Cyberattack

Cyberattack / News Briefs

Two Years Later the Conficker Worm Not Entirely Disappeared

In a SecurityWeek article today, Ram Mohan writes: "Just over two years ago, the Internet held its breath. The high-profile, widely proliferated Conficker worm had been in the wild from October 2008; its largest mutation was revealed in February 2009, with a widely publicized activation date of April 1, 2009. ... What we do know: Conficker could have proved much more damaging than it ultimately did, and the threat has not entirely disappeared."

Garth Bruen Discussing Whois, DNSSEC and Domain Security

NameSmash has interviewed Garth Bruen, Internet security expert and creator of Knujon, on some key issues under discussion during the recent ICANN meetings in San Francisco. Topics include Whois, DNS Security Extensions (DNSSEC) and generic Top-Level Domains (gTLDs) -- issues of critical importance particularly with ICANN's expected roll-out of thousands of new gTLDs in the coming years.

More Targeted Phishing, Spam and Mobile Attacks; IBM Reports 150K Security Events Per Second

IBM today released the results from its annual X-Force 2010 Trend and Risk Report, identifying more targeted phishing, spam and mobile attacks. The report also finds cloud security continuing to evolve. "From Stuxnet to Zeus Botnets to mobile exploits, a widening variety of attack methodologies is popping up each day," says Tom Cross, threat intelligence manager, IBM X-Force. "The numerous, high profile targeted attacks in 2010 shed light on a crop of highly sophisticated cyber criminals, who may be well-funded and operating with knowledge of security vulnerabilities that no one else has. Staying ahead of these growing threats and designing software and services that are secure from the start has never been more critical."

New Anti-phishing Initiative Introduced by Yahoo!

Neil Schwartzman writes to report: "The company announced the Yahoo! Mail Anti-Phishing Platform (YMAP) yesterday. The technology is predicated upon the use of both DKIM and Sender Policy Framework (SPF) to identify authentic messages. As part of the initiative, Yahoo! has partnered with email authenticators Authentication Metrics, eCert, Return Path, and Truedomain to provide broad-band coverage of well-known brands."

Microsoft, Federal Agencies Take Down Rustock Botnet

Neil Schwartzman writes: "There is a lot of press on the profound effect the take-down of the Rustock botnet, affected by Microsoft, some U.S. federal agencies, and countless others working in the background to assist in the effort. CAUCE has aggregated a few of the best stories and data-points. A community congratulations, and thank-you to all those involved!"

Cybercriminals Shifting Focus From Windows PCs to Other Systems and Mobile

In a major cybercrime turning point, scammers have begun shifting their focus away from Windows-based PCs to other operating systems and platforms, including smart phones, tablet computers, and mobile platforms in general, according to the Cisco® 2010 Annual Security Report, released today. The report also finds that 2010 was the first year in the history of the Internet that spam volume decreased, that cybercriminals are investing heavily in "money muling," and that users continue to fall prey to myriad forms of trust exploitation.

Average Daily Malware at All Time High, Spam Lowest Since 2008

McAfee, Inc. today unveiled its McAfee Threats Report: Third Quarter 2010, which uncovered that average daily malware growth has reached its highest levels, with an average of 60,000 new pieces of malware identified per day, almost quadrupling since 2007. At the same time, spam levels decreased in volume this quarter, both globally and in local geographies. Spam hit a two year low this quarter while malware continued to soar. More than 14 million unique pieces of malware were identified in 2010, one million more than Q3 2009.

Myanmar Internet Down from Massive DDoS Attack

Craig Labovitz of Arbor Networks reports: "Back in 2007, the Myanmar government reportedly severed all Myanmar Internet connectivity in a crackdown over growing political unrest. Yesterday, Myanmar once again fell of the Internet. Over the course of the past several days, Myanmar's main Internet provider, the Ministry of Post and Telecommunication (or PTT for short), suffered a large, sustained DDoS attack disrupting most network traffic in and out of the country."

Q3 Saw Massive Virus Volumes While Spam Remained Steady

Spam and virus trends in Q3'10 confirm that spammers are still hard at work distributing malicious content in new and creative ways, according to the latest reports. The latest spam and virus trends report is produced by Postini, Google's email security and archiving service that, according to the company, processes more than 3 billion email messages per day and more than 50,000 businesses.

U.S. Now Leading Source of Attack Traffic, Followed by China and Russia

The U.S. became the top attack traffic source in the second quarter of 2010, accounting for 11% of observed attack traffic in total, reports Akamai in its State of the Internet Report released today. According to the report, China and Russia held the second and third place spots, accounting for just over 20% of observed attack traffic. Attack traffic from known mobile networks has been reported to be significantly more concentrated than overall observed attack traffic, with half of the observed mobile attacks coming from just three countries: Italy (25%), Brazil (18%) and Chile (7.5%).

Richard Clarke: Defend Against Cyberwar by Re-Architecting Networks, Not Buying More Technology

In his keynote yesterday at the RSA Security Conference, former U.S. top chief counter-terrorism adviser, Richard A. Clarke, said cyberwar defence efforts need to focus on re-architecting networks not buying more technology.

Over Half of Critical Infrastructure Providers Report Politically Motivated Cyber Attacks

A recent study released today suggests 53 percent of critical infrastructure providers have experienced what they perceived as politically motivated cyber attacks. According to Symantec's 2010 Critical Information Infrastructure Protection (CIP) Survey, participants claimed to have experienced such an attack on an average of 10 times in the past five years, incurring an average cost of $850,000 during a period of five years to their businesses.

NIST Issues Smart Grid Cybersecurity Guidelines

The National Institute of Standards and Technology (NIST) issued today its first Guidelines for Smart Grid Cyber Security, which includes high-level security requirements, a framework for assessing risks, an evaluation of privacy issues at personal residences, and additional information for businesses and organizations to use as they craft strategies to protect the modernizing power grid from attacks, malicious code, cascading errors, and other threats.

Security Experts Urge Shifting from Defense to Offense in Cybersecurity

A report, released today by McAfee, Inc., titled "Security Takes the Offensive," says that traditionally, security technology companies and computer users have taken a defensive posture, putting the cyber equivalent of body armor on computers, networks and in the cloud. The report's authors say it is now time to avoid enemy strikes altogether by taking a more aggressive stance, aligning forces and involving law enforcement.

GlavMed Hacks U.S. Government Website

Garth Bruen writes: A report in LegitScript takes a look at Russian rogue Internet pharmacy hacking US government website. "As rogue Internet pharmacy networks become more sophisticated, even US government websites are at risk. Today, we're taking a look at how a rogue Internet pharmacy linked to a criminal network operating out of Russia and Eastern Europe has hacked into a US government website. The Millennium Challenge Corporation, a US foreign aid agency, utilizes a ".gov" top-level domain, which is assigned to the control of the US government. Domain names ending in .gov are typically administered by the General Services Administration."