Computer Security Updates Week 1 of Feb 2013

Refer to 'Computer Security Updates Week 4 of Jan 2013'.

Looking at Jan 2013 so far, no new important and deadly threat had been identified by security experts yet. Most of issues linger around threats from 2012 such as Java security issue and Red October. Another significant news was the US authorities charge three people over 'Gozi' APT which was identified in 2012.

So, I guess the year is still young. The bad guys are still doing strategy. However, looking at the current vibe, security happenings are steaming up.

This week updates in a nutshell:
  • IBM announces breakthrough with combination of security intelligence and Big Data
  • Symantec discovers Trojan.Smoaler in faked FedEx emails.
  • Federal Commercial Crimes Investigations Department (CCID) reports that Malaysians lost over RM90 mil since 2010 to Cyberscams - not gullible but victimized.
  • Chinese hackers break into the New York Times, steal every employee's password - analysts claims politically motivated. 
  • ESET found Win32/Jabberbot.A malware to be a less sophisticated threat. 
  • Symantec observes spike in Ransomware.
  • CA Technologies extends identity management security for SAP environment through collaboration with Greenlight Technologies Enterprise Integration Suite (EIS).
  • The U.S. government's Computer Emergency Readiness Team advises consumers to disable UPnP which is vulnerable to hacker access.
  • U.S authorities reported to exert pressure on Stuxnet informants (to the press).
  • Yokogawa partners McAfee to enhance security of Industrial Control Systems.
  • HP launches security software suit to help enterprises to manage security threats via holistic standpoint.
  • U.S - Anonymous Hijacks Federal Website Over Aaron Swartz Suicide
  • U.S - "cyber 9/11" could happen "imminently"

Check out more on security and weekly updates.

Jan 31, 2013 - IBM Announces Breakthrough with Combination of Security Intelligence and Big Data

To aid in the detection of stealthy threats that can hide in the increasing mounds of data, IBM announced IBM Security Intelligence with Big Data, combining leading security intelligence with big data analytics capabilities for both external cyber security threats and internal risk detection and prevention. IBM Security Intelligence with Big Data provides a comprehensive approach that allows security analysts to extend their analysis well beyond typical security data and to hunt for malicious cyber activity.

IBM QRadar Security Intelligence Platform products and IBM Big Data Platform products, including IBM InfoSphere BigInsights, are available immediately.

More details.

Jan 31, 2013 - Surprise "Parcels" In Your Inbox

Symantec Security Response has observed that fake FedEx emails have been circulating. In the emails, users are asked to click on a link to print out a receipt in order to retrieve their parcel in person from the nearest FedEx office. For unsuspecting users who click on the link, they will be greeted by a file containing malicious PostalReceipt.exe executable file. Instead of receiving a parcel, a malware Trojan.Smoaler is delivered to their computer.

All the fake FedEx emails delivering this malware are almost identical except for the order numbers and the website the zip file is hosted on. One sign of laziness or perhaps an oversight on the part of the malware author, is the use of the same Order Date. The author does change the domain where Trojan.Smoaler is hosted daily.

More details.

Jan 31, 2013 - Malaysians lost over RM90 mil since 2010 to Cyberscams

According to statistics compiled by the Federal Commercial Crimes Investigations Department (CCID), A variety of scams hatched by foreign conmen who promise millions in cash, glittering gems and marriage, have cost Malaysians a staggering RM90 million over the past three years.

I want to make a stance that these victims are not gullible, they are victims.

More details.

Jan 31, 2013 - Chinese hackers break into the New York Times, steal every employee's password

The New York Times has reported that for the last four months Chinese hackers have been infiltrating its networks, broken into the email accounts of senior staff, stolen the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees.

Malware was planted on users' computers which opened backdoors for the hackers to gain remote access to connected systems - including a domain controller that contained usernames and hashed passwords for all of the New York Times' employees.

Analysts claim that this incident was politically motivated.

Martin Roesch
Martin Roesch, founder and interim CEO of Sourcefire commented that this incident is a classic example where advanced tools evaded traditional defenses.  “This incident is the latest example of how attackers and their tools have advanced to evade traditional defenses. The reality is that it’s no longer a matter of if attackers get in, but when,” said Martin Roesch, founder and interim CEO of Sourcefire. “Point-in-time security that only has one shot to determine if a file is malware does not work by itself. A new model that also collects telemetry for continual analysis of what is happening in your environment is needed. This analysis can be used to determine scope, contain and ultimately remediate the malware automatically. This is what is called retrospective security,” said Martin Roesch.

More details.  

Jan 30, 2013 - Symantec Observes Spike in Ransomware

Symantec’s Security Response team is seeing an upswing in Ransomware activity in 2013. In the last week, Symantec has observed a new spike in Ransomware activity, with the main variant observed as Trojan.Ransomlock.Y primarily distributed through pornographic websites

More details.

Jan 30, 2013 - Walking through Win32/Jabberbot.A instant messaging C&C

Experts from security company ESET decided to perform a walk-through for C&C-powered Win32/Jabberbot.A. This piece of malware intrigues the interests of ESET team primarily because it uses the Extensible Messaging and Presence Protocol (XMPP),a protocol for instant messaging that is commonly known as the Jabber protocol.

Nonetheless, the team found that this threat is not sophisticated at all and could be an academic exercise. It also demonstrates that XMPP could be used for reliable C&C infrastructure if a proper design was implemented.

More information.

Jan 29, 2013 - U.S. government warns of hack threat to network gear

The U.S. government's Computer Emergency Readiness Team advised consumers and businesses to disable a feature known as Universal Plug and Play or UPnP, and some other related features that make devices from computers to printers accessible over the open Internet; which is vulnerable for hacker access.

More details.

Jan 29, 2013 - Extending security for SAP environments through partnerships

CA Technologies just announced an integration between CA IdentityMinder and Greenlight Technologies Enterprise Integration Suite (EIS).

This integration is especially important for users of SAP GRC because it automates segregation of duties policy checks to provide improved risk analysis. Basically, it enables improper combinations of access entitlements to be identified and corrected before provision of the access rights is done. In addition, the integrated solution delivers a consistent provisioning model across both SAP and non-SAP applications to help reduce total IT security management costs, and to help prevent improper access rights across these environments.

More details.

Jan 29, 2013 - FBI intent on sniffing out those who leaked possible US Stuxnet role

The administration's efforts to find and punish those who informed the press about Stuxnet are reaching strenuous levels.

Informants include several current and former senior government officials. The Washington Post reports that investigators are confronting these high-level officials with evidence of contact with journalists that's based on extensive analysis of their email accounts and phone records.

The New York Times and The Washington Post reported that the masterminds behind Stuxnet, Duqu, and Flame -- who Obama administration officials say were government technologists and intelligence officials from the U.S. and Israel.

More details.

Jan 29, 2013 - Yokogawa Partners McAfee to Enhance Security of Industrial Control Systems

Yokogawa Electric Corporation and McAfee announced the signing of a partnership agreement to offer holistic and value-added IT security solutions for the industrial automation world.

It will include the integration of anti-virus software with industrial control systems used in the process industries.

More details.

Jan 28, 2013 - HP Enables Organizations to Better Prepare for Attacks

HP announced a new set of security services that help organizations respond to, remediate and mitigate the impact of security breaches as they occur.

The HP Security Breach Management Solution combines HP’s services expertise with security intelligence software to offer clients a comprehensive approach to protect what matters most to their organizations. It provides clients with the security intelligence to more quickly identify a breach and react to it, as well as minimize its impact and reduce ongoing exposure from vulnerabilities.

More details.

Jan 26, 2013 - Anonymous Hijacks Federal Website Over Aaron Swartz Suicide

Activists from the hacker collective known as Anonymous assumed control over the homepage of a federal judicial agency this morning.

In a manifesto left on the defaced page, the group demanded reform to the American justice system and what the activists said are threats to the free flow of information.

More details.

Jan 24, 2013 - U.S. homeland chief: cyber 9/11 could happen "imminently"

Homeland Security Secretary Janet Napolitano warned on Thursday that a major cyber attack is a looming threat and could have the same sort of impact as last year's Superstorm Sandy, which knocked out electricity in a large swathe of the Northeast.

The secretary urged reform on existing preventive measures to thwart such incident. A cyber security bill failed in Congress last year after business and privacy groups opposed it.

More details.