alto Networks, Mar 15, 2013 - Moving Away from a Swiss Cheese Security Model

Palo Alto Networks' Application Usage and Threat Report found that 97 percent of all exploits logs were found in ten applications such as internal or infrastructure applications integral to many business functions.

This brings them to suggest that the old network security model of “hard and crunchy on the outside, soft and gooey on the inside” is no longer sufficient.

Get more details.


Anonymous said…
This comment has been removed by a blog administrator.
Anonymous said…
This comment has been removed by a blog administrator.
Data Networking said…
Great Information and post! It is very informative and suggestible for the user of solar energy, May I think it can be beneficial in coming days...