Global Security Defence Agenda Report

McAfee and the Security and Defence Agenda (SDA) have revealed their findings in a report that attempts to paint a global view of the current cyber-threat, (sigh* Cyber?  Really?) defensive measures, and an assessment of the road ahead.  The report was created to identify key areas for discussion, highlight trends, and to help governments and organizations understand how their security defense posture compares to others.

This report involved a survey and interviews with roughly 250 leading authorities worldwide with over 80 security experts in government, international organizations and academia.  It is aimed at the “influential layperson”, and deliberately avoids technical jargon.

Some Key Findings:

  • 57% of global experts believe an arms race is taking place in cyber space.
  • 45% of respondents believe that online security is as important as border security.
  • 43% identified damage or disruption to critical infrastructure as the greatest single threat with wide economic consequences.
  • 36% believe information security is more important than missile defense.
  • US, Australia, UK, China and Germany all ranked behind smaller countries for their state of incident readiness. Continue reading

Late Breaking Attack Vectors WebCast

Mike Kachmar sent me an email invitation to a monthly webcast that should be interesting, and offers an opportunity to grab a few of those elusive CISSP CPE credits.  I thought I’d extend the invitation along.  Previous webcasts have been both intersting and informative.

Don’t miss the “Late Breaking Computer Attack Vectors” webcast!  They are also giving away a Apple iPad2 at the end of the webcast (already got one, but another one wouldn’t hurt…).  You do NOT need to be present to win.  Simply register with complete and accurate information and we will announce the winner at the end of the webcast.

The webcast is sponsored by Thawte and hosted by Larry Pesce, from the PaulDotCom Team, Wednesday February 1, 2012 2:00PM ET

REGISTER HERE:  https://cybersecurityworldevents.webex.com/cybersecurityworldevents/onstage/g.php?t=a&d=669294014

Join the paulDotCom Team as they take a practical look at the most recently identified threats IT Security Professionals face on a daily basis.  Rather than narrating a lifeless monologue on the most recent global data correlation, they will take an “everyman’s” approach to the Who, What, When, Where and Why of the most recent attack vectors.

Rather than asking them to do the impossible and tell us in advance what the topics will be – after all, how “Late Breaking” can that really be? They will be modifying and editing their presentation up until a few moments prior to the webcast based on the most recently identified attack vectors.

I should be back in the office from my morning interviews by then, so I’m ALL in…

Bloggers BEWARE TDSS

Hackers are compromising WordPress 3.2.1 blogs in order to infect visitors with the nasty “TDSS rootkit”, according to Websense.  Once access has been gained to a blog,  malicious JavaScript code is injected into its pages to load a Java exploit from a third-party server.  Websense is quoted on InfoWorld as saying, “From our analysis the number of infections is growing steadily (100+).”

The TDSS rootkit is one of the stealthiest rootkits in the wild, seeking to acquire total control of infected PCs for use as zombies in its botnet.  TDSS infects system drivers;  once activated, it infects the hard drive’s boot sector, ensuring that its malicious payload is loaded into memory before the operating system.  This greatly complicates the detection and removal of TDSS.  Newer variants have seen significant developments, maturing the rootkit further, improving its self-protection capabilities, bug-fixing, developing the payload, and reacting promptly to new detection technologies.

To ensure the rootkit gets firmly implanted within the system, the crooks have begun using a file infecting virus which injects code into driver software. This ensures the rootkit is loaded immediately after the operating system starts, if it isn’t already present.

This malware agent is particuloarly popular with fake A/V scammers, and “affiliate marketers” looking to make fast money on other people’s pain.  Learn more about his nasty malware at Kapersky’s SecureList Blog.

Beware “Official” Android Trojans!

Symantec has uncovered a massive botnet that may have lured millions of Android users into downloading malware infected apps from the official Android Market site.  The Trojan, being called ‘Android.Counterclank’, was wrapped into at least 13 free games on the official android app download site.  The following apps are known to be affected:

  • Counter Elite Force
  • Counter Strike Ground Force
  • CounterStrike Hit Enemy
  • Heart Live Wallpaper
  • Hit Counter Terrorist
  • Stripper Touch girl
  • Balloon Game
  • Deal & Be Millionaire
  • Wild Man
  • Pretty women lingerie puzzle
  • Sexy Girls Photo Game
  • Sexy Girls Puzzle
  • Sexy Women Puzzle

If you have downloaded one or more of these games, you had best be taking some action to protect your information.  According to the description at Symantec’s site, the combined download figures for these malicious apps indicate Android.Counterclank has the highest distribution of any Android malware so far this year.

I don’t own any Android devices, so, why am I writing about this malware rather than the hundreds of malware variants found each day?  I am concerned that the “official” download site is laden with malicious applications.  The Android Market is owned and operated by Google Inc.  Android configurations really need to be tightened up, and the practices used when vetting an app for distribution on an “official” site need to be scrutinized and corrected.

Google really ought to know better.  There motto is “Don’t Be Evil”…

Cisco IronPort Vulnerability

Advisory ID: cisco-sa-20120126-ironport

Cisco IronPort Email Security and IronPort Security Management Appliances contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges.  Fixed software versions or patches are not yet available.  Configuration workarounds that mitigate this vulnerability are available.

Cisco IronPort Email Security Appliance (C-Series and X-Series) versions prior to 7.6.0 and IronPort Security Management Appliance (M-Series) versions prior to 7.8.0 are affected by the FreeBSD telnetd remote code execution vulnerability documented by Common Vulnerabilities and Exposures (CVE) identifier CVE-2011-4862.  This one scores a 19 out of 20 on the CVSS score (BASE & TEMPORAL), so you may want to exercise the workaround on this one.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport

 

 

Symantec Recommends Not Using PcAnywhere

Weak LinkReuters reports that Symantec has taken the rare step of advising customers not to use one of its mainstay products, saying that remote control software product pcAnywhere is at increased risk of getting hacked after details and code were stolen.  Symantec is asking customers to temporarily stop using the product, until it releases an update to the software that will mitigate the risk of an attack. PcAnywhere is also bundled with other titles, like Symantec’s Altiris line of software for managing corporate PCs.

This is a serious step, and I applaud Symantec for coming clean on the risks of this powerful and popular product.  Most vendors woould simply warn users of increased risk and provide workaround and mitigation steps that may or may not be implementable or effective.  I hope that Symantec can release new code quickly, and overcome this unfortunate problem.

Fake App On Apple’s App Store

Naked Security is warning that just because Apple has put in procedures to police their App Store and pre-approve each app, doesn’t mean that fake or malicious apps never appear.  This weekend the iPhoneography blog spotted a bogus app posing as the popular Camera+ application.  It’s not just fake software you have to watch out for, malicious code has made it into the App Store in the past too.