Posts

Don’t Get Caught in the Malnet!

The prefix mal comes from the Latin for bad.  Anything with mal in it is bad news, malcontents, malnutrition, Mal Reynolds.  Now there are malnets.  Malnets are complex systems of servers and domains that are continuously on the attack.

It is estimated that this year, the majority of all spam will come from these malnet systems.  For example, Rubol a known malnet was found to have 476 unique domain names.  That’s a lot of vectors of attack.  A malnet was found to be the culprit in the MySQL.com attack.

So what do you do?  How can you protect your businesses infrastructure against such an organized malware ecosystem?

Most malnets are actually nets, malicious traps.  Don’t fall into the trap.  Rubol’s 476 domain names were fronts, mainly offering deals or quick cash.  You might be thinking only a fool would fall for a something that’s too good to be true.  However, some of these sites disguise themselves as legitimate businesses offering good deals.

The next step is to really isolate your sensitive data from the Internet as much as possible.  The easiest way to do that is move customer data onto a removable storage device.

Keeping your security software up-to-date is also a boon to the safety of your data.  And last of all, when in doubt, don’t click on it.

 

 

The Malconents of the Internet: the New Malware

At the dawn of the Internet, the idea of malware was the expression of a few malcontents.  This is where the image of the stereotypical hacker came into being.  For example, the super computer worm, Slammer, infected 90 percent of the Internet in less than an hour.  The worm didn’t actually do any harm to a computer’s data, but rather to show the prowess of the creator.

However, like with many things, it became monetized.  The malware that we are most familiar is the kind that steals information and sends it back to its creator.  As more and more of our wealth becomes digital this will become more of a concern.  Like war, it will be a neck-and-neck race between attack and defense.

Such attacks as usually perpetrated by individuals or small groups.  But what happens when you get a nation state or corporation making malware?  You get Shamoon.  This malware worm enters and devours entire networks.  It travels in the form of a 900KB folder.  After entering a computer, it copies all the information to send to a command control server somewhere else, and then it uploads itself to the next computer on a network before wiping the drive clean.

It’s a pretty dastardly piece of code.  Although many corporate security firms have updated their antimalware software to include Shamoon, they can’t be certain of the next contender.  One sure way is to back up your information at the end of the day into a drive that isn’t connected to the internet.  If Shamoon could get into that, then I’d be impressed.

Flashback Trojan Pierces Mac’s Aura of Invincibility

For years, Macintosh computer users have held up their machines as superior for a few reasons: better performance for designers and artsy types, a more intuitive and attractive user interface and—most significantly for many users—freedom from worry about viruses and malware.

Now, Flashback Trojan has changed all that. In early April, a Russian antivirus seller discovered that more than 500,000 Macs had been hit by the malware infection. When users visit certain websites, Flashback can exploit a vulnerability in some versions of Java to install itself on their computers. After that, it can get into the Safari web browser, monitor a user’s web activity and steal passwords and other information.

Macworld reports that Flashback is different from other malicious programs that have affected Macs in the past because it doesn’t require that a user install infected software on their machine themselves—it can climb on your computer the minute you visit an affected site.

Apple has responded with a software update for Macs running OS X Lion and Mac OS X v10.6 that remove Flashback and patch the flaw in Java. For older operating systems, the company advises users to disable Java. Apple says it is also fighting back against the sites that host the malware, “working with ISPs worldwide to disable this command and control network.”

Still, Apple has been criticized in some circles for reacting too slowly to the Trojan. In the past, the company’s freedom from serious malware attacks has been more because it gets less attention from cyber thieves than because of anything it’s done particularly well.

Macworld says the attack should be a bit of a wakeup call for Apple and probably points to a new interest in the company’s computers among destructive hackers. But it also says that Macs are still far less prone to infection than PCs, and if Apple introduces better security measures quickly, its users shouldn’t be forced to seek IT services to fend off a Trojan invasion very often.

IT Security and Training reduce Cyber Attacks

Increase in cyber attacks cost firms nearly $50K per year 

Cyber attacks for reasons political, financial or fun have spread exponentially over the last year. Increased spending on security and training is doing much to stem the flow of information into the wrong hands. A Symantec survey of 1, 425 IT managers across 32 countries revealed that the $35 billion currently spent on it support services and security support is expected to rise to over $49 billion in the next three years, with many companies opting for security through cloud computing packages. With data breaches effecting even the biggest corporations (the recent hacking of Zappo comes to mind), everyone is taking security more seriously. The survey found that cyber attacks in 2011 cost companies an average of $470,000 in lost revenue, downtime and loss of brand confidence.

Cyber attacks include spam, viruses, fraud, data theft, vandalism and denial of service. A poll by Juniper Network had 77% of respondents saying cyber attacks are more frequent and severe than they have been in the past, while 90% of respondents claimed to have suffered a data breach in the last year.

The rapid increase of attacks comes as employees bring their own devices into the workplace. 29% of breaches in security occurred on tablets and Smartphones and 34% on employee laptop computers. As employees increasingly introduce personal devices into the workplace, security has to be installed and protocols established to secure sensitive data.

Companies who turn to IT consulting specialists and invest in security and training for employees suffer a far lower rate of security breaches. The survey revealed that top-tier companies who used IT consulting firms to bolster security and staff training benefitted from two and half times fewer attacks than companies who did not invest in security.

Downtime is by far the most frustrating consequence of compromised security. Here the advantage of investing in an IT consulting firm to provide security is self-evident. The companies which had not made adequate investments in security suffered 2 765 hours of downtime a year in comparison to the relatively few 588 hours that secure companies endured.

Not utilizing IT consulting specialists or investing in security and training means damage and downtime that is sure to cost more than the initial security investment would have. It makes financial sense to invest in protecting customers and data from cyber attacks. As more employees bring their own devices to the workplace, it is imperative to establish security across the board and protocols aimed at securing data on all devices.