Archive for the ‘Surveys & Reports’ Category

According to a 3-month study of 600 botnets which have infiltrated enterprise networks, bot infections are on the rise in the corporate environment. The research, done by Damballa, indicates that it is small botnets, not large ones, that are the most prevalent in the enterprise environment:

As you can see from the graph above, 57% of the botnets infecting enterprises are considered “small”, which is defined as a botnet with 1-100 active members. However, despite being less well-known, these botnets are potentially more dangerous:

While many people focus on the biggest botnets circulating around the Internet, it appears that the smaller botnets are not only more prevalent within real-life enterprise environments, but that they’re also doing different things. And, in most cases, those “different things” are more dangerous since they’re more specific to the enterprise environment they’re operating within.

The study indicates that many of these small botnets have been created with low-cost or free DIY kits that can be downloaded from the Internet. In most cases, these small botnets are described as “highly-targeted at particular enterprises”, sometimes requiring a degree of familiarity of the breached enterprise. This could indicate an insider threat issue that we previously haven’t seen or talked about. The target data in these small botnets is often professionally managed with financial controller authentication details (for money transfers), customer database and source code being the top targets.

The problem with these small botnets, aside from their very targeted attacks, is that they often evade detection. Though they are small, these botnets are very dangerous! Damballa puts out a product to detect botnets, but I know very little about it. You can do some independent research on your own to determine how your enterprise will try to detect such intrusions.

Via dark reading

The SANS Institute has just released the results of a comprehensive study on the topic of cyber security risks. The study is based upon prevention systems in 6,000 organizations and vulnerability data from 9 million systems. The study indicates that there are two major risks out there to organizations, both of which could be mitigated.

Cyber attacks are a growing issue to organizations of all sorts, with new and sophisticated attacks being created every day. Though organizations may have difficulty keeping up with the threat landscape, this study found that organizations are not doing what they could to mitigate the two largest risk areas. Specifically, client-side software is remaining un-patched and websites are not being scanned for common flaws that criminals use to exploit visitors to those sites.

Waves of targeted email attacks, often called spear phishing, are exploiting client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office. This is currently the primary initial infection vector used to compromise computers that have Internet access.

The ultimate goal of attackers is to steal information and to install “back doors” so that the attacker can return to further exploit organizational systems. The study found that major organizations take at least twice as long to patch client-side vulnerabilities as they do to patch operating system vulnerabilities. Addressing this single issue could drastically reduce your risk of being exploited. What this also means is that the question of Mac vs PC is not going to be your solution to mitigating risk, as these risks come from cross-platform applications and from the Internet.

The report, which is available here, targets major organizations who want to ensure their defenses are up to date. The report shows some interesting patterns to data and includes a tutorial on how some of the most damaging attacks actually work. You may find it handy to print this report off to study the graphs in detail.

McAfee has released its annual report on the “Most Dangerous Celebrities in Cyberspace”, outlining how risky the names of Hollywood stars and starlets are on the web. You may be surprised to know, for example, that searching for Barack Obama is less dangerous than celebrities such as Jessica Biel and Beyonce! I say surprised because all the hype and news reporting that surrounded the election and the economic crises focused on the riskiness of the President’s name in malware attacks.

This report looks at the searches of a celebrity figure and how many of those searches land on a website that’s tested positive for online threats such as viruses, spyware, adware, spam, phishing or other malware.

Jessica Biel was named as the Most Dangerous Celebrity in Cyberspace, with searches for “Jessica Biel”, “Jessica Biel downloads”, “Jessica Biel wallpaper”, or “Jessica Biel photos” having a one in five chance of landing on an unsafe website.

The top 10 most dangerous celebrities online are:

1. Jessica Biel
2. Beyonce (for second year)
3. Jennifer Aniston
4. Tom Brady
5. Jessica Simpson
6. Gisele Bundchen
7. Miley Cyrus
8. Megan Fox, Angelina Jolie
9. Ashley Tisdale
10. Brad Pitt

You can read details of the celebrities and why they’re risky here.

Image: Clipart

Breach Security has released it’s Web Hacking Incidents Database (WHID) 2009 Bi-Annual Report, indicating that social networking sites were the most targeted market for hackers so far this year.

The data, compiled from application-related security incidents that are publicly reported, indicates that 19% of the hacks in the first half of 2009 were targeting social networking sites like Twitter and Facebook. This is the first year when social networks became an attack sector. In 2008, government was the leading sector being targeted. The data also indicates a 30% increase in overall web attacks compared to the first half of 2008.

“The dramatic rise in attacks against social networking sites this year can primarily be attributed to attacks on popular new technologies like Twitter, where cross-site scripting and CSRF worms were unleashed,” said Ryan Barnett, director of application security research for Breach Security. “Looking back at 2008, a notable election year, government-related organizations were the top-ranked attack victims and have now dropped to number three. The WHID report demonstrates that hackers can be fickle, following popular culture and trends to achieve the most visible effect for their efforts, which means that companies must be vigilant in implementing web application systems and monitoring application activity.”

Download a copy of the report here.

Also making major news right now is the indictment of Albert Gonzalez on charges of hacking into the Heartland Payment Systems. Gonzalez is already awaiting trial over his involvement in the TJX hack, putting him as part of the hacking team behind two of the largest hacker-based breaches in history. Read more here.

McAfee has released the Q2 Threat Report for 2009, which indicates that spam volumes have gone up by 141% since March, making this the “longest ever streak of increasing spam volumes” on record. The Q1 threat report, discussed here, indicated that cybercriminals had taken over almost 12 million new IP addresses (zombies) since January, a 50% increase over 2008. This record has now been broken: Q2 set a new record for zombie computers levels, at nearly 14 million.

In addition to spam volumes, the Q2 report looks at some new trends and threats, as well as continued trends of cybercrime as a service and cybercriminals targeting social networks. Indeed, a major attack was led against Twitter and Facebook just this week.

Key Findings from this Threat Report:

• > 14 million computers have been enslaved by cybercriminal botnets (16% increase over Q1)
• Spam has risen 80% in this quarter, over Q1, with June beating the highest ever recorded spam level
• Spam comprised 92% of all mail, also setting a new record high
• Over a 30-day period, AutoRun malware troubled more than 27 million files, making it one of the most prevalent pieces of malware in the world (with a detection rate greater than Conficker was)
• There were nearly 14 million new zombies in Q2, also a new record. Computers in the U.S., China and Brazil lead for zombie figures.

Download the Q2 Report here [PDF].

Last month, Canada’s Privacy Commissioner released a statement about Facebook and its compliance with Canadian privacy laws. The statement is the result of a study into allegations by the Canadian Internet Policy and Public Interest Clinic that Facebook was not complying with 24 aspects of Canada’s Personal Information Protection and Electronic Documents Act. These aspects included default privacy settings, collection and use of personal information, and disclosure of personal information to third parties. Some of the findings concluded that the allegations were not well-founded, while others were supported.

As a result of the report, Canada has released its Report of Findings and its request that Facebook strengthen its privacy protections. The press briefing included some praise for Facebook’s current privacy measures, though many areas were identified for improvement.

Areas of requested improvement include:

• Improving information about privacy practices (example: information on deactivating vs deleting an account)
• Improving safeguards that restrict outside developers from accessing unnecessary profile information
• Deleting personal information after it is no longer necessary to meet appropriate needs (to comply with Canadian law)

Facebook made some improvements to their privacy measures when provided with an interim report; they now have 30 days (from July 16) to respond to the full report.

Facebook has agreed to adopt many of the recommendations stemming from the Privacy Commissioner’s investigation or, in some cases, has proposed reasonable alternatives to the measures recommended. However, there remain a number of recommendations that Facebook has not yet agreed to implement.

The Privacy Commissioner is empowered to go to Federal Court to seek that the recommendations be enforced. So, it may be that Canada’s report helps to strengthen Facebook privacy standards for all Facebook users!

Via internet evolution

Sophos has released its mid-year Security Threat Report for 2009, which looks at cybercrime for the first half of this year. The report indicates that cybercriminals have increased the focus of their attacks on social networking sites and that hackers are increasingly using scare tactics to solicit users to pay for rogue anti-virus software.

The report indicates that cybercriminals are both exploiting social networks to identify potential victims and then using these networks to attack them. The report encourages Web 2.0 companies to defend their existing users, rather than focusing on growing their userbase at the expense of security standards.

In terms of business data, the survey indicates that two thirds of businesses are worried that information shared by employees online may put their corporate infrastructure at risk. Right now, a quarter of organizations have been exposed to spam, phishing or malware via social networking sites like Facebook, Twitter and MySpace.

Read more about, and download, the report here.

According to The Times, more than 4 million British identities and more than 40 million individuals’ identities worldwide are being offered for sale on the internet. The information available for sale includes sensitive financial information (credit card / bank details, some PINs).

This information was reportedly made available online as the result of several initiatives. From what the report indicates, at least 250,000 bank / credit accounts were hacked into. Other information was the result of phishing, a process that dupes individuals to give over their details (such as log in details or credit card details). The information was intercepted over a four-year period by a British company, Lucid Intelligence, and collated into a single database, allowing these figures to be determined for the first time:

The Lucid Intelligence database contains the records of four million Britons, and 40 million people worldwide, mostly Americans. Security experts described the database as the largest of its kind in the world.

The report from The Times indicates that other sensitive information, such as corporate email access details, is being sold in online forums or hacking websites. This puts companies at risk for data breach issues.

Individuals can search the database for free, for now, to see if their information has been sold online. It will specify what information about you is known – whether it’s just your email address, your mailing address, or more high risk information such as banking details. You can learn more about the initiative here.

It’s quite an interesting venture – what do you think about it?

According to the Cisco 2009 Midyear Security Report, internet criminals are becoming more sophisticated, using increasingly targeted attacks. However, Cisco predicts that increased collaboration between organizations, like what we saw with Conficker, and new security policies may make it more difficult for attacks to infiltrate and spread.

The Midyear Security Report provides an overview of Cisco security intelligence, including information about new threats and trends, for the first half of 2009. Highlights from the Report:

• Criminals are exploiting traditional vulnerabilities because they believe security experts and users are paying little attention to these types of threats.
• Compromising legitimate websites to propagate malware remains a highly effective technique
• Web 2.0 applications have become lures for criminals
• Criminals are now targeting online banking customers using well-designed, localized text message scams
• The Obama administration has made strengthening U.S. cybersecurity a high priority, and plans to meet threats by using technological innovations and partnering with the private sector. Other countries are following suit.
• Compared to 2008, the number of vulnerabilities and discrete threats has not risen as quickly.

Given the interest in insider threats, the report also details a possible increase in this threat given the current economic instability. This section of the report simply reiterates other studies and articles on the topic, simply providing context for what could be a growing security trend.

Download the report here.

Via eweek

According to the 2009 Annual Study on Enterprise Encryption Trends, completed by Ponemon Institute and sponsored by PGP, indicates that while encryption strategies have become more consistent, data breaches continue to be an issue. In addition, the data indicates that mobile security is becoming more of an issue, with 51% of respondents indicating a complete lack of encryption on mobile devices (smartphones, PDAs).

This is the 4th annual study on enterprise encryption, basing the data this year on 997 IT and security practitioners in the US (a UK study is also available). The study looks at trends in encryption use, planning strategies, budgeting, and deployment methodologies in enterprise IT.

Highlights from the study:

• 78% of organizations have an encryption strategy in place (74% in 2008)
• 85% experienced at least one data breach in the last 12 months (84% in 2008)
• 22% experienced >5 data breaches in the last 12 months (13% in 2008)
• 58% say data protection is a very important part of overall risk management
• 59% say encryption of data on mobile devices is very important or important
• 26% indicate they encrypt their smartphone or PDA ‘most of the time’
• 51% have no encryption in place for the smartphone or PDA

I was surprised that the repeat data breach figures had gone up so dramatically, showing perhaps that data breaches are becoming chronic issues in some companies. This could indicate a lack of proactive security planning and risk assessment.

The study does indicate that companies are seeking out encryption solutions to preserve brand and reputation, in addition to mitigating breaches and meeting compliance regulations. This shows, perhaps, that companies are ready to take a more pro-active approach to security planning. Remember, too, that encryption is only a part of the solution to pro-active security planning. Absolute Software can help with other pieces of that puzzle, providing IT Asset Management & Theft Recovery for laptops and mobile devices.

Download the report, for the UK or the US, here.

Via SC Magazine