Computer Security Updates Week 5 of June 2013 and 2013 Q2 Review

Refer to Computer Security Updates Week 4 of June 2013; two companies announced DDoS solution over past weeks - started by Juniper and then by Barracuda which announced DDoS solution for its Barracuda Firewall.

First of all, let's go back to review what had emerged out of 2013 Q1 review in terms of computer security where DDoS attack of SpamsHaus was the biggest news.

On week 4 of June 2013, Reuters reported that Facebook admitted year-long data breach exposed 6 million users; Reuters reported that Cyber Cover on the rise in U.S market.

On week 3 of June 2013, Juniper announced the-only DDoS solution for data centers. It is based on Junos DDoS Secure which can be deployed as a hardware appliance or as a virtual machine (VM) in private, public, or hybrid cloud environments. It works by continually monitoring and logging all in-and out-bound Web traffic: blacklisting bad traffics.

Reuters reported that Internet big boys deny granting servers access for U.S Government.

On week 5 of May 2013, McAfee introduced Endpoint Security Suites with hardware-assisted capability;Twitter beefed up security with two-factor security system.

On week 4 of May 2013, Bit9 produces a game-changing enterprise security solution: Bit9 Connector;a result of integration between FireEye and Palo Alto with malware alerts and Bit9's next-gen endpoint and server security.

On week 3 of May 2013, Reuters reported one of the biggest ever bank heists cyber crime: a global cyber crime ring stole $45 million from two Middle Eastern banks by hacking into credit card processing firms and withdrawing money from ATMs in 27 countries.

On week 2 of May 2013, Reuters reported Pentagon cleared Samsung, BlackBerry devices to adopt multi-vendor environment; 2013 Verizon Data Breach Investigations Report (DBIR) found that the vast majority of attacks were motivated either by gathering information (espionage – corporate or state sponsored), or stealing money.

On week 5 of Apr 2013, Sophos reported that suspect in the massive Spamhaus DDoS attack arrested in Spain;Reuters reported that LivingSocial cyber attack affects millions of customers.

On week 3 of Apr 2013, Oracle to release 128 security patches, hundreds of products affected;McAfee delivered enterprise class security to the cloud.

On week 2 of Apr 2013, Microsoft Issued 9 fixes covering a total of 14 vulnerabilities;Samsung Galaxy Mobile Devices to deploy Absolute's MDM;Sophos published free AV for Mac via Facebook Markeplace.

On week 1 of Apr 2013, Kaspersky Security Scan detected active infections on computers protected by other vendors.

The trends and news which emerged from Q2 2013 for computer security carry themselves a few common themes.
  • More solutions for DDoS attack emerged. Previously not available because counter-DDoS measures would be most effectively carried out at the network level or data center level; while most security solution vendors are software based. Two networking-based companies Juniper Networks and Barracuda Networks had since announced solutions for DDoS.
  • Many Internet-based services such as Twitter and Evernote beefed up security with multi-factor authentication.
  • The business world is losing its patience over cyber security issues. Experts are calling for software vendors to be held accountable for security loopholes such as zero-day vulnerabilities; cyber cover is seen as a rising trend for the enterprise insurance business in the U.S; and companies like Microsoft is offering rewards to recruit the tools and talents to improve security resiliency of its products.
  • Reuters reported a report originally by Washington Post report that claimed to have information pertaining to the fact where U.S. National Security Agency and the FBI are "tapping directly into the central servers of nine leading U.S. Internet companies" through a secret program known as PRISM.
  • Based on Q1 2013 review, two trends are brought forward to Q2. 1.) Mobile trends such as BYOD serves as catalyst for growth in security vulnerability; 2.) Security companies introduced proactive approach for security solution - with Intelligent security features.
  • Besides proactive approach, security vendors opine that to counter cyber-attacks effectively, collaborative efforts between communities, governments and vendors will yield the upper hand over the bad-guys - it is also costs effective.

For this week / last week, here are / were the biggest news.
  • 80% believe Cyber-Attacks Pose a Greater National Threat than Physical Attacks.
  • U.S' NSA foiled 54 plots, thanks to eavesdropping.
  • BlackBerry announces enterprise security solution for iOS and Android that separates work and personal apps and data.
  • CloudSec 2013 Highlights.
  • Symantec: Facebook Privacy Leak.
  • Symantec: Four Years of DarkSeoul Cyberattacks against South Korea continued.
  • Symantec: FakeAV holds Android devices for ransom.
  • Kaspersky Lab: 37.3 million users experienced phishing attacks in 2012.

Singapore. June 27, 2013 – 80% believe Cyber-Attacks Pose a Greater National Threat than Physical Attacks

Cyber-Ark’s 7th annual Global Advanced Threat Landscape survey – developed through interviews with 989 IT and C-level executives across North America, Europe, and Asia Pacific.
  • 80 per cent of respondents believe that cyber-attacks pose a greater threat to their nation than physical attacks.
  • Perimeter security failed in numerous areas (i.e phishing attacks) where proactive approach is required.
  • 64 per cent of respondents indicate they are now managing privileged accounts as an advanced threat security vulnerability.
  • 56 per cent of respondents do not know what their cloud service providers are doing to protect and monitor privileged accounts.

Get more details.

Reuters, Jun 27, 2013 - U.S' NSA foiled 54 plots, thanks to eavesdropping

Reuters reported that NSA chief General Keith Alexander reported that as a result of the agency's phone and internet surveillance activities, a total of 54 schemes by militants had been successfully foiled.

50 of the 54 cases cited had resulted in arrests or detentions.

Get more details.

Jun 27, 2013 - BlackBerry announces enterprise security solution for iOS and Android that separates work and personal apps and data

BlackBerry® announced the availability of a new security solution that separates work and personal apps and data on iOS® and Android™ devices.

Secure Work Space for iOS and Android is a new option with BlackBerry Enterprise Service 10 (version 10.1.1).

Fujitsu Malaysia had announced similar offerings back in Mar 2013.

The BlackBerry Enterprise Service 10 server software is free to download. Annual client access licenses (CALs) for Secure Work Space are USD$99 (MSRP) per year per device. BlackBerry Enterprise Service 10 is also available as a sixty (60) day free trial bundle that includes 50 EMM Corporate CALs (providing device management for BlackBerry 10, iOS, and Android devices) and 50 Secure Work Space CALs. The free trial can be downloaded here.

Get more details.

Jun 26, 2013 - CloudSec 2013 Highlights

The Cloud Security Alliance (CSA) “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0" provides a practical, actionable roadmap to managers wanting to adopt the cloud paradigm safely and securely.

Get more details.

Symantec, Jun 26, 2013- Facebook Privacy Leak

Symantec has discovered a privacy leak in Facebook's Android app that sends users' phone numbers over the Internet to Facebook servers simply by launching the app.

Of particular note is that users' phone numbers are sent even before logging in to the app. Users also do not need to provide their phone number, initiate a specific action or even have a Facebook account for their phone number to be sent to Facebook.

Symantec has notified Facebook and they plan to provide a fix in their next Facebook for Android release. In the meantime, a significant portion of the estimated 7 million devices that have installed the Facebook application are likely affected.

Get more details.

Jun 26, 2013 - Four Years of DarkSeoul Cyberattacks Against South Korea Continue on Anniversary of Korean War

On the 63rd anniversary of the start of the Korean War, a series of cyber attacks affected organizations across South Korea. Symantec has been able to attribute one of these attacks to the DarkSeoul cyber criminal gang, which has perpetrated a number of high-profile attacks on South Korea over the past four years.

In addition to yesterday’s attacks, the DarkSeoul gang is responsible for the Jokra attacks targeting South Korean banks and television broadcasters in March and the attacks against South Korean financial companies in May. The group’s attacks tend to follow a similar pattern, including multi-staged, coordinated attacks against high-profile targets in South Korea with destructive payloads, such as hard disk wiping and DDoS attacks configured to trigger on historically significant dates.

DarkSeoul cyber criminal gang is prone to leverage on DDoS attacks and hard disk wiping on targets; usually on high-profile targets in South Korea.

Get more details.

Symantec: Jun 21, 2013 - FakeAV holds Android Devices for Ransom

Symantec has observed what we believe is the first ransomware threat targeting mobile devices. A new threat of FakeAV is making its way onto Android devices. Victims will find their Android devices locked until a payment/ransom is made.

FakeAV and Ransomware on PCs have been around for years and have been particularly profitable scams for malware authors. Malware authors are clearly hoping to leverage that success now on mobile devices. The threat is detected by Symantec as Android.Fakedefender.

FakeAV software is a type of scam using malware that intentionally misrepresents the security status of a device and attempts to convince the user to purchase a full version of the software in order to remediate non-existing infections.

Get more details.

Petaling Jaya, June 21, 2013 -Kaspersky Lab: 37.3 million users experienced phishing attacks in 2012

According to the results of Kaspersky Lab’s “The evolution of phishing attacks 2011-2013” survey, the number of Internet users who faced phishing attacks over the last 12 months has grown from 19.9 million to 37.3 million, an increase of 87 %.
  • In 2012-2013, phishers launched attacks affecting an average of 102,100 people worldwide each day – twice as many as in 2011-2012.
  • The majority of the servers hosting phishing pages were registered in the USA, the UK, Germany, Russia and India;
  • The services of Yahoo!, Google, Facebook and Amazon were most often attacked by phishers – 30% of all registered incidents involved fake versions of their sites;

Get more details.