According to a 3-month study of 600 botnets which have infiltrated enterprise networks, bot infections are on the rise in the corporate environment. The research, done by Damballa, indicates that it is small botnets, not large ones, that are the most prevalent in the enterprise environment:

As you can see from the graph above, 57% of the botnets infecting enterprises are considered “small”, which is defined as a botnet with 1-100 active members. However, despite being less well-known, these botnets are potentially more dangerous:

While many people focus on the biggest botnets circulating around the Internet, it appears that the smaller botnets are not only more prevalent within real-life enterprise environments, but that they’re also doing different things. And, in most cases, those “different things” are more dangerous since they’re more specific to the enterprise environment they’re operating within.

The study indicates that many of these small botnets have been created with low-cost or free DIY kits that can be downloaded from the Internet. In most cases, these small botnets are described as “highly-targeted at particular enterprises”, sometimes requiring a degree of familiarity of the breached enterprise. This could indicate an insider threat issue that we previously haven’t seen or talked about. The target data in these small botnets is often professionally managed with financial controller authentication details (for money transfers), customer database and source code being the top targets.

The problem with these small botnets, aside from their very targeted attacks, is that they often evade detection. Though they are small, these botnets are very dangerous! Damballa puts out a product to detect botnets, but I know very little about it. You can do some independent research on your own to determine how your enterprise will try to detect such intrusions.

Via dark reading

Lenovo and Absolute have introduced a new service called Lost & Found which makes it very easy to return a ThinkPad laptop to its owner.  A lost laptop can be catastrophic in so many ways – a business could lose money, data breaches may occur and that’s not even including the lost time and productivity. 

The Lost & Found service is available exclusively on Thinkpad laptops that have been enabled with Absolute’s Computrace for Lenovo at no extra cost. 

This is a great deal since it is free with Computrace for Lenovo and it can help give ThinkPad laptop owners some peace of mind.  Our lives are so busy and, while it might seem that a laptop is a large item to misplace, it’s pretty common for a laptop bag or case to get forgotten on the bus or under the table at a restaurant.  Just at US airport alone, 12,000 go missing each week.

It’s also very useful since people who find computers may not know exactly what to do with them.  Lost & Found takes the guesswork out of the process so that the lost laptop gets back to its owner as quickly as possible.

image: Lenovo

Most Collateral Recovered: Over $100,000 in Stolen Property

Scenario: While its owner slept, a laptop equipped with Computrace LoJack for Laptops was stolen in a home burglary. Two days later, Absolute was able to track the machine’s location and unauthorized user – all of the information police needed to identify a suspect and produce a search warrant. The search warrant was executed and the victim’s laptop recovered. Also seized at the scene: car parts, motorcycles, additional computers, and electronics among other stolen items, with a total value in excess of $100,000.

Most Distant Recovery: South Africa

Scenario: With Computrace LoJack for Laptops ever expanding its recovery borders, a laptop was recently recovered in Cape Town, South Africa just weeks after it was stolen in a home burglary.

Speediest Recovery: 6 Days

Scenario: Less than one week after it was stolen from a university rec hall, a laptop was returned to a relieved student, and the two thieves involved were arrested.

Most Computers Recovered by One Investigator: 17

Scenario: A recent burglary left a US college 17 computers lighter. With the help of Computrace, a skilled investigator was able to recover all 17, each from different locations but all with a connection to a single suspect. The outcome was favorable: a thwarted suspect facing multiple charges, an investigator impressed by Computrace’s capabilities and a happy school reunited with what is rightfully theirs.

Learn more about the Absolute Theft Recovery process

Please note that indictments and criminal complaints are merely unproven accusations and the accused in all cases are presumed innocent until proven guilty

The U.S. House Judiciary subcommittee met about the possibility of imposing legislation that would punish those who try to “coerce, intimidate, harass or cause substantial emotional distress to a person.”  It was proposed that offenders spend up to two years in prison for what is being called “cyberbullying.” 

Indeed, this is becoming a very serious and potentially deadly issue.  In 2006, the suicide of 13-year-old Megan Meier made headlines since she had been the victim of cyberbullying on MySpace.  The perpetrator ended up being an adult neighbor who was pretending to be a teenage boy.

On the flipside, students were suspended for bullying their principal through Facebook by calling him a “Grinch of School Spirit” and making sexually explicit, derogatory comments about him. 

The proposed legislation was actually inspired by Megan and has been dubbed the “Megan Meier Cyberbullying Prevention Act.”  Since people from all walks of life can now be hurt electronically (often anonymously), this legislation seems like a good idea, but the committee members felt that it could lead to a breach of free speech.

The bill aimed to specify “serious, repeated hostile communications made with the intent to harm” and one would think that this falls under the category of harassment, which is not permitted, regardless of one’s right to express themselves freely.

Without any legislation in place, the rules are very murky on this issue, which makes it hard to hold anyone accountable for their actions and how they might be harming someone else.

Since no action was taken on the proposed bill, the future of cyberbullying remains in question. 

image: Flickr Creative Commons

Dell has designed the new Inspiron Mini Nickelodeon notebook for kids, which is a great idea since it’s the right size for little hands, it’s super light (less than 3 pounds) and includes educational software that both parents and children will love. 

With so many kids using computers today, it’s no surprise that parents are looking for ways to  keep young ones, and their computers, safe. 

Absolute recognizes this need and has partnered with Dell to include a free 12-month subscription of Computrace LoJack for Laptops with their Inspiron Mini Nickelodeon notebooks. 

Absolute’s Vice President of Consumer Business, Mark Grace, had the following to say: “As any parent can tell you, once you put a highly portable computer like the Dell Inspiron Mini Nickelodeon Edition in the hands of your kids, they don’t want to put it down, let alone lose it altogether.  That’s why we have collaborated with Dell to include a subscription to Computrace LoJack for Laptops on every Nickelodeon Edition sold. With this protection conveniently built in, parents can feel secure knowing that Computrace LoJack for Laptops will help keep their kids safe by making their computers unattractive to thieves.”

This is definitely a great deal and the timing is perfect since school has just started and a lot of children are looking for a new computer. 

image: Dell

Absolute has opened a regional office in Tokyo, Japan in response to the growth in the Asian marketplace.  As a result, Japanese users will now be able to use Computrace for computer tracking as well as IT asset management and data protection. 

An Absolute Theft Recovery Team has been established in Asia better facilitate our computer recovery services.

This expansion means that Computrace is now available throughout North America, Europe, the Middle East and Africa, South America, Australia/New Zealand and, now,  Japan.

For more information about Computrace One as well as Computrace Mobile, Computrace for Netbooks, Computrace Data Protection, and Absolute Track in Japan, please visit www.absolute.com/japan.

Fastest Recovery

Recovery Time: 65 minutes
Location: CO, US
Scenario: After a laptop was stolen from an elementary school, Absolute was able to promptly identify the name and location of its unauthorized user. This information was passed over to police that afternoon, who, just over one hour later, recovered the computer from the identified suspect. The suspect will be charged with receiving stolen property – the power cord with the victim’s name printed on it was a dead give away… 

Sketchiest Alibi

Location: WA, US
Scenario: Absolute identified a youth as the unauthorized user of a stolen laptop before passing the information onto police for further investigation. Police visited the youth’s residence, where his dad explained a rather interesting tale. According to the father, he had recently stopped by the local pawn shop to purchase a computer, but it was closed when he got there (actually, it’s been closed for many years). Out of chance, alleged the father, a guy happened to walk by said closed pawn shop and have a laptop in hand, which, kindly, he offered for sale. Police were suspicious at this point, and a quick search of the father’s name proved why – he had been listed as a ‘witness’ on the original laptop theft report, where he had claimed to have seen an older woman steal the machine. With his story failing to add up, the father was charged with theft. The laptop has since been returned to its rightful owner.

Most Questionable ‘Friend’

Location: FL, US
Scenario: After her laptop was stolen from her parked car, a distraught customer shared her story with coworkers and friends. She not only detailed the scenario of the theft, but also, that the machine was equipped with Computrace LoJack for Laptops and so police and Absolute were busily working toward the laptop’s recovery. Within days, a ‘friend’ returned the stolen machine to her, claiming to have taken it as a ‘joke’. Ha. 

Earlier this month we talked bout “scareware“. One such attack recently was perpetrated through the popular social networking site Twitter. In fact, this week I have witnessed several different phishing schemes on Twitter.

1. Scareware Scam: Scammers were found to be using machine-generated Twitter accounts to post messages about popular topics. Each of these messages would include a link, often disguised using a link-shortening service (making it difficult to know where the link would lead). The link would lead to servers hosting fake Windows antivirus software.

2. DMs that Steal Logins: This second scam would use hacked accounts to send direct messages (DMs) to users. Clicking the link in the scam would take you to a fake login page in a ploy to steal your login information. This scam would then perpetrate to all the friends of the compromised account. Receiving direct messages with links from “friends” increases the likelihood these links will be clicked.

3. Baiting Users: I have witnessed attempts by several auto-generated accounts to bait particular users. To do so, they will accuse the user of something, such as a political stance, in repeated @ messages. This will be retweeted or continued by a whole series of other accounts. In all cases, the accounts will have other “real” looking tweets with links in them, trying to bait you to check the account and click the links.

In reference to the second scam, I know of individuals who had their accounts breached without handing over their passwords, so it’s imperative that anyone who has received direct messages with links not click those links. If you do, change your password right away and contact Twitter support to report the issue.

I myself have been baited by many of these schemes, but I never click the links. Here, for example, is one a “friend” sent me yesterday:

If you are unsure about a particular link, don’t click it. If it is a shortened URL, you can see what it leads to with a service such as LongURL. If you use Firefox and want added protection from cross-site scripting attacks, you can install the NoScript plugin.

Via mashable, computer world

There are many types of information that people don’t want to share with the world but someone’s personal medical history is probably at the top of that list.  The reasons we visit the doctor’s office can vary from mundane to downright embarrassing (or even scary), so it’s no surprise that many patients really depend on the rules surrounding confidentiality to protect this very private information.

Unfortunately, medical students may not realize the importance of patient privacy, which is evidenced by the fact that we’ve started seeing disclosures more and more through the use of social networking tools and modern technology.  For example, one surgeon found the fact that his patient had the words “hot rod” tattooed on his genitals so funny that he took a picture and shared it with his colleagues. 

As CNN reports, 60% of medical schools “have had students post inappropriate or unprofessional information on the Web.”  While most of this information pertained to their own behavior, 13% of them shared content that violated patient privacy.  Incredibly, there were even instances when some students were so descriptive that their patients were identifiable. 

Incredibly, only 38% of the affected schools had policies in effect to deal with inappropriate sharing on the internet but, at least, 11% of the remaining schools were working on creating guidelines. 

This illustrates the fact that many professions have not had to deal with internet security issues on this level but, while some are trying to actively address the issues, the public is at risk in the meantime. 

image: sxu.hu

The SANS Institute has just released the results of a comprehensive study on the topic of cyber security risks. The study is based upon prevention systems in 6,000 organizations and vulnerability data from 9 million systems. The study indicates that there are two major risks out there to organizations, both of which could be mitigated.

Cyber attacks are a growing issue to organizations of all sorts, with new and sophisticated attacks being created every day. Though organizations may have difficulty keeping up with the threat landscape, this study found that organizations are not doing what they could to mitigate the two largest risk areas. Specifically, client-side software is remaining un-patched and websites are not being scanned for common flaws that criminals use to exploit visitors to those sites.

Waves of targeted email attacks, often called spear phishing, are exploiting client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office. This is currently the primary initial infection vector used to compromise computers that have Internet access.

The ultimate goal of attackers is to steal information and to install “back doors” so that the attacker can return to further exploit organizational systems. The study found that major organizations take at least twice as long to patch client-side vulnerabilities as they do to patch operating system vulnerabilities. Addressing this single issue could drastically reduce your risk of being exploited. What this also means is that the question of Mac vs PC is not going to be your solution to mitigating risk, as these risks come from cross-platform applications and from the Internet.

The report, which is available here, targets major organizations who want to ensure their defenses are up to date. The report shows some interesting patterns to data and includes a tutorial on how some of the most damaging attacks actually work. You may find it handy to print this report off to study the graphs in detail.