Computer Security Updates Week 2 of Apr 2013 and 2013 Q1 Review

Refer to Computer Security Updates Week 1 of Apr 2013; in which the biggest news was nothing much.

Let's take a look at what had happened to Q1 of 2013 in terms of computer security.

Without a doubt, the biggest news was DDoS attack of SpamsHaus which happened on Week 4 of Mar 2013.

It was a lesson well learned by the industry, even Malaysia's prominent opposition leader's LKS blog is currently deploying CloudFlare solution to thwart DDoS - amazing right ?

I don't have info exactly how long has LKS been using CloudFlare, but the election fever definitely got them worried and besides it is good for the whole industry, way to go!!

The 1Malaysia blog appears to be not using any such solution from the surface. The number 1 blog in Malaysia, ex-PM's blog also seems to not have deployed any DDoS protection from CloudFlare.

On Week 3 Mar 2013, National Intelligence Agency of U.S declared that cyber security threat was the no.1 threat for U.S. and Iran officially blocks unofficial VPN access from its Internet.

On Week 2 Mar 2013, Java, Chrome, IE 10 and Firefox were all compromised successfully during PWN2OWN 2013 competition.

On Week 1 Mar 2013, Kaspersky Lab together with CrySys Lab identified 'MiniDuke' which was considered to be a fresh malware released no earlier than Feb 2013.

On Week 3 Feb 2013, ESET security team discovered Win32/DoS.OutFlare, a c&c-powered malware designed to challenge CloudFlare anti-DoS service - coincidence ???

Also, Reuters reported that hackers may have gained access to passwords and other information for as many as 250,000 user accounts on Twitter.

The trends and news which emerged from Q1 2013 for computer security carry themselves a few common themes.
  • The whole industry agrees that Mobile computing trend such as BYOD is the biggest catalyst for security vulnerability in the near future.
  • Intelligent security features which cater for proactive approach is the trend for enterprise security solution.
  • Most security threats originated internally - Palo Alto Networks research reveals that 97% of threats came from organizations internally.
  • Oracle Java worked hard to release security patches for Java zero-day vulnerabilities. In year 2012, Oracle Java surpassed Adobe Reader as the most frequently exploited software.
  • Kaspersky and Sophos both had been very aggressive in terms of security incidents monitoring, analysis, research and reporting. Good job! I thank you for your updates. I also like to thank Reuters for its coverage.
  • Web browser's sandbox could be compromised as well; these days - by definition, a sandbox is supposed to protect users from security breach.
  • Politically driven cyber-attacks, particularly those involved U.S, China, North Korea, had been observed yet were elusive with vague details.
  • You could die following news like all these!! - just follow It-Sideways will be enough.

For this week, here are the biggest news.
  • U.S. agency denies data center to monitor citizens' emails.
  • F-Secure Malaysia organizes Hackathon 2013 in Kuala Lumpur.
  • Kaspersky reported its experience tracking down an APT known as Winnti.
  • Sophos publishes free AV for Mac via Facebook Markeplace.
  • Yahoo reported that a hacker claimed he can crash your plane using software purchased off eBay.
  • Microsoft reported that 3.6 Million Outdated Windows XP PCs in Malaysia at risk.
  • Microsoft Issues 9 fixes covering a total of 14 vulnerabilities.
  • Reuters reported that Cyber attacks hurt China's credibility.
  • Sophos reported that Ukrainian and Russian police arrest banking Trojan masterminds.
  • Samsung Galaxy Mobile Devices to deploy Absolute's MDM.

Reuters, Apr 15, 2013 - U.S. agency denies data center to monitor citizens' emails

Reuters reported that the U.S. National Security Agency on Monday denied that a $1.2 billion data center it is building in the Utah desert will be used to illegally eavesdrop on or monitor the emails of U.S. citizens.

The secretive agency, which serves the U.S. military and intelligence communities, insisted the state-of-the-art facility's work would be used to support U.S. cybersecurity in accordance with U.S. laws that limit spying on U.S. citizens.

Get more details.

KL, April 12, 2013 - F-Secure Malaysia Organizes Hackathon 2013

The Hackathon is a competition for developers to compete in a 30-hours challenge utilizing F-Secure's APIs and security systems in order to produce some useful modules.

The core intention of the event is to promote collaborative efforts in tackling security security issues in the industry.

Besides that, F-Secure Malaysia also hopes to perform talent search.

The competition is divided into 3 categories; 1.) usage of API, 2.) innovative ideas, 3.) entrepreneurship. These 3 categories come with a total combined prize money of RM 2,500.

The competition was participated by 9 teams where the smallest team consists of 1 team member.

The competition in progress at Wisma F-Secure, Bangsa South, KL

The Hackathon session continued throughout the day straight through day 2 (Apr 13,2013 2pm).

The most outstanding application gets the opportunity to dine with Mikko Hypponen, Chief Research Officer of F-Secure Corporation.

Personally, I feel that Hackathon or programming marathon, is the most effective exercise to get programming teams to work out something fast and it is usually fun and exciting. Many programming marathons are being conducted yearly and globally, including my own team.

The reason is simple, you identify an objective (such as a problem), get a few guys at a single location and everybody just pays attention to solve that single problem and by doing that non-stop for more than 24 hours, miracle usually happens. The fact is that good programming works usually spread-over for many hours because it deals with one trick; no-interruption.

PJ, April 12, 2013 - Kaspersky Lab Analyzes Active Cyberespionage Campaign Targeting Online Gaming Companies Worldwide

Today Kaspersky Lab’s team of experts published a detailed research report that analyzes a sustained cyberespionage campaign conducted by the cybercriminal organization known as “Winnti.”

The Winnti group has been attacking companies in the online gaming industry since 2009 and is currently still active. The group’s objectives are stealing digital certificates signed by legitimate software vendors in addition to intellectual property theft, including the source code of online game projects.

A popular online game publisher hired Kaspersky for the investigation and it was discovered that a trojan had been embedded into regular updates from the publisher. the Trojan turned out to be a DLL library compiled for a 64-bit Windows environment and used a properly signed malicious drive. It was a fully functionally Remote Administration Tool (RAT), which gives attackers the ability to control a victim’s computer without the user’s knowledge. The finding was significant as this Trojan was the first malicious program on a 64-bit version of Microsoft Windows 7 that had a valid digital signature.

Kaspersky Lab’s experts began analyzing the Winnti group’s campaign and found that more than 30 companies in the online gaming industry had been infected by the Winnti group, with the majority being software development companies producing online video games in South East Asia. However, online gaming companies located in Germany, the United States, Japan, China, Russia, Brazil, Peru, and Belarus were also identified as victims of the Winnti group.

Reuters reported that it could have been originated from China.

Kuala Lumpur, Malaysia, April 12, 2013 – Facebook AV Marketplace International Offers Sophos’ Free AV for Mac

Sophos today announced that the free Sophos Anti-Virus for Mac Home Edition is now available on Facebook’s Antivirus Marketplace in English, French, German, Japanese and Spanish languages. The international Antivirus Marketplace connects individuals with free versions of IT security software from the world’s leading vendors.

Sophos Anti-Virus for Mac addresses the growing concern about Mac malware, protecting home Mac users from all threats in all versions, including the current version of the Mountain Lion operating system, OS X 10.8.3, as well as OS X 10.4-10.7. It is available for free download from both the Sophos website as well as from the Facebook AV Marketplace.

Yahoo, April 11, 2013 - The hacker who claims he can crash your plane

Hugo Teso, a security researcher from German consultancy agency N.Runs, claims he can hijack an airplane's navigation systems using a smartphone app, radio transmitter, and flight software he purchased off eBay.

Get more details.

KL, April 11, 2013 - 3.6 Million Outdated Windows XP PCs in Malaysia at risk

Microsoft Malaysia reminded customers today that it will officially retire service and support for Windows XP on 8 April 2014. With this deadline exactly one year away, it is essential for SMBs and consumers in Malaysia to migrate from XP, an eleven-year-old operating system, to avoid vulnerabilities and risks that have the potential to cause business disruption and extra costs.

From 8 April 2014, Microsoft will no longer provide automatic fixes, updates, or online technical assistance for Windows XP. This also means that users will no longer receive security updates that help protect PCs from harmful viruses, spyware, and other malicious software that can steal personal information.

In March 2013, according to StatCounter, Windows XP still makes up 20.39% of PCs in Malaysia with a steady rate of decline since Windows 7 was launched in October 2009. That equates to over 3.6 million PCs . StatCounter data also shows that about 60% of PCs in Malaysia are already on Windows 7 and in the last two months, there’s been an uptake of Windows 8 as well.

Get more details.

Symantec, Apr 10, 2013 - Microsoft Issues 9 fixes covering a total of 14 vulnerabilities

In a nutshell, these updates are responsible to fix security vulnerabilities related to IE,Remote Desktop connection,DDoS attacks, Windows kernel exploits, NTFS kernel exploits, Active Directory and SharePoint Server. Get more details.

Sophos then reported on Apr 12, 2013 that Microsoft tells all Windows 7 users to uninstall security patch, after some PCs fail to restart.

Reuters, Apr 9, 2013 - Cyber attacks hurt China's credibility: U.S. official

Cyber attacks against the United States from China are eroding the country's credibility and scaring off potential foreign investors afraid of losing their intellectual property, a senior U.S. official said on Tuesday.

Hormats said it was difficult to determine the precise origins of the attacks. A U.S. computer security company released a report in February in which it said much of the hacking came from China.

Get more details.

Sophos, Apr 9, 2013 - Ukrainian and Russian police arrest banking Trojan masterminds

Sophos reported that Kommersant, a Ukrainian news site, reported last week on the arrest of 20 people for stealing more than $250 million through online banking fraud over the last five years.

The SBU (Security Service of Ukraine) and FSB (Federal Security Service of Russia) spent more than a year jointly investigating the gang who were located in Kiev, Zaporozhye, Lviv, Herson and Odessa.

The arrested were between 25 and 30 years old and were responsible for coding individual pieces of the banking malware involved in the scam.

All of the stolen banking details were sent off to a server in Odessa, Ukraine where the 28 year old Russian mastermind of the operation was located.

Get more details.

Vancouver, Canada: April 3, 2013 – Samsung Galaxy Mobile Devices to deploy Absolute's MDM

Samsung will embed patented Absolute persistence technology into the firmware of Samsung GALAXY mobile devices as a feature of Samsung KNOX, which will be launched later this year. Samsung KNOX is the comprehensive mobile solution for work and play with security enhanced Android platform and application container. With firmware persistence, Samsung users can leverage Absolute Computrace® or Computrace LoJack® for Laptops to remotely track, manage and secure their Samsung GALAXY smartphones and tablets devices globally.

Absolute security solutions pride themselves with the ability to maintain a near-permanent connection with PCs and devices in their deployments for monitoring.

How it can achieve this ? The core of its solutions is based on Absolute Persistence technology which sits either in the bios (firmware) or the master boot record of the hard disk.

The only way to overwrite Absolute Persistence technology is either to totally wipe out the whole bios or the hard disk altogether - it is like removing the brain out of the person's head.

Get more details.