Archive for the ‘Security’ Category
Wednesday, February 22nd, 2012
 The Symantic 2012 State of Mobility Survey revealed a global tipping point in mobility adoption.
The survey highlighted an uptake in mobile applications across organizations with 71 percent of enterprises at least discussing deploying custom mobile applications and one-third currently implementing or have already implemented custom mobile applications.
Take a look at this infographic on the survey results.
Despite this adoption, almost half (48 percent) of survey respondents mentioned that mobility is somewhat to extremely challenging and a further 41 percent of survey respondents identified mobile devices as one of their top three IT risks.
Yet in the face of these challenges, IT is striking a balance between mobile benefits and risks by transforming its approach to mobility to deliver improved business agility, increased productivity and workforce effectiveness.
“We are impressed by the pace of mobile application adoption within organizations,” said CJ Desai, senior vice president, Endpoint and Mobility Group, Symantec.
“This cultural change from refusing mobile devices not long ago, to actively distributing and developing mobile applications, has introduced a new set of challenges and complexities for IT staff. Encouragingly, from a security perspective, a majority of organizations are thinking beyond the simple case of lost or stolen mobile phones.”
Read more detailed blog posts:
The State of Mobility Survey reveals the challenges organizations are grappling with in accommodating the mobility tipping point and also identifies and quantifies mobility-associated risks as perceived by IT decision makers. In this survey, more than 6,000 organizations from 43 countries bring to light the change in the usage of mobile devices and mobile applications.
Mobile Devices Now Critical Business Tools
The significant adoption of mobile applications demonstrates remarkable confidence, by organizations, in the ability for mobility to deliver value. This confidence is further supported by a rare alignment between expectations and reality.
Generally, the gains expected from new technologies far exceed the reality upon implementation. However, for the smartphones and tablets currently in use, 70 percent of those surveyed expected to see increased employee productivity, yet 77 percent actually saw productivity gains after implementing.
Furthermore, 59 percent of respondents are now relying on mobile devices for line-of-business applications, another sign that mobility has graduated to mainstream status.
Mobile Initiatives Significantly Impacting IT Resources
As with the adoption of any new technology, mobility is challenging IT organizations. Almost half (48 percent) of respondents mentioned that mobility is somewhat to extremely challenging, while two thirds noted that reducing the cost and complexity is one of their top business objectives.
In Symantec’s view, this increased pain level indicates the transition from small pilots and tactical implementations — where policies are often bypassed and exceptions are made — to enterprise-wide deployments where policy standards across a larger scale introduce greater complexity.
This also suggests that many implementations are not yet taking sufficient advantage of their existing enterprise systems and processes, which would alleviate much of the pain and cost that comes with larger scale and resource duplication.
Mobility Risks Impacting Organizations
Mobile adoption is not without risks, and IT organizations recognize this challenge. Approximately three out of four organizations indicate maintaining a high level of security is a top business objective for mobility and 41 percent identified mobile devices as one of the top three IT risks, making it the leading risk cited by IT.
Concerns are wide-ranging, from lost and stolen devices, data leakage, unauthorized access to corporate resources and the spread of malware infections from mobile devices to the company network.
With mobile devices now delivering critical business processes and data, the cost of security incidents can be significant. The average annual cost of mobile incidents for enterprises, including data loss, damage to the brand, productivity loss, and loss of customer trust was USD$429,000 for enterprise. The average annual cost of mobile incidents for small businesses was USD$126,000.
Recommendations
Organizations that choose to embrace mobility, without compromising on security, are most likely to improve business processes and achieve productivity gains. To this end, organizations should consider developing a mobile strategy that defines the organization’s mobile culture and aligns with their security risk tolerance.
Some key recommendations include:
- Enable broadly: Mobility offers tremendous opportunities for organizations of all sizes. Explore how you can take advantage of mobility and develop a phased approach to build an ecosystem that supports your plan. To get the most from mobile advances, plan for line-of-business mobile applications that have mainstream use. Employees will use mobile devices for business one way or another — make it on your terms.
- Think strategically: Build a realistic assessment of the ultimate scale of your mobile business plan and its impact on your infrastructure. Think beyond email. Explore all of the mobile opportunities that can be introduced and understand the risks and threats that need to be mitigated. As you plan, take a cross-functional approach to securing sensitive data no matter where it might end up.
- Manage efficiently: Mobile devices are legitimate endpoints that require the same attention given to traditional PCs. Many of the processes, policies, education and technologies that are leveraged for desktops and laptops are also applicable to mobile platforms. So the management of mobile devices should be integrated into the overall IT management framework and administered in the same way — ideally using compatible solutions and unified policies. This creates operational efficiencies and lowers the total cost of ownership.
- Enforce Appropriately: As more employees connect their personal devices to the corporate network, organizations need to modify their acceptable usage policies to accommodate both corporate-owned and personally-owned devices. Management and security levers will need to differ based on ownership of the device and the associated controls that the organization requires. Employees will continue to add devices to the corporate network to make their jobs more efficient and enjoyable so organizations must plan for this legally, operationally and culturally.
- Secure comprehensively: Look beyond basic password, wipe and application blocking policies. Focus on the information and where it is viewed, transmitted and stored. Integrating with existing data loss prevention, encryption and authentication policies will ensure consistent corporate and regulatory compliance.
Resources
Tags: mobile app benefits, mobile app risks, mobile apps in the enterprise, Symantec, tips on adopting mobile apps
Posted in Internet/New Media, IT, Mobile, Security, smartphones, Studies, surveys, reports, Telecommunications | No Comments »
Wednesday, February 22nd, 2012
 On a social network where it is possible to share personal information with 850 million people worldwide, users are increasingly opting to do just the opposite. A study of 1.4 million Facebook members indicates a dramatic rise in demand for privacy, with the number of users choosing to hide their friend list up more than 200 percent over a 15-month period.
The research also reveals stronger privacy preferences among women and members with higher incomes.
Keith Ross, the Leonard J. Shustek Professor of Computer Science at the Polytechnic Institute of New York University (NYU-Poly), led the study as part of an ongoing inquiry into Internet privacy leaks and trends.
Ross and co-investigators Ratan Dey and Zubin Jelveh — both doctoral candidates at NYU-Poly — crawled the public profile pages of 1.4 million Facebook users in New York City in March 2010 and June 2011, noting which aspects of the profile were accessible and which were hidden.
The public profile is the page displayed when viewing the profile of someone with whom the searcher is not a designated Facebook friend. The amount of information available on the public page can be adjusted according to user preferences.
Combination of factors involved
In March 2010, 17 percent of users in the sample hid their friend list from their public profile. Just 15 months later, 53 percent of users opted to make that list private. Other aspects of the profile, including age, high school name and graduation year, network, relationship, gender, interests, hometown and current city, were also hidden with greater frequency in the later survey. In 2010, only 12 percent of the sampled users hid personal information in all of these categories. By 2011, that number jumped to 33 percent.
Ross credits a combination of social and policy factors for the shift in privacy preferences.
“During the time of our research, Facebook implemented a major redesign in its privacy options, partly due to pressure generated by a huge uptick in media stories about the vulnerabilities of revealing personal information online,” explains Ross. “We believe that greater sensitivity and public awareness of privacy issues, combined with easier privacy options on Facebook, spurred more members to protect their information.”
Correlation between income and privacy
Ross and his collaborators used information from the public profiles to extrapolate additional data points about Facebook users’ privacy preferences. Women in both samples were more private than men — as of June 2011, 55 percent of women restricted their personal information, versus 49 percent of men.
Data analysis also points to a potential correlation between income and privacy. Users in the wealthiest areas of New York,Manhattan specifically, were likeliest to hide their personal information. Among the other boroughs, Staten Island ranked second in privacy, followed by Brooklyn, the Bronx and Queens.
While the profiles studied do not represent a random sample, the diverse demographics of New York City lead the researchers to believe that the increased privacy demands are indicative of general trends in the country and perhaps globally. To the authors’ knowledge, this is the largest analysis of Facebook users’ privacy preferences.
Tags: Facebook privacy, Keith Ross, Polytechnic Institute of NY, privacy preferences, profiles
Posted in Facebook, Internet/New Media, Security, social media, Studies, surveys, reports | No Comments »
Wednesday, February 22nd, 2012
 Facebook has been hit with yet another suit. Facebook Inc. unlawfully tracked the internet activities of its users, the Baltimore-based Murphy, P.A. alleged in a lawsuit filed on Friday.
Facebook ignored repeated inquiries from an internet technology and security blogger who discovered that the unique identifiers Facebook uses to identify its members continued to track their internet usage even after they had logged off of Facebook.com, Murphy, P.A. alleged in the lawsuit.
Facebook’s actions were unlawful, Murphy, P.A. claimed, because the terms of use and privacy policies posted on Facebook.com advised Facebook members that their post-log-out internet activities were not tracked.
Lawsuit alleges violations of federal and state laws
According to the lawsuit, which was filed in the U.S. District Court for the Northern District of California by Murphy, P.A., the Baltimore-based Law Offices of Peter G. Angelos, and the San Francisco office of Girard Gibbs LLP, Facebook’s actions violated several Federal and State laws, including the Federal Wiretap Act, the California Internet Privacy Requirements Act, and the California Unfair Competition Law.
“The days when online service providers can run roughshod over the privacy rights of their customers are over,” said Murphy, P.A. Founding Partner William “Billy” Murphy, Jr.
“Companies that operate commercial websites, such as Facebook, need to realize the public is increasingly concerned about its privacy rights. Perhaps even more importantly, there is a growing community of security experts and bloggers that is extremely savvy about internet technology and committed to ensuring that people’s privacy rights are respected and protected.”
Tags: Facebook sued, Murphy P.A., privacy violations
Posted in Facebook, Internet/New Media, Legal, Security, social media | No Comments »
Tuesday, February 21st, 2012
 Boston Research Group, a leading provider of research services, found that 78 percent of IT security professionals believe that network access control (NAC) is an essential function to protect enterprises from mobile device risks and that enterprises want unified policy controls to manage security risks for both mobile devices and PCs.
The research, which focused on mobile device management and mobile security, was completed in January 2012 and sponsored by ForeScout Technologies Inc., a leading provider of automated security control solutions for Fortune 1000 enterprises and government organizations.
The mobile security study surveyed 365 North American IT security professionals in companies having 1,000 employees or more. The findings present greater insight into how IT security professionals are influencing mobile device management (MDM) purchases and their perceptions of mobile security risks.
Of those surveyed:
- 88% would either be the “purchaser” or the “purchase recommender” for an MDM tool. This suggests that the same people who make network and information security decisions will also be making MDM decisions.
- 68% are concerned about mobile security risks associated with mobile devices accessing corporate resources. The majority of concerns center on: data loss (26%), malware (23%), unauthorized users and devices (14%), and intrusions (13%).
- 78% believe that network access control is an essential feature for mobile security. While inventory management, software management and security management were deemed as important and essential, the means to enforce security policies based on identity, device, configuration, security posture and network activity are also considered crucial features for mobile security, capabilities available from NAC tools that are incomplete in MDM tools.
- 96% want unified security policy management for both mobile devices and PCs, reinforcing the need for a layered approach for managed and unmanaged handhelds and PCs in the enterprise.
“IT professionals see many of the same security risks in mobile devices such as smartphones that have long been a concern for laptops and notebook computers. Device mobility, wireless access, personal applications and the high risk of lost or stolen handhelds creates a need for added defenses against data loss, unauthorized access and malware,” said Paul McClanahan, research analyst and partner at the Boston Research Group.
“The study also showed that IT security teams are well involved in MDM purchase and implementation decisions.”
Security teams want the same endpoint intelligence, security assessment and enforcement options for mobile devices as they have for PCs, and they want it all managed from one operating console. ForeScout today introduced ForeScout Mobile to meet these requirements by delivering the industry’s first unified approach for NAC, BYOD and MDM. .
Tags: Boston Research Group, ForeScout Technologies, mobile device management, mobile security, network access controls
Posted in IT, Mobile, Security, smartphones, Studies, surveys, reports, Telecommunications | No Comments »
Monday, February 20th, 2012
 In the wake of a Stanford University researcher’s study that found Google has been violating people’s online privacy choices, Consumer Watchdog said today the Internet giant was lying to users and called for the Federal Trade Commission to act. iPhone and iPad users were targeted.
“Google has clearly engaged in ‘unfair and deceptive’ practices,” said John M. Simpson, Consumer Watchdog’s Privacy Project director. “They have been lying about how people can protect their privacy in their instructions about how to opt out of receiving targeted advertising.”
Read Consumer Watchdog’s letter to the FTC here: http://www.consumerwatchdog.org/resources/ltrleibowitz021712.pdf
A study made public today by Jonathan Mayer of Stanford University’s Security Lab, and the Center for Internet and Society, found that Google has been circumventing a privacy setting in Apple’s Safari web browser. Like most web browsers, Safari provides the option not to receive third-party “cookies.” Cookies are small bits of code placed on the browser and can be used by ad networks to track you as you surf the web. Blocking third-party cookies is supposed to prevent such tracking.
Safari is the primary browser on the iPhone and iPad.
The Stanford study found that three other companies – Vibrant Media Inc., WPP PLC’s Media Innovation Group LLC and Gannett Co.’s PointRoll Inc. — were also circumventing the Safari privacy setting.
Read the Stanford study here:
http://webpolicy.org/2012/02/17/safari-trackers/
Read the Wall Street Journal article here:
http://online.wsj.com/article_email/SB10001424052970204880404577225380456599176-lMyQjAxMTAyMDEwNjExNDYyWj.html?mod=wsj_share_email#articleTabs%3Darticle
In a letter to FTC Chairman Jon Leibowitz, Consumer Watchdog’s Simpson wrote:
“The Stanford study found that Google’s DoubleClick ad network was sending out software invisible to the user that circumvented the Safari setting and allowed a tracking cookie to be set. The study results were first reported in the Wall Street Journal.
 “Safari users with the browser set to block third-party cookies, thought they were not being tracked. Nonetheless, because of an element invisible to the user, but designed to mimic a form, DoubleClick was able to set tracking cookies in an obvious violation of the set preference.”
“Making Google’s actions even more outrageous is false advice it gave to Safari users in describing how to permanently opt out of receiving Google’s targeted advertising.”
Google has developed a so-called browser “plugin” for Internet Explorer, Firefox and Google Chrome that makes the opt-out persistent. Google has not developed a plugin for Safari. The false advice Google gave Safari users follows:
“While we don’t yet have a Safari version of the Google advertising cookie opt-out plugin, Safari is set by default to block all third-party cookies. If you have not changed those settings, this option effectively accomplishes the same thing as setting the opt-out cookie.”
Google then explained how to verify the setting. View a screenshot of the Advertising Cookie Opt-out Plugin advice page taken on February 14 here: http://www.consumerwatchdog.org/resources/screen_shot_2012-02-14_at_5.04.05_pm.png
“But the advice was false. Google was lying,” wrote Simpson. “It was in fact circumventing the privacy choice and setting DoubleClick tracking cookies.”
Google’s behavior unfair and deceptive?
 Clearly Google knows that it was in the wrong, Consumer Watchdog said.
After the company was confronted about the Stanfordresearch, it changed its advice page, removing the specific references to Safari. View a screenshot of the sanitized Advertising Cookie Opt-out Plugin advice page taken on Feb. 15 here: http://www.consumerwatchdog.org/resources/screen_shot_2012-02-15_at_4.42.49_pm.png
Consumer Watchdog’s letter concluded:
“Google’s behavior is clearly “unfair and deceptive,” but more than that, it violates the ‘Buzz’ Consent Decree, which you reached with Google after it violated users’ privacy when it launched the Buzz social network. Section I begins: ‘It is ordered that respondent, in or affecting commerce, shall not misrepresent in any manner, expressly or by implication: (A) the extent to which respondent maintains and protects the privacy and confidentiality of any covered information, including, but not limited to, misrepresentations related to: 1. The purposes for which it collects and uses covered information, and (2) the extent to which consumers may exercise control over collection, use, or disclosure of covered information.’
“Google falsely told Safari users that they could control the collection of data by ensuring that third-party cookies were blocked, when in fact Google was circumventing the preference and setting tracking cookies.
“The Stanford research identified three other companies – Vibrant Media Inc., WPP PLC’s Media Innovation Group LLC and Gannett Co.’s PointRoll Inc. – that were circumventing Safari privacy preferences. They should be closely investigated as well. However, given Google’s dominance of online and mobile advertising and the fact that the company’s actions flagrantly violate its consent agreement with the Commission, I call on you to focus immediate attention on the Internet giant.”
Tags: Consumer Watchdog letter, FTC, Google violates privacy, iPad, iPhone, John M. Simpson, Jonathan Mayer, Safari, smartphone privacy, Stanford University Security Lab, unfair and deceptive practices, Wall Street Journal
Posted in Google, Internet/New Media, Legal, Security, Studies, surveys, reports | No Comments »
Friday, February 17th, 2012
 Security firm Emsisoft says a new and highly malicious Facebook scam lures users to click on a link that promises to reveal a “shocking secret” found during Whitney Houston’s autopsy.
The famous singer was found dead in her bathtub in a hotel in Beverly Hills, prompting immense media coverage around the circumstances of her untimely death.
The text of this particular scam reads as such: “Whitney Houston’s autopsy reveals a shocking secret that explains her death” or “Whitney Houston’s shocking cause of death revealed” and “The dark secret that ruled Whitney Houston’s life and tragically led to her death.”
Everybody who clicks one of the links that pretend to take them to a well-known American news site will in fact be redirected several times and end up facing a survey page that they are asked to take. This is the first of two methods that the scammers use to transform generated traffic into a mode of profit as they get paid for the survey results.
And finally, the user will see the YouTube video itself, which is of course nothing special, but a normal TV report about the tragedy of Whitney Houston. The more views the better for the scammer who uploaded the video. Every hit raises its ranking, thus subsequently attracting more viewers. Well-placed Google AdSense ads turn this into profit.
Christian Mairoll, CEO at Emsisoft, says, “The YouTube video has already had more than 1,000,000 hits thanks to this Facebook scam. This shows how easy it is to get many people’s attention using a current event for criminal purposes on Facebook. We advise all users not to blindly click a link, but to critically rethink content on Facebook – and in particular, not to immediately share it.”
Tags: Emsisoft, Facebook scam, online security, Whitney Houston death
Posted in Facebook, Internet/New Media, Security | 1 Comment »
Monday, February 13th, 2012
 In 2011, the most significant evolution in the threat landscape was the use of malware networks, or malnets, to launch highly dynamic Web-based attacks, according to the Blue Coat Systems 2012 WEb Security Report.
These complex infrastructures, which outlast any one attack, drove a 240 percent increase in the number of malicious sites during the year and are expected to launch as many as two-thirds of all new attacks in 2012.
The Blue Coat Security Labs team first discovered the existence of these malicious networks early in 2011 and presently is the only company to specifically identify, track and block them.
The report is available, free of charge. The entire report is worth a look.
Malnets are distributed network infrastructures within the Internet that are built, managed and maintained by cybercriminals for the purpose of launching a variety of attacks against unsuspecting users over extended periods of time.
The end game for malnets typically is either stealing personal information or transforming end-user systems into botnets.
The Blue Coat 2012 Web Security Report details the strategies and tactics that malnet operators deploy to snare users and funnel them to dynamic malware payloads, or software which surreptitiously installs on users’ computers designed for malicious or criminal purposes.
“In 2011, the ease of buying, customizing and deploying malicious software kits, coupled with a faster rotation through domain names, drove a 240% increase in malicious sites,” said Chris Larsen, senior malware researcher, Blue Coat Systems.
“With the average business now facing 5,000 threats per month, identifying and tracking malnets to block attacks at the source before they are launched is the most effective protection.”
According to the report, the most common entry point into these malicious infrastructures relies on the path of least resistance, utilizing entry points that are easy to exploit, such as search engines/portals and email, or are utilized by large, diverse populations of users.
Malnets have become so effective at launching attacks through search engines/portals that one in 142 searches leads to malicious links.
The 2012 Web Security Report examines the malnet ecosystem in depth, examining user behavior, malnet strategies and tactics, as well as highlighting the best defenses against these aggressive infrastructures.
The report includes topics, such as:
- Most common content categories for intentionally or inadvertently hosting malware
- Malvertising attacks that funnel users into malnets via malicious Web advertisements
- Internet within an Internet that exists on social networking sites
- Negative day defense as a protection against the dynamic nature of malnets
It also explores how the existence of these malnets is driving broader changes in the threat landscape, including:
- The growing use of social networking to conduct trust and reputation-based attacks
- A shift away from news-driven topics for search engine poisoning attacks
- A significant increase in email attacks
The report analyzes data from the Blue Coat WebPulse service. WebPulse is a cloud-based, real-time analysis and ratings service that unites users in a common defense.
Tags: 2012 Web Security Report, Blue Coat Systems, cyber attacks, defending against cyber criminals, email, Malnets, Malware Networks, portals, search engines
Posted in Internet/New Media, IT, Security, Studies, surveys, reports | No Comments »
Monday, February 13th, 2012
 Cyber criminals have maintained their concentration on financial institutions, social media and gaming sites, and are sharpening their focus on popular loyalty programs as well, according to PhishTank, a community website operated by OPenDNS where anyone can submit, verify, track and share phishing data.
Of list of top 10 brands targeted by phishing criminals in January, half are banks or financial institutions. The list includes PayPal, MasterCard and JP Morgan Chase among others.
| |
| Top 10 Identified Targets |
Valid Phishes |
| 1 |
PayPal |
6,317 |
| 2 |
Facebook |
993 |
| 3 |
TAM Fidelidade |
741 |
| 4 |
Santander UK |
537 |
| 5 |
Mastercard |
291 |
| 6 |
Cielo |
257 |
| 7 |
AOL |
241 |
| 8 |
Poste Italiane |
211 |
| 9 |
Bradesco |
179 |
| 10 |
JPMorgan Chase and Co. |
174 |
|
|
|
Loyalty rewards programs are also becoming a more popular target for phishing, as they allow cyber criminals to not only breech personal financial data, but to leverage victims’ existing rewards points in much the same way they would currency. Two notable Brazilian loyalty programs, Cielo Fidelidade and TAM Fidelidade, made the list of January’s top ten targeted brands.
Last month we reported that cyber criminals took advantage of the holiday season by focusing their efforts on creating phishing sites to spoof financial services organizations and the travel industry.
However, it seems that they’re back to their old tricks again. Social media and gaming companies are again topping the list of most popular brands as their momentum in pop culture increases. Facebook, the world’s second most popular website, climbed back to near the top of the list of most targeted brands in January to become the second most popular target for Internet bad guys.
The PhishTank community submitted nearly 20,000 phishing sites to PhishTank in January and, through a comprehensive review and evaluation process that included more than 78,000 individual votes, deemed 71 percent of those phishes valid.
That means OpenDNS users around the world are now prevented from accessing an additional 13,892 phishing sites. On average, the PhishTank community was able to move suspected phishing sites through the verification process, and eliminate the threat to OpenDNS users, in just two hours.
Since PhishTank was founded in 2006, the PhishTank community has successfully verified more than 800,000 phishes. PhishTank data ensures the safety of more than 30 million OpenDNS users, who are automatically prevented from reaching phishing sites.
In addition, PhishTank protects the collective millions of customers of some of the world’s largest technology companies, many of which use the site’s data to incorporate anti-phishing functionality into their services. More information, statistics and graphics related to January PhishTank findings can be found here:http://www.phishtank.com/stats/2012/01.
Tags: AOL, Cielo, facebook, JP Morgan Chanse, OpenDNS, PayPal, phishing scams, PhishTank, Santander UK, TAM Fidelidade
Posted in Internet/New Media, Security, Studies, surveys, reports | No Comments »
Wednesday, February 8th, 2012
 Last month saw malware attacks targeting a wide range of potential victims, including gamers looking for a Pro Evolution Soccer 2012 game crack, small business owners concerned about the reputation of their business, and government organizations receiving spoofed messages from the United States Computer Emergency Readiness Team (US-CERT).
“Anyone who goes on the internet is a potential target for cybercriminals looking to infect systems and scam users,” said Chris Boyd, senior threat researcher at GFI Software.
“Malware writers and phishers do not discriminate. They purposefully cast a wide net when picking their methods of attack in order to reach as many targets as possible. Whether you are a young gamer, a successful business owner or a government employee, you need to be wary when clicking on links that appear to pertain to your interests, especially when asked to submit personal information online.”
Gamers targeted
In addition to malware writers installing rootkits on the systems of gamers who were looking for a pirated release of Pro Evolution Soccer 2012, developed by Konami Digital Entertainment, Inc., scammers also latched onto the buzz surrounding the upcoming fourth installment of the Halo video game series, developed by 343 Industries, by offering bogus beta invites in return for filling out surveys and recommending links on Facebook and Google+.
These attacks leverage the popularity of these titles among the gaming community and are meant to take advantage of the mistakes some users might make when acting out of excitement about a favorite game franchise.
January also brought phishing emails posing as notices from the Better Business Bureau, claiming that a customer had filed a complaint against the recipient.
The messages contained links to malware created using the Blackhole exploit kit. Government body US-CERT served as another disguise for cybercriminals attempting to bait unwitting victims into opening a file that contained a variant of the Zeus/Zbot Trojan.
Meanwhile, Tumblr users were baited with “free Southwest Airlines tickets” in exchange for taking surveys and submitting personal information by a phony “Tumblr Staff Blog.”
Malware writers and internet scammers also sought to attack a wider cross-section of the population when opportunities presented themselves to creatively piggyback on hot news topics and highly trafficked websites.
This past month, the shutdown of popular file hosting website Megaupload led to a domain typo scam targeting both the regular users of the website as well as visitors who were interested in seeing the FBI notice posted on the site. Once the victims reached the misspelled URL, they were redirected to various sites promising fake prizes and asking for personal information.
“While cybercriminals may not be picky about their choice of victims, their choice of tactics is anything but haphazard,” continued Boyd. “Cybercrime campaigns are designed to cripple systems and steal personal information, but first they have to reach the victim. Once they know the profile of the group they want to attack, they will do anything they can to increase their chances of success and fool users into playing along.”
Top 10 Threat Detections for January
GFI’s top 10 threat detection list is compiled from collected scan data of tens of thousands of GFI VIPRE Antivirus customers who are part of GFI’s ThreatNet automated threat tracking system. ThreatNet statistics revealed that Trojans continue to be the most pervasive threat, taking half of the top spots for January.
| Detection |
|
Type |
|
Percent |
| Trojan.Win32.Generic |
|
Trojan |
|
35.1 |
| Yontoo (v) |
|
Adware |
|
2.23 |
| FraudTool.Win32.FakeRean |
|
Rogue Security Program |
|
1.62 |
| INF.Autorun (v) |
|
Trojan |
|
1.28 |
| Trojan.Win32.FakeAV.mqa (v) |
|
Trojan |
|
1.21 |
| Trojan.Win32.Ramnit.c (v) |
|
Trojan |
|
0.94 |
| Exploit.PDF-JS.Gen (v) |
|
Exploit |
|
0.86 |
| GameVance (fs) |
|
Adware |
|
0.82 |
| Pinball Corporation. (v) |
|
Adware |
|
0.79 |
| Trojan.Win32.Jpgiframe (v) |
|
Trojan |
|
0.77 |
Tags: 343 industries, facebook, free Southwest airline tickets, GFI, Google, Halo, Konami Digital entertainment, Megaupload, top ten january cyber threats, Tumblr, Tumblr Staff blog
Posted in Internet/New Media, IT, Security, Studies, surveys, reports | Comments Off
Monday, February 6th, 2012
 Online privacy is often more of a concern to Internet users than Internet services seem to realize. Facebook has banged up against that fact trying to make sharing a default setting, and Google stirred up blogger buzz when it announced its new policy of sharing information among its services, last week.
Frugal Dad created this infographic to look at the privacy issues the Internet community is dealing with and offer users some sound advice on how to manage their cyberspace privacy:
Tags: digital privacy, facebook, Google, online security, privacy issues
Posted in Facebook, Google, infographic, Internet/New Media, Security | Comments Off
|
|
|
