Computer Security Updates Week 4 of Sep 2013 and 2013 Q3 Review

Refer to Computer Security Updates Week 2 of Sep 2013; the biggest news was the news reported by Reuters that the U.S tapped into networks of Google, Petrobras, others; first ever case of mobile Trojan spreading via ‘alien’ botnets discovered.

On Week 1 of Sep 2013, New York Times, Twitter hacked by Syrian group; USA Today reported that NSA performed exercise which used supercomputers to crack Web encryption.

On Week 5 of Aug 2013, Yahoo reported that China to probe big IT firms after Snowden leaks.

On Week 3 of Aug 2013, Reuters reported that U.S house of rep rejected bid to curb spy agency data collection.

On week 3 of July 2013, Oracle issued 89 security fixes.

On July 1, 2013, Malaysian .com.my domains were compromised by hacker Tiger-m@te, allegedly Bangladeshi origin

The trends and news which emerged from Q3 2013 for computer security carry themselves a few common themes.
  • Software makers to be made responsible for security bugs - the industry seems to be moving towards this direction and this is bad news for software makers.
  • The NSA, Snowden, PRISM, cyber-espionage related news help people to understand the cyber security landscape better.  
  • and the biggest Internet players were taken to tasks with personal data protection. 
  • DDoS attacks stopped.
  • Based on Q1 2013 and Q2 2013 review, two trends are brought forward to Q3. 1.) Mobile trends such as BYOD serves as catalyst for growth in security vulnerability; 2.) Security companies introduced proactive approach for security solution - with Intelligent security features - Verizon DBIR 2013 confirms that 71% of breaches targeted user devices than servers.
  • Even though enterprise security vendors are banking on proactive approach with enhanced intelligent, however not much APTs recorded - Verizon DBIR 2013 confirms that only 25% of breaches are APTs related while others are opportunistic and 78% graded as less sophisticated.
  • and what was worst is that despite 78% being graded as less sophisticated attacks, 66% took months to be discovered and 69% of those (discovered are) by external parties.
  • Parallel with 2012 and predictions for 2013, zero-day exploits are still popular and Android malwares continue to grow.

Some interesting facts to note:
  • Facebook said no to Putrajaya’s request for details on 197 users.
  • The high cost of a security breach: averages $649,000.
  • Cybercrime costs the global economy between $100 billion and $500 billion annually.
  • Lloyds survey found that cyber threats are now the third biggest worry for CEOs.
  • F-Secure: The most used exploits kits in the world is BLACKHOLE.
  • F-Secure: CVE-2011-3402 is among the most targeted vulnerabilities in the world.
  • F-Secure: Worm: W32/Downadup (also known as Conficker) is the most detected threat in Malaysia.

For this week / last week, here are / were the biggest news.
  • The Bank of Fakes – almost a third of users have received bogus bank emails.
  • Secure Identity Alliance welcomes three new members.
  • Symantec successfully sinkholes significant part of the massive ZeroAccess Botnet
  • AccessData Announces Interoperability with HP ArcSight to Deliver Accelerated Incident Response to Security Threats.
  • CyberArk unveils Master Policy.
  • Verizon: 2013 Data Breach Investigation Reports (DBIR).
  • Kaspersky Lab exposes “Icefog” APT: a new cyber-espionage campaign focusing on supply chain attack.
  • AccessData: Broken cyber security model insufficient against APTs.
  • ECSB strengthens security portfolio through new partnership with Barracuda.
  • American Express Malaysia phishing site is discovered. today@http://www.americanexpress.com.my/ --> please DO NOT visit!
  • Cellebrite presents Mobile Forensics trends for year 2014.
  • F-Secure’s Latest Threat Report: nearly 60% of F-Secure’s top ten detections in the H1 2013 were exploits.
  • Microsoft has published a security advisory on vulnerability in IE.
  • Kaspersky: more than 1/3 malware attacks costs users money.
  • Reuters: Hackers offered cash to crack iPhone's fingerprint security.
  • Symantec: Hidden Lynx, pioneers of 'watering hole', professional for hire.
  • Mcafee: Lily Collins the most dangerous cyber celebrity of 2013, Rain emerges as Asian equivalent.
  • Reuters: Iran unblocks Facebook and Twitter access
  • Kaspersky Lab Brings its Best Security Technologies Together
  • AccessData partners with Contego Solutions to Fortify Digital Forensics Capabilities of Middle East Enterprises.
  • Bouygues Telecom Secures Critical Business Systems with CyberArk Solutions.
  • Reuters: Hacker steals two million Vodafone data.



Oct 2, 2013 - The Bank of Fakes – almost a third of users have received bogus bank emails

According to the Kaspersky Consumer Security Risks survey carried out by B2B International with Kaspersky Lab in Summer 2013, approximately 30% of users have received bogus emails claiming to come from banks. The fraudsters often use fake notifications from banks in order to trick users into handing over account credentials and giving away access to their money.

Although many experienced and cautious users probably recognize most phishing attempts, these attacks often end in success: about 4% of respondents reported that they had lost money to cybercriminals. Statistically, 4% is a relatively small figure, but when so many users are attacked each year, even a small success rate translates into big money.

4% of 1 billion Internet users is a lot of people.

Original reference.

wenjia gan
+603.8075.6000
wenjia.gan@aboutcom.com.my

Oct 1, 2013 - Secure Identity Alliance welcomes three new members

I've been INFORMED by PR firm that The Secure Identity Alliance today welcomes three new members to its ranks, marking an important step in growth of the newly formed organization.
  • HID Global, a leading provider of secure identity solutions, will play a crucial role in establishing the Alliance as the foremost advisor on the security and adoption of eGovernment services around the world.
  • American Banknote Corporation (ABnote) brings its long and global experience in the supply of secure documents, services and systems.
  • Backed by a 150 year heritage, Trüb AG brings a wealth of e-ID and e-Passport experience to the Alliance’s workgroup program.
Led by leading secure eDocuments companies Gemalto, Morpho (Safran), Oberthur Technologies and 3M, the Secure Identity Alliance was established in May 2013 to develop the usage of government-issued eDocuments (identity, health cards, driving licenses and ePassports in particular) for increased security, and to encourage deployment of secure convenient online services strengthening the privacy of the end-users. Already, two workgroups have been launched to tackle the ongoing security, identity and privacy challenges governments face.The ‘Secure Documents’ and ‘Digital Identity’ groups are expected to report back at Cartes in November 2013.

Original reference.

Media contact:

Stéphanie de Labriolle
Marketing & Communication Consultant
Secure Identity Alliance
M: +33 6 85 91 19 94
stephanie.delabriolle@secureidentityalliance.org

Oct 1, 2013 - Symantec Successfully Sinkholes Significant Part of the Massive ZeroAccess Botnet

I've been INFORMED by PR firm that today Symantec announces it has successfully sinkholed a significant part of the ZeroAccess botnet, which has been active since 2011 and is one of the largest known botnets in existence – with upwards of 1.9 million infected computers, generating tens of millions of dollars annually.
  • Symantec has sinkholed more than half a million bots – making a serious dent to the number of bots under the attacker’ control. Symantec is actively working with ISPs and CERTs worldwide to help get infected machines cleaned up.
  • ZeroAccess botnet is sophisticated and resilient – ZeroAccess has a highly technical and sophisticated infrastructure – it uses a peer-to-peer architecture giving the botnet a high degree of redundancy with no central command and control server. It also uses various advanced methods to survive on infected machines.
  • ZeroAccess leverages click-fraud and Bitcoin mining to carry out two revenue generating activities – potentially earning tens of millions of USD per year in the process.

Media contact:

Alvin Kiang
Tel: (+60-3) 2287-8689 ext.226
Mobile: 017-6877001
Fax: (+60-3) 2287-0234
alvin.kiang@edelman.com


LINDON, UT/SINGAPORE – Oct 1, 2013 - AccessData Announces Interoperability with HP ArcSight to Deliver Accelerated Incident Response to Security Threats

I've been INFORMED by PR firm that AccessData announced a new solution that operates with the HP ArcSight platform which is designed to deliver accelerated incident response to security threats.

This new solution allows bi-directional communication between AccessData’s Cyber Intelligence & Response Technology (CIRT) platform with the HP ArcSight Security Information and Event Management (SIEM) platform.

More importantly, it answers the critical need for more streamlined and holistic incident response and faster response times in the face of advanced persistent threats (APTs), sophisticated hacking attacks, and constantly evolving malware.

CIRT extends the functionality of the HP ArcSight SIEM platform by providing three key functions:
  • Delivers holistic rapid response by integrating the critical capabilities required for comprehensive root cause analysis
  • Enables real-time collaboration among all security and response teams
  • Provides automated batch remediation; so, organizations are able to eradicate threats, not just contain them
Original reference.

Media contact:

PRecious Communications for AccessData
Lars Voedisch
+65-91702470
lars@preciouscomms.com


Oct 1, 2013 - CyberArk Unveils Master Policy

I've been INFORMED that CyberArk today announced the availability of Master Policy, a bold new ‘policy engine’ that enables customers to set, manage and monitor privileged account security in a single, simple, native language interface. The once complex process of transforming business policy and procedures into technical settings is now easily manageable and understandable to an organization’s stakeholders, including security operations, risk officers and auditors.

Master Policy is embedded at the core of all of CyberArk’s privileged account security products, providing simplified, unified and unequaled policy management. The release is available in version 8.0 of CyberArk’s privileged account security solution released today and will ship with all new installations of CyberArk’s Privileged Identity Management (PIM) and Privileged Session Management (PSM) suites.

Original reference.

Media contact:

Tony Tan
Siren, Part of Havas Worldwide
Tel: +65 6317-6709
E-mail: tony@siren-communication.com


Sep 29, 2013 - Verizon : 2013 Data Breach Investigation Reports (DBIR)

I've READ from; Verizon,no-follow,http://www.verizonenterprise.com/DBIR/2013/; 2013 Data Breach Investigation Reports (DBIR) and was enlightened by its findings, facts with overlapping high percentages:
  • 37% of breaches - affected financial orgs- expected
  • 92% of breaches - comes from external threats- expected
  • 40% of breaches - incorporated Malware- expected
  • 52% of breaches - used some form of Hacking - expected
  • 76% of breaches - exploited weak or stolen credentials
  • 71% of breaches - driven by financial motives - expected
  • 71% of breaches - targeted user devices - revelation
  • 54% of breaches - compromised servers - expected
  • 75% of breaches - are considered opportunistic attacks - means that only 25% are APTs - revelation
  • 78% of breaches - rated as low difficulty - revelation
  • 69% of breaches - discovered by external parties - revelation
  • 66% of breaches - tooks months to discover - revelation

Sep 26, 2013 -Kaspersky Lab exposes “Icefog” APT: a new cyber-espionage campaign focusing on supply chain attacks

I've been INFORMED by PR Firm that aspersky Lab’s security research team today published a new research paper on the discovery of “Icefog”, a small yet energetic APT group that focuses on targets in South Korea and Japan, hitting the supply chain for Western companies. The operation started in 2011 and has increased in size and scope over the last few years.

Based on the profiles of identified targets, the attackers appear to have an interest in the following sectors: military, shipbuilding and maritime operations, computer and software development, research companies, telecom operators, satellite operators, mass media and television.

During the operation, the attackers use the “Icefog” backdoor set (also known as “Fucobha”). Kaspersky Lab has identified versions of Icefog for both Microsoft Windows and Mac OS X - It is C&C-powered.

This discovery also identified the ‘hit and run’ nature of the Icefog attacks demonstrate a new emerging trend: smaller hit-and-run gangs that go after information with surgical precision.

Original reference.

Media contact:

nabila yahya
+603.8075.6000
nabila.yahya@aboutcom.com.my

Sep 26, 2013 - AccessData: Broken cyber security model insufficient against APTs

I've been INFORMED by PR Firm that according to Vice President of Cyber Security for AccessData, Jason Mical, responses from the organizations surveyed for the recently-released 2013 Verizon Data Breach Investigations Report (DBIR) validate what most refuse to discuss in detail: we are attempting to secure private industry and national assets relying on a broken cyber security model.

According to the DBIR, 66% of the reported breaches took months to discover and 69% of those were actually discovered by a third party.

Mical quoted that traditional cyber security infrastructure is riddled with blind spots because they offers not much visibility option.

Media Contacts:

AccessData
Nicole Reid
+44 (0)20 7010 7802
nreid@accessdata.com


KUALA LUMPUR, Sep 26 2013 – ECSB Strengthens Security Portfolio through New Partnership with Barracuda

I've been INFORMED by PR firm that ECS ICT Berhad today announced that its wholly-owned subsidiary ECS Pericomp Sdn Bhd has been appointed as the authorised distributor in Malaysia for Barracuda Networks Inc., one of the global leaders in security and storage solutions.

Benny Lim the Southeast Asia Director for Barracuda Networks and Foo Sen Chin, Managing Director of ECS ICT Bhd (ECSB) officially mark their partnership announcement with a handshake.

ECSB will be distributing the full range of Barracuda’s suite of security and storage solutions such as WAF, Load Balancer, Message Archiver, web filters, Spam and Virus Firewall for customers in Malaysia.

Original article.

Media contact:

Visithra Manikam
PiPR Consultancy Sdn Bhd
+603-77241719/ +6012-2661679
visithra@pipr.com.my


Sep 24, 2013 - American Express Malaysia phishing site is discovered today@http://www.americanexpress.com.my/

The real American Express Malaysia site is; no-follow,http://www.americanexpress.com/malaysia/homepage.shtml. The phishing site which I discovered through my email is using the URL of http://www.americanexpress.com.my/. --> Please DO NOT visit!!!!

By and large, the registration of .com.my is scrutinized by MyNic.

From emailThe phishing site - please do not visit and login


Malaysia, Sep 24, 2013 - Cellebrite Presents Mobile Forensics trends for year 2014

I've been INFORMED by PR Firm that Cellebrite, who officially commenced their operations in SEA with an office in Singapore in July this year, has announced a list of top trends in mobile forensics that will shape in the next 12 months. The predictions were obtained from a number of prominent experts within law enforcement and industry analysts who are familiar with mobile forensics and the products used available today.

The trends are:
  • Smarter phones mean tougher encryption.
  • Investigators can’t put all their eggs into one mobile operating system.
  • Windows 8 is the wildcard.
  • Mobile devices advance as witnesses.
  • The regulatory and legislative landscape remains uncertain.
  • Mobile malware’s incidence will rise.
  • Data breaches via mobile will rise.
Original reference.

Media Contact:

Bevan Chen
T +65 6338 1006
F +65 6336 9567
bevan.chen@priorityconsultants.com

Sep 24, 2013 - F-Secure’s Latest Threat Report: nearly 60% of F-Secure’s top ten detections in the H1 2013 were exploits.

I've been INFORMED by PR Firm that according to F-Secure’s new Threat Report H1 2013, being published today, nearly 60% of F-Secure’s top ten detections in the first half of 2013 were exploits.

Hence, exploits, particularly Java-based zero-day exploits characterized first half of 2013.

358 new families and variants of Android malware were discovered by F-Secure Labs in H1, nearly doubling the total number the Labs has ever discovered to 793. Symbian followed with 16 new families and variants. No new families or variants were discovered other mobile platforms - hence, Android malware leads the pack.

For instance, the Stels Android trojan has mutated over 1,300 times since its discovery in Nov 2012. As quoted from the report, it is a trojan that can turn an infected device into a bot that becomes part of a larget botnet, and it can act as a banking trojan that steals mobile Transaction Authentication Numbers or the so-called TAC code.

According to the full report, the APT landscape hasn't changed much since 2012, politically motivated and targets the English speaking world as majority.

F-Secure's latest threat report has done a good job. It summarizes the following additional facts pertaining to threats landscape from Jan 2013 to Sep 2013.

  • The most used exploits kits in the world is BLACKHOLE.
  • CVE-2011-3402 is among the most targeted vulnerabilities in the world.
  • Worm: W32/Downadup (also known as Conficker) is the most detected threat in Malaysia.

Another interesting take from the report is about the emergence of new virtual currency - crypto currency - also known as Bitcoin has attracted attention of the cyber-security world; for both vendors and hackers.

As quoted from the report, Bitcoin is not linked to any existing currency; therefore, tis value is purely based on how much people believe it is worth.

The first batch of Bitcoin malware successfully manipulated the system by rewarding malware authors with coins, such process is known as mining.

By late of June 2013, DIY Bitcoin mining tool were made available in an undergound market: Ufasoft Bitcoin miner.

Original reference and full report.

Media contact:

Winx Loo
Tel : 603 7710 3288
Fax : 603 7710 3289
Mobile : 6012 913 2460
winx.gocomm@gmail.com

Sep 23, 2013 - Microsoft has published a Security Advisory on Vulnerability in IE

I've READ from; Palo Alto,no-follow,http://researchcenter.paloaltonetworks.com/2013/09/coverage-information-for-microsoft-security-advisory-2887505-internet-explorer-0-day-vulnerability/; that Microsoft has published a Security Advisory on Vulnerability in IE which could allow remote code execution.

CVE-2013-3893,no-follow,https://technet.microsoft.com/en-us/security/advisory/2887505

The severity of this vulnerability is rated: critical.

Sep 19, 2013 - Kaspersky : more than 1/3 malware attacks costs users money

I've been INFORMED by PR Firm that Mmalware attacks mean financial losses for about 36% of users – with many people forced to pay to restore damaged devices to working order. This figure emerged from the summer 2013 global survey conducted by B2B International and Kaspersky Lab.

17% of respondents said that these costs involved paying for third party expertise to restore the victim’s device to working order. About 10% had to pay to recover lost data, while 9% had to replace damaged components and 5% needed an entirely new device.

Original reference.

Media contact:

nabila yahya
+603.8075.6000
nabila.yahya@aboutcom.com.my

Sep 19, 2013 - Reuters: Hackers offered cash to crack iPhone's fingerprint security

I've READ from; Reuters,no-follow,http://www.reuters.com/article/2013/09/19/us-iphone-hackers-idUSBRE98I10I20130919; that a micro venture capital firm and a group of security researchers had offerred $13,000 plus other incentives to attract hackers to break the fingerprint security.

The news reported that Apple should welcome this move as a fault-tolerance test towards the product.

SANTA CLARA /SG - Sep 17, 2013 - Mcafee: Lily Collins the most dangerous cyber celebrity of 2013, Rain emerges as Asian equivalent

I've been INFORMED by PR Firm that English-born TV and movie actress Lily Collins, star of the current motion picture The Mortal Instruments: City of Bones, has replaced Emma Watson as McAfee’s 2013 Most Dangerous Cyber Celebrity.

For Asia, online searches on South Korean celebrity Rain are found to be most risky and Kylie Minogue topping the list as Australia’s Most Dangerious Celebrity.

With the report now in its seventh year, McAfee researched pop culture celebrities to find out who are the riskiest on the web and result in bad links, including viruses, malware, and sites laden with malicious software designed to steal passwords and personal information. Lily is joined at the top by pop music star Avril Lavigne and Oscar-winner Sandra Bullock, who came in as numbers two and three, respectively. Jon Hamm is the only “mad” man to crack the global top ten.

Original reference.

Media contact:

Lars Voedisch
PRecious Communications for McAfee
+65 - 91702470
lars@preciouscomms.com


Sep 17, 2013 - Symantec: Hidden Lynx, pioneers of 'watering hole', professional for hire

I've READ from; Symantec, no-follow,http://www.symantec.com/connect/blogs/hidden-lynx-professional-hackers-hire; who discovered that the professional Hidden Lynx group are found to have utilized both Moudoor and Naid trojan.

Most notably noted for the VOHO campaign was ultimately targeting US defense contractors whose systems were protected by Bit9’s trust-based protection software. And later, targeted Bit9's core and successfully breached it.

Bit9 issued a; counter-claimed,no-follow,https://blog.bit9.com/2013/09/20/a-few-thoughts-about-a-symantec-report/; that the report by Symantec is biased and inaccurate. Bit9 reported that the victims pointed out by Symantec are the wrong people - they are not those from critical infrastructure companies nor defense contractors.

Sep 16, 2013 - Reuters: Iran unblocks Facebook and Twitter access

I've READ from; Reuters, no-follow, http://www.reuters.com/article/2013/09/17/net-us-facebook-twitter-unblocked-idUSBRE98G02720130917; that for the first time since 2009, Facebook and Twitter became accessible to Iranian for the first time since 2009.

Sep 13, 2013 -Kaspersky Lab Brings its Best Security Technologies Together

I've been INFORMED that Kaspersky Lab announces the global availability of Kaspersky Internet Security – Multi-Device, a new security product that provides premium protection for the world’s most commonly-used devices.

Now, instead of purchasing several products to protect a portfolio of smart devices, Kaspersky Internet Security – Multi-Device gives users a way to secure their Internet activity across multiple computers and mobile devices, all through a single purchase.

Original reference.

Media contact:

nabila yahya
+603.8075.6000
nabila.yahya@aboutcom.com.my

DUBAI, United Arab Emirates / Singapore - Sep 12, 2013 - AccessData Partners with Contego Solutions to Fortify Digital Forensics Capabilities of Middle East Enterprises

I've been INFORMED by PR Firm that AccessData, through distribution partner ARM, has signed a partnership agreement in the Middle East with Contego Solutions, an Incident Response and Digital Forensics specialist firm.

The partnership will enable Contego Solutions to incorporate AccessData’s market leading technology, including its Cyber Intelligence & Response Technology (CIRT), Forensic Toolkit® (FTK®), AD Lab and Mobile Phone Examiner Plus™ (MPE+™) solutions, in the design and deployment of digital forensics laboratories of regional enterprises.

Contego Solutions will offer AccessData's entire products portfolio including the standalone FTK and MPE+ for small to medium size labs and ‘AcessData Lab’ for large labs handling massive data sets, utilizing a distributed workforce, or looking to collaborate with attorneys, HR personnel or other non-forensic parties.

Original reference.

Media contact:

Melody Espanol
Office +65-3151-4760
Phone +65-9754-9744
melody@preciouscomms.com


Singapore - Sep 12, 2013 - Bouygues Telecom Secures Critical Business Systems with CyberArk Solutions

I've been INFORMED by PR Firm that CyberArk has been selected by Bouygues Telecom – one of the largest communications service providers in France – to protect the company’s critical assets and customer data through the management of its privileged credentials.

The implementation of CyberArk’s Privileged Identity Management (PIM) and Privileged Session Management (PSM) suites have replaced two pre-existing custom-built systems – including a repository in which internal privileged passwords were previously stored.

Original reference.

Media contact:

Tony Tan or Pradnyesh Kothare
Siren, Part of Havas Worldwide
Tel: +65 6317-6709
E-mail: tony@siren-communication.com
pradnyesh.kothare@havaswwsiren.com

Sep 12, 2013 - Reuters: Hacker steals two million Vodafone data

I've READ from; Reuters,no-follow,http://www.reuters.com/article/2013/09/12/us-vodafone-germany-idUSBRE98B0MI20130912; that a hacker has stolen the database of two million Vodafone Germany customers.

Nevertheless, it was reported that no passwords have been obtained in the process.

Comments