Category: Cyber Security

Trends in Identity Theft – 2010

More than 8.1 million adults in U.S. fell victim to the ID theft for the year 2010. Though the number of identity theft instances decreased, the amount lost by the victims rose significantly, as per the 2011 Identity Fraud Theft Report from Javelin Strategy & Research.

New types of consumer frauds have evolved into the market incurring more losses to the victims. The average amount lost due by consumers due to id theft in 2010 was $631 per incident. This also includes the amount payed by victim towards payoff of any fraudulent debt as well as fees to resolve the fraudulent claims.

Opening an account without the victim’s knowledge was seen to be the most damaging form of id fraud which caused $17 billion losses to victims in 2010 itself. This fraud, called as new account fraud, is not only harder to detect but also severely impacting to the victims.

Account takeover was another common form of the id fraud. Changing the physical address of the victim’s pre-existing account, without his knowledge, was the most popular tactic comprising of 44% of the total account takeover incidents in 2010. Registering an account with the victim’s name was another popular tactic.

In 2010, 14% of the id thefts were committed by the people who were well-known to the victims. This form of fraud is called Friendly fraud, where the fraudsters will be either friend, relative, neighbor or roommate of the victim. Consumers between 25-34 age were the most likely to fell victim for friendly fraud. The most common form of fraud committed by the friendly fraudsters was new account fraud. In 2010, around 30% of the new account fraud was perpetrated by someone well know to the victim. Theft of Social Security Number was also most prevalent in friendly fraudsters.

The above trends for Id fraud suggests the importance of safeguards on not only private information like bank account number and passwords, but also personal information like SSNs.

Microsoft to Fix Autorun Issue for Windows XP

The windows autorun feature has been a cake for the malware and botnet creators, based on which they designed many attacks. Being a main aid to trojans and viruse like Conficker, Taterf, Rimecud, Autorun, etc, the autorun was more seen to be as a vulnerability than a feature.

PCs using Windows XP were the most exploited ones due to the autorun feature. According to Microsoft, Windows XP users were 10 times more likely to get exploited due to the Autorun feature compared to others. Learning from past, Windows 7 was launched with a different configuration of Autorun through which Microsoft was successful in reducing the autorun-abusing malware attacks.

Now, Microsoft wants to resolve the autorun issue in Windows XP too. In a technet blog, Adam Shostack, a program manager of TWC Security has announced to release an “Important, non-security update” that would install the security protocols used in Windows 7 in to Windows XP.

As per the new protocol:

  • The autorun feature is confined to work only for CD/DVDs and will no longer support non-optical removal media like USB drives.
  • The dialog box of Autoplay clarifies that the program being executed is running from external media.

For updating it manually in Windows XP, Windows Server 2003, Windows Vista or Windows Server 2008, visit http://support.microsoft.com/kb/971029.

Top 10 Challenges Faced by IT Managers

When it comes to security issues at organizational level, it is not dealing with malware that comes first but managing employees to use web in secure and efficient way. According to a report from MessageLabs Security Safeguard, the top 10 issues faced by IT managers of American companies are:

  1. Time wasting online: 86% of the IT managers surveyed said that they worry about employees wasting time in social networking and similar sites, which in turn saps the productivity and discourages honest people from disciplined web usage.
  2. Enforcing acceptable web usage policies: 53% of the IT managers found enforcing acceptable Internet usage policies in a consistent way, a challenge.
  3. Monitoring web usage: Effective monitoring of web usage and generating reports was another challenging issue for 52% of the IT managers.
  4. Keeping security systems up to date: Updating patches for typical software like in-house web filters, policy engines, spam and anti-malware systems and signatures for antivirus database was biggest management challenge for 49% of respondents.
  5. Addressing Legal risks: The accidental disclosure of confidential info online (57%) and employees visiting inappropriate or offensive websites (44%) are some legal risks, which the respondents found challenging to address.
  6. Internet bandwidth wastage: Around 44% of the respondents were concerned about wastage of internet for non-business related purpose like video streaming, social networking sites, etc., which affects the bandwidth availability for legitimate business purposes like email, web browsing and VPN connections.
  7. Protecting employees working from remote and home locations: 42% of the IT managers were concerned about the possibilities of infections spread by employees working from homes and remote locations via laptops or computers, who cannot be covered under the company’s firewall.
  8. Access to unauthorized web applications: 42% of the respondents found it challenging to restrict access to unauthorized web applications like personal mail, IM applications, etc., through which employees can upload company’s confidential information or access to services that are outside company control.
  9. Malware and spyware protection: With the increasing number of threats online, protecting the network from malware and spyware was a challenge for 40% of the IT managers.
  10. Protecting multiple locations: Around 19% (76% among companies with 500 employees or more) of the IT managers found it challenging to protect their company’s branches in multiple locations from online threats as well as inappropriate web usage of the employees.

Nasdaq System Faces Malware Attack

The company that owns Nasdaq Stock market, recently informed that a malware attack was identified on its servers. The story was first posted on Wall Street Journal. The Nasdaq trading was not affected as the attackers’ target was information from the boards of directors of publicly traded companies.

Going into the details, few suspicious files were found on the U.S servers by the Nasdaq OMX group, who then confirmed a breach in their systems. The breach was found to be through their Web-based collaboration platform – Directors Desk, a system offered by NASDAQ with about 10,000 users worldwide and is operated separately from Nasdaq’s trading platform.

The FBI and DOJ, together are investigating the issue for over a year to find out on how the malicious files were stored inside Directors Desk system. The intent of the hackers was unknown but as per the reports, the program allowed the designers of the software to see what items and messages were being shared via the Directors Desk platform. According to Directors Desk’s website, the application is used by 10,000 directors at Fortune 500 sized companies. Not surprising, on why the system was targeted.

On a side note, the website of the Directors Desk claims to have its security standards complying with ISO27001.

(more…)

How to Disable Autorun Feature in Windows PC

Your network might seem well protected with all the security measures you have taken from direct attacks. But a whopping 25 percent of malware today is developed to spread through USB devices. Infection through USB drives spreads undetectable into the network and makes it harder to deal with later.

The autorun feature in Windows will simply make the operating system execute anything it is told to execute by an autorun.inf file on the removable media. Disabling autorun is one of the best methods to secure your PCs from notorious USB drives.

The process to disable autorun in Windows XP Professional, Server 2003 and 2000 versions is as follows:

  • Click StartRun → type Gpedit.msc Enter
  • In the window that opens, go to Computer Configuration and expand Administrative Templates
  • Click System and go to Settings pane
  • Right click on Turn off Autoplay and select Properties → Enabled
  • Select the required drives in the Turn off Autoplay box to disable Autorun on respective drives or select All drives to disable on all drives
  • Click OK
  • Restart the computer

The process to disable autorun in Windows Server 2008 or Windows Vista versions is as follows:

  • Click Start → type Gpedit.msc in Search programs and files box and hit Enter
  • In the window that opens, go to Computer Configuration → expand Administrative Templates → expand Windows Components and click on Autoplay Policies
  • In the Details pane, double-click Turn off Autoplay
  • Select Enabled
  • Select the required drives in the Turn off Autoplay box to disable Autorun on respective drives or select All drives to disable on all drives
  • Click OK
  • Restart the computer

The process to disable autorun in Windows 7

  • Click Start → type Gpedit.msc in Search programs and files box and hit Enter
  • In the window that opens, go to Computer Configuration → expand Administrative Templates → expand Windows Components
  • Right click on Turn off Autoplay and select Edit
  • Select Enabled
  • Select the required drives in the Turn off Autoplay box to disable Autorun on respective drives or select All drives to disable on all drives
  • Click Apply → OK
  • Restart the computer

Related Links:
website monitoring service

Securing Your PCs from Notorious USB Drives

No amount of precautions and security measures for a network will equal the vulnerability created by a small USB device. You can see all the pain you have taken to make your network secure, crumble in a matter of seconds, due to an issue caused by a USB drive. USB drives are small, handy and convenient but one can’t imagine how notorious they are.

Few instances here will tell you how dangerous can a small USB drive be:

  • According to research from Avast, roughly one in eight of the 700,000-plus malware incidents it identified in 2010 were due to tainted USB devices.
  • Security consulting and research firm the Ponemon Institute, found that more than 800,000 data-sensitive devices, including USB drives, portable hard drives and laptops, were compromised in 2009.
  • The top two virus threats reported by BitDefender, are actually spread through USB drives.
  • According to research by Panda Security, a whopping 25 percent of malware today is developed to spread through USB devices.
  • Recently, an assistant professor and his student at George Mason University, demonstrated how Operating Systems fail a USB Attack. They just used a smartphone connected to a PC through a USB cable and were able to hack it. The professor simply credited his successful exploit to the USB protocol which does not ask for authentication when an unknown device connects to a computing platform.

These are only a few instances on what an infected USB drive can do.

pendrive-150x150USBs – a threat for Corporate Networks
An employee can simply bring in an infected USB drive to office, knowingly or unknowingly, and connect it to his system and get it infected. The system then spreads its infection to other PCs over the network. A research report from Avast says that more than 60 percent of all malware in circulation can be spread via USB drives. To corporate networks, notorious USB devices are not just confined to spreading malware. They simply offer a way for indiscernible data stealing.

Precautions and necessary steps to be secure
The situation today isn’t so worse that the USB drives would simply force the users to face the threats they impose. It requires just a few changes in the default settings of USB ports to eliminate the hazards of notorious USB drives. Few of them are as follows:

  • Disabling autorun option (Windows PCs)
  • Blocking unauthorized USB devices
  • Maintain personal and business USB drives separate. So that you don’t contaminate your office network from threats outside.
  • Do not plug an unknown USB drive into your computer. This is a simple precaution but works best.
  • As prevention is better than cure, you can just block USB drives on your computer/laptop (through registry key settings in Windows OS) permanently and use alternatives.

(more…)

Antivirus Market Share – Q4 2010

Avast products were the most used antivirus globally, but when it comes to North America – Norton rules. A recent report from OPSWAT on quarterly market share and usage data for antivirus software for Q4 2010, said that avast antivirus product line were the most used antivirus products globally with 17.53% of market share. ESET Software and Symantec products were in following positions with 12.05% and 10.04% of market share respectively. Together, these top 3 AV vendors occupied around 40% of the global antivirus market.

ESET Software was the largest gainer for Q4 2010 with 6.39% increase in market share since June 2010. Kaspersky labs and Panda Security were the other product lines which gained notable market shares with 2.46% and 2.50% increase respectively.

In North America, only 5 out of the 53 antivirus vendors detected, constituted for a majority of antivirus market with 60.74%. Symantec Norton was leading with 16.45% of the market share. Top 2 antivirus software globally – ESET and Avast – also stood top in North America with 12.86% and 10.86% market share respectively. Together, these top 3 AV vendors occupied nearly 40% of the North American antivirus market.

Microsoft’s Security Essentials was leading the North American individual antivirus products market with 10% share. Avast! Free AV and ESET NOD32 AV were in following positions with 8.81% and 7.75% of market share respectively. Norton AV and Norton 360 stood in 4th and 6th positions, with the AVG Free AV being ahead in position 3.

However, only 60% of the 90,000 cases considered by OPSWAT globally, had an antivirus application installed. What seemed interesting was that free antivirus accounted for 58% of the installations (in July 2010, it was 42%). Thus, a majority of the AV users were using free solutions offered by vendors.

Email Spam Volumes Fall to Lowest Level in Two Years: Symantec

A recent report from Symantec declared that spam volumes in January 2011 fell to the lowest levels, since March 2009. The spam volumes seemed to drop dramatically since 25th December of 2010 and continued its phase in January. The only time that spam volumes dropped by such a remarkable extent was after the closure of McColo, a California-based ISP in 2008, for being implicated in criminal and botnet activities.

Dramatic decline in spam levels
Spam, in January 2011, accounted only for 78.6% of the total email traffic. This was a 3.1% drop since December 2010 and a significant 65.9% lower compared to same period, a year ago. However, the spam rate is still alarming with 1 in every 1.3 mails being a spam one. The fall of the spam was credited to the apparent fall in activity of 3 major botnets – Rustock, Xarvester and Lethic.

Spam levels – Country wise for January 2011

  1. Oman – 88.8%
  2. China – 84.6%
  3. Hungary – 83.3%
  4. Luxembourg – 82.8%
  5. Kuwait – 81.9%
  6. South Africa – 80.0%
  7. US – 78.8%
  8. UK – 78.7%
  9. Canada – 78.3%
  10. Australia – 77.3%

Minute increase in phishing activity
One in 409.7 emails was found to comprise of a phishing attack in January 2011, said Symantec. This was a small 0.004% increase since December 2010. Phishing levels in US were 1 in 892.8 emails. South Africa was the most targeted geography by email phishing attacks with one in 51.7 emails blocked as phishing email. Other top targeted geographies by phishing emails are as follows:

  • UK – 1 in 188.6 emails
  • Canada – 1 in 204.6 emails
  • UAE – 1 in 247.3 emails
  • Oman – 1 in 248.4 emails

Increase in new malicious domains
Symantec message labs has identified an average of 2,751 malicious websites each day, in January 2011. Around 44.1% of them were identified to be new domains, a 7.9% increase from December 2010. These websites contained malware and other potentially unwanted programs including spyware and adware. 21.8% of all malware blocked on these sites was new. Another recent report from OpenDns said that 53.8% of all the phishing websites were hosted out of US.

Though email spam has decreased in volumes, web-based malware seems to increase in both volumes and coming up with new forms. The report suggests that organizations can combat the lurking threats by a policy-based security model. It is also important for users to choose an antivirus that is proactive in detecting malware and offers real-time updates for malware database.