Tuesday, May 25, 2010

Guest Post - Ricky Peterson - Threats to Your Information Security

Ricky Peterson was a Spring Research Analyst at Fortalice® LLC and is a student at Immaculata University.



TEASER/TITLE: Your biggest information threat is closer than you think!



SUMMARY PARAGRAPH: Threats to your information and computer security may be closer than you think. This applies to businesses and individuals alike. You may be a threat to your own information. If you own a company the threat may be as close as your own employees. These threats are very real because most people do not think about being a threat to themselves or the companies they work for.


KEY FINDINGS:

Lost or stolen laptops account for over 32% of information thefts
According to ComputerWorld 30% of passwords are 6 characters or smaller while nearly 50% are easily cracked.
Most cases of computer viruses are a result of user carelessness
Unsupervised children and employees cause a large number of information thefts without their knowledge
BACKGROUND:

When most people think of information theft, they think of hackers working long hour trying to break codes and steal passwords. They think of complex programs that bypass firewalls and intrusion protection systems. This is, however, far from the reality of things. Most information theft is caused by you or someone close to you. Most of the time it is unintentional, but it still happens. Most people, be it an individual or a CEO of a large company, do not realize that seemingly insignificant things can cause big problems.

ANALYSIS:

Perhaps one of the biggest causes of information theft is weak passwords. A weak password is generally one that is; less than 8 characters, a name or significant date, a consecutive string of numbers or letters, or an easily guessed word. Some infamous weak passwords are; 123456, birthdate, first initial plus last name, and password. About 42% of all stolen passwords are weak. The reason for this is because people have a hard time remembering complex strings of characters. People tend to make an easy password that they can remember and then use it for everything. Hackers love it when we do this. Passwords like 1234 and significant words are the first ones they try because they know people still use them. Some people use different, complex passwords for everything, but then need to write them down. This poses another problem. If the password sheet is lost, someone can gain access to all of your accounts. Ideally a password should be; 8 or more characters, a combination of upper and lower case letters, numbers and symbols. They should also be changed at least every two months. This is however, idealistic and not possible for most average people. The solution is to change your password frequently and avoid using the common ‘weak’ passwords. If this is done you will have increased security while avoiding messy, complicated passwords.

Company provided laptops are a huge risk factor as well. When companies provide employees with laptops for business purposes, a whole range of potential problems are created. If an employee loses the computer, or it is stolen, sensitive company data could end up in the hands of a cybercriminal. An estimated 32% of data thefts are a result of “misplaced” laptops. This does not mean that you should not supply your employees with a convenient mobile workstation. The risks can be reduced by having the computers tagged to the employee they are given to. If the laptop leaves the company building, have it checked out. This way you know exactly whose laptop it was and what kind of information may be on it. Another solution is to not store any critical information on the computer itself. Allow the employee to pull all the data and files they need from a secure server. With this solution, you would need to pair it with a program like DeepFreeze, which will wipe all data from the hard drive when the laptop is turned off. This way even if someone does get the computer, there is not useful information on it anymore.

One other big thing to consider is what your employees, children, and you, do to compromise your security. If you own a business, your employees may cause risks by doing seemingly harmless tasks during breaks or lunch. These may include opening emails, checking social media websites, making purchases, and browsing the web. The majority of malware that infects computers and compromises security are the result of end user oversight. By this I mean clicking on links or downloading files from unknown sites, opening email from people you don’t know, and shopping on unsecured webpages. Children do the same things as well. For parents, a child might think they are downloading a song by their favorite band, when in reality, they just unknowingly installed a backdoor on your computer that gives a hacker free roam in all of your files. Both business owners and parents can take precautions for situations like these. Set up guidelines regarding what people may and may not do on the internet. Let children and employees know the dangers of downloading files and clicking links on a whim. Most importantly, set them up with limited accounts that do not allow the downloading or installation of files.

By taking these precautions, you can prevent serious trouble and a serious migraine.

IMPLICATIONS:

Supplying employees with laptops can be a great benefit, but needs careful and thought out planning.
Passwords should be memorable, but not simple.
Seemingly innocent acts can be catastrophic for your information security.
Most malware needs an end user’s help to infect a computer.
Unsupervised employees and children often unwittingly cause security threats.
A good systems use policy is a must for both parents and executives.

RECOMMENDATIONS:

Create passwords with letters, numbers and symbols.
Use words, but swap letters for other characters. Ex. Swap s with $, E with 3, O with 0, A with @ etc.
Change your password at least 4 times a year- With the new seasons
DO NOT WRITE PASSWORDS DOWN!!!
Do not use the same password for everything
If supplying employees with laptops, create a way to keep track of where they are, who has them, and what’s on them
Do not allow employees to save anything directly on the laptops that you are not willing to share with a hacker
Create a policy for internet use and enforce it strictly
SOURCES:

Computerworld-  Users still make hacking easy with weak passwords By Jaikumar Vijayan

Laptoptheft.org- laptop theft breach statistics

Discovery.com- The Biggest Threat To Your Online Security Is...You by Jonathan Strickland

Compuhack.info- Top 5 Internet Security Threats by Gaelim Holland

Guest Post - Ricky Peterson - Top Trends in Information Security - How safe you really AREN'T

Ricky Peterson was a Spring Research Analyst at Fortalice® LLC and is a student at Immaculata University.


TEASER/TITLE: How safe you really Aren’t  

SUMMARY PARAGRAPH: In this time of instability in the economy, information security is being pushed to the front of many companies. The economy has caused the presence of information and identity theft to increase substantially. Studies show that most companies are “protecting the information function from budget cuts” which is a hopeful sign, but is it enough? The most recent Global State of Information Security Survey says that, although information security budgets are not being slashed, CEO’s are expecting much more from them. This could pose a problem if the CEO say make it work, and then leaves the security personnel to do what they please. Does this seem unlikely? According to an article from computer weekly, there is a major disconnection between information security personnel and the upper management of the company. According to the Ernst and Young global security survey, almost one-third of information security professionals never meet with their board of directors. The CEO’s of companies need to take a more active role in the security of their information.  

KEY FINDINGS

Fraud
Identity Theft
Phishing
Global Visibility
How Secure am I?
Compliancy
Cost
Social Networking Fears
RECOMMENDATIONS

Two-factor authentication
Encryption
Hosted security
Internet filtering
Low footprint anti-virus
BACKGROUND

For as long as there has been information security in a company, budget has been a problem. Many companies believe that their information is protected enough. Others think that there are bigger companies out there so why would someone try and steal their information. Thoughts like these cause companies to put information security up on the chopping block first.  A statistic from spendonlife.com reveals that identity theft affected over 10 million people last year. This shows us that information security is not a trivial matter. Another matter to watch closely is social networking. This is a concern due to the unprecedented growth rate of such sites. Information may be leaked intentionally or unintentionally via social sites. An example was an over enthusiastic Microsoft employee recently let a few details about Windows 8 leak via a blog site. He more than likely meant no harm but the consequences of his actions may be detrimental to the company. Attacks against your networks and computers must also be taken into consideration. Many companies are moving away from on site server banks and are going toward virtualization and cloud computing. Many experts suggest that this will aid in security and data loss prevention.   

STRATEGIC PLANNING ASSUMPTIONS:

Virtualization
Malware
Offsite information storage
ANALYSIS:

Based on research the two biggest concerns for 2010 are the growth of social networking and the lack of funding. Social networking is a hot topic within companies this year. With the massive growth of blogs, Twitter, Facebook and Linkedin, it’s hard not to take notice. Many companies realize the potential for marketing and PR if they utilize these sites. Allowing employees to utilize these sites can also improve employee satisfaction and improve their reputation as a hospitable and ethical company to work for. The problem that arises is how do they keep employees from publishing things that should not be public. For that matter, how do they keep employees from using the social networking sites to connect with other companies and maybe sell trade secrets or be coerced into taking a different job with another company and carrying vital information away with them?

The other big concern is funding. The usual trend is when the time to write the budget comes around and they see something, somewhere, needs to be cut, Information Security is at the top of the list. The reason for this is that it is hard for a CEO to see the long term benefits of a concrete security plan. Since information security has no momentary return, the only tangible thing in that is the funding going out. If an Information security department is serving its purpose well, then there appears to be no reason to have one. If it is doing poorly, then the company may question why they are shoveling money into something that is not working.

IMPLICATIONS:

Social computing can help and hurt your business
Unnecessary budget cuts can cause great harm to your company
Cloud computing can help protect your data but be careful
Information theft occurs far too often and it can happen to you.
Being too strict in regards to social networking may hurt more than you think

RECOMMENDATIONS:

Create a plan for your company regarding social networking
Let employees know what they can and can not say or do
Be reasonable in your restrictions but firm on your rules
Allowing some freedom may be great networking for your business
Just because you haven’t been attacked yet, do not think yourself immune
If budgets need to be cut do not look to Information security first
If they can be cut elsewhere without causing too many problems avoid restricting info security as much as possible
Cloud computing an outsourcing servers to other companies can help protect vital data by storing it in numerous places
Be sure to check the company you are going to do business with
Make sure they are reputable and have solid machines and security
If using local servers and computers, invest in a low profile anti virus
This type of software does not horde computing resources and protects your systems while still allowing your employees to be productive

SOURCES:

Global state of information security survey

CIO Magazine

Enterprise Systems

Computer Weekly

Symantec

Ernst and Young

SpendonLife.com

Maximum PC

Guest Post - Ricky Peterson - Internet Safety Newsletter

Ricky Peterson was a Spring Research Analyst at Fortalice® LLC and is a student at Immaculata University.


Key Headlines of Interest:



March Reveals Highs and Lows for Internet Technology 
March has come in like a lion for the IT world. Already this month Microsoft announces a new vulnerability in Internet Explorer that could result in zero-day attacks, Google is 99% sure it’s leaving China, and police catch Mariposa PC Virus 'Ringleaders'. 

Internet Explorer 6 and 7 vulnerability lets hackers hijack your PC.
Last week Microsoft announced a vulnerability in Internet Explorer version 6 and 7 that allows a backdoor Trojan to slip in. According to Panda Security the Trojan will allow hackers to steal information from the infected computer. Most of the documented information thefts would be passwords, bank account numbers, and user names. The exploit was published on Twitter by Israeli security researcher,  Moshe Ben Abu. Abu found the vulnerability by using some information gleaned from a McAfee blog post and a little snooping. He said it only took him ten minutes to find and that he would have found it without the information from McAfee, it just would have taken more time. The fact that Abu posted the exploit dramatically increases the risk of a zero-day attack. This may force Microsoft to release a patch before the next scheduled Patch Tuesday in April. The current recommendations are to switch to a different browser such as Firefox, or to upgrade to Internet Explorer 8, which the vulnerability does not affect. An interesting note about this exploit is that it is ‘unstable’, only executing the code for the Trojan 60 – 70% of the time. This means that even if a hacker tries to upload a Trojan, there is at least a 30% chance it may not go through. This inconsistency is the suspected reason Microsoft has not released an immediate patch. The release of the exploit to the public may change this however.
Sources:
CNET News; Researcher publishes exploit for new IE hole by Elinor Mills
Infosecurity.com; New zero-day Internet Explorer 6/7 vulnerability allows trojan to slip through
PC World; It's Time to Finally Drop Internet Explorer 6 by Tony Bradley 

Google’s Withdraw from China all but certain 
Internet search giant Google has all but announced its departure from China.  Things started to get bad when Google suffered a substantial hack back in December of last year. The hack originated from China and appeared to be connected to the government in some way at the time but is now believed to have originated from two Chinese schools. The schools were Shanghai Jiaotong University and Lanxiang Vocational School. Google said that the hack was one of the most sophisticated attacks they have ever seen. Tensions between the internet giant and China have not improved.  The inability of Google and the Chinese government to reach a compromise on internet censorship has made Google decide that leaving the country is most likely for the best.
Sources;
ComputerWorld.com- February 22, 2010 - 6:03 A.M.
Google China hack attack controversy: two schools fingered
Wired.com-
Google Hack Attack Was Ultra Sophisticated, New Details Show
By Kim Zetter  January 14, 2010 

Ringleaders behind Mariposa Botnet Captured 
Authorities have captured three of the masterminds behind the Mariposa Botnet, one of the biggest botnets. Mariposa had infected as many as 13 million computers before being dismantled. Some of the infected PCs included computers and servers inside more than half of the Fortune 1,000 companies and more than 40 major banks. The infection was a data vacuum, collecting mass amounts of credit card numbers and bank statement credentials. The bot became active in December of 2008 and quickly grew into one of the biggest networks of infected computers ever seen. The three men who were captured were Spanish citizens with no prior criminal records. They were captured by Spanish police with the help of private computer security firms. It is currently unknown how much money was actually stolen by the criminals but authorities are still investigating this aspect of the crime. The three men who were captured were not the stereotypical genius computer hackers one thinks of as a mastermind behind one of the biggest cyber-attacks to date. They did however, have connections to the underworld. They had others create and help run the botnet. This attack is said to be even more sophisticated than the one on Google that made them decide to pull out of China. Authorities expect more arrests to be made in several other countries but have not given any details. More news is expected over the next few weeks. 
Source;  AP- .Authorities bust 3 in infection of 13M computers By JORDAN ROBERTSON, AP Technology Writer Jordan Robertson, Ap Technology Writer – Tue Mar 2



 

Guest Post - Ricky Peterson - Intrusion Prevention Systems and You


TEASER/TITLE: Intrusion prevention systems and you!
 
SUMMARY PARAGRAPH: Intrusion detection and prevention is the act of seeking out and stopping an act that is trying to compromise and bypass in place security measures. There are many programs for intrusion detection and prevention. These include both open source and pay versions. Regardless of which type you get, there needs to be someone trained who knows what the data the program is presenting means and what to do with it. There are few, if any, intrusion programs that can be used by people with no computer background or training.
 
KEY FINDINGS
  • Of all intrusion programs on the market, the most popular by far is an open source program called Snort.
  • Intrusion programs are, for the most part, quite effective if used properly.
  • There are ways to bypass intrusion protection that are constantly changing, however intrusion software is constantly changing as well.
  • Intrusion software is most effective when coupled with a honeypot but only if the organization has the funds to monitor the honeypot server.


 
BACKGROUND:
Intrusion protection and detection software monitors a network or computer and detects all incoming requests. Based on data that the company gave to it, the software sorts the traffic and flags anything that should not be there such as programs that are trying to bypass antivirus or requests for network mapping. Depending on the software, it may alert someone in charge of security, who then must decide what to do, or it may give the option to stop the unauthorized access through the software itself. Regardless of which way it works, a security person must approve the action. This is to prevent locking out the wrong people by accident. 
 
ANALYSIS:
Intrusion protection is just another way to protect your network from would be cyber criminals. An intrusion prevention system is basically a really big firewall that protects an entire network. Like antivirus software it has strengths and weaknesses. The biggest weakness that an intrusion prevention system has is that the programs hackers use to gain access to a network are constantly changing. This means that the intrusion program cannot be built to simply look for one specific thing and stop it. The good news is that open source programs are also constantly evolving thanks to a strong community and multiple resources. Intrusion prevention systems also need trained personnel to monitor them and make decisive actions. Intrusion prevention systems are not perfect in that they will return false positives. That is they will say something shouldn’t be there when it really should. This is why trained techs are a must. This may seem like a lot but coupled with a honeypot, intrusion prevention is quite effective. According to Symantec, honeypots are very effective tools. That with antivirus will stop most, but not all viruses and attacks. Nothing is perfect yet but with open source communities working together, one day it may be. There are 5 top intrusion prevention programs on the market right now. These are; Snort, OSSEC HIDS, Fragrouter, BASE, and Squil.
 
IMPLICATIONS:
  • The cost of techs to monitor an intrusion prevention system may be too high for small companies to afford
  • Open source programs are a better choice in this area than pay programs
  • This system is not perfect
  • This system does however, make a difference in terms of network security
  • The support for the open source programs is substantial
  • Both intrusion prevention systems and software used by hackers are changing constantly
 
RECOMMENDATIONS:
  • Small companies who do not have the staff may want to look a an IPS that is owned and run by another corporation
  • Larger companies that can afford the cost of the staff would benefit from the open source programs like Snort
  • Both types of companies should consider combining their intrusion protection with a honeypot server to keep hackers outside the network.
  • IPS’s are an excellent addition to current security for companies that can afford them
  • Don’t just rely on intrusion prevention to take care of viruses, that is not what these programs do.
  • From my research I would recommend Snort because of the vast community of programmers looking for holes in the code.
 
SOURCES:
Sectools.org- Survey about intrusion protection.
Symantec- About Honeypots
Snort.org- About Snort 

Guest Post - Ricky Peterson - Intrusion Prevention - Alternatives to Antivirus

Ricky Peterson was a Spring Research Analyst at Fortalice® LLC and is a student at Immaculata University.



TEASER/TITLE: Intrusion Protection: What you need to know.

SUMMARY PARAGRAPH: Standard antivirus is only catching 1/3 of viruses and intrusion attempts at the present time. Something new is needed in the market that offers better odds. Several technologies that may aid users are whitelisting, advanced intrusion detection programs like Snort, and active intrusion defense such as a honeypot server.

 

KEY FINDINGS

Intrusion detection programs such as Snort can be used to actively block or passively detect a variety of attacks and probes.
According to Symantec, Honeypots are effective and cost efficient.



BACKGROUND

Ever since its inception, the antivirus and computer security industry has struggled to keep up with hackers and cyber criminals. Antivirus alone cannot keep up with the growing threat of viruses and system and network intrusion. What is needed is a combination of different technologies to improve the success rate. While combining technologies will increase protection, care is still needed because there is no foolproof intrusion protection plan.

      There are several technologies that can aid in intrusion protection. Server based firewalls are a good idea. Honeypots and advanced intrusion protection are also a viable option. These however, need to be used in addition to, not instead of, antivirus.

 

 

ANALYSIS:

      Lets start with honeypots. These are useful because they draw hackers toward them and away from any sensitive information on your network. Honeypots are computers that basically paint a big bullseye on themselves and attract hackers. They then feed the hackers fake information or actively counter the intrusion.

        Server based firewalls can be useful in averting hackers as well. These are similar to what is used on individual PCs as a firewall. These are standalone units with the sole purpose of guarding a network. Firewall servers stand between the network and the internet and scan all incoming traffic. Any suspicious  traffic is then diverted away from the network.

      Whitlisting is very effective but is also complicated and labor intensive. With whitelisting, only traffic that has been registered and given approval is allowed access to the network. This is effective because the only connections between the network and the outside are with approved people. The problem with this occurs when approved connections need to be removed or established. If a connection is needed quickly, the computer admin must be available to grant the appropriate approval.
IMPLICATIONS:

While there are many things that augment antivirus, none of them are perfect.
Do not take up a new technology and abandon standard antivirus. They are to work together.
At this time there is no clear solution to the widespread problem or viruses and hacks.
Investing in these preventative technologies cannot hurt, only help.



RECOMMENDATIONS

Look to the near future for new ways to combat these problems.
Combine technologies like honeypots with your current intrusion protection for a boost in protection.
Don’t neglect your antivirus software
Monitor your network. Active prevention is the best defense.
SOURCES:

Symantec Website

www. Snort.org

Honeypots-Definitions and Value of Honeypots

Lance Spitzner- http://www.tracking-hackers.com

Guest Post - Ricky Peterson - Cyber Attacks

Ricky Peterson was a Spring Research Analyst at Fortalice® LLC and is a student at Immaculata University.

One big statistic is that three quarters of Asia Pacific enterprises, i.e. Japan, China, Singapore, have experienced cyber-attacks in the past 12 months. 

The average enterprise loses $2.8 million annually to cyber-attacks. 

In Symantec’s ‘State of the Enterprise Security Report’, out of 21,000 businesses surveyed, 42% listed cyber-attacks as their most significant risk. 

Nearly all of the companies surveyed said they were planning changes to their cyber security efforts in the 2010 year. 

Of all reported cyber-attacks in the past 12 months 41% said the attacks were somewhat to highly effective. 

One company stated that they were experiencing 8 to 9 attacks per week. 

An astounding 100% of the companies surveyed by Symantec said they had experienced cyber losses last year. 

The most common of those losses were theft of customer information, environment downtime, and theft of intellectual property. One of the reasons behind these attacks is that enterprise security is becoming more difficult. This is because of understaffing, job cuts, and problems with compliance issues. 

Compliance is a big problem now because most companies are trying to comply with 19 different IT standards. The number of standards actually employed by most is around 8. Another cause is new initiatives for IT such as Server virtualization, Endpoint virtualization, Software as a service, and Infrastructure as a service. Basically, cloud computing and virtualization are complicating the jobs of the security team, who are not receiving additional resources to offset the increased difficulty. Even though there is mass coverage of cyber-attacks in the media, the number of attacks is still on the rise. 

Two possible reasons for this are money, and the fact that cyber criminals are not intimidated. Budget is always a problem with IT. The complexity of  system security is on the rise due to new technology, but the security teams are not being properly equipped to deal with it. A lot of money is going in to research and funding for new technologies like cloud computing. This leaves little left over for the security half. So, even though corporations know threats are out there, they may not feel they have the funding to increase security. Another thought is that even if security is well funded, new threats are being created every day. In most cases, a threat such as a backdoor Trojan or a virus cannot be dealt with until it is created. This means there is a time gap from when the malware is released to when it is found and a fix is created. This gap, no matter how small, may be enough to destroy or steal data from hundreds if not thousands of systems.

      Another thought is that cyber crime is not like regular crime in that if someone robs a bank and their face is plastered all over the news, chances are they won’t be robbing anymore banks anytime soon. Cyber criminals however, are very hard to catch. There is almost never a face, or for that matter even a name to put with the crime. They may be on the other side of the world from the place they are attacking. Tracing them is difficult as they may run their connection through numerous proxy servers before reaching the place of attack. Laws from other countries also pose a problem when trying to catch these people. The criminal know all of this and are thus not afraid to continue attacks even with all of the media coverage. 

The outlook for 2010 is bleak at best. According to Symantec, cyber-attacks this year are going to be nastier, more targeted, and more frequent. It also appears that governments are getting involved in cybercrime. According to Popular Science, the recent attack on Google and 30 other US companies was traced back to the Chinese Government. The US is also lacking in cyber defense as the White House only recently named a cybersecurity coordinator. Beyond this information, most experts are reluctant to predict any hard numbers. 

How should businesses prepare themselves and fight back?

Companies should prioritize the ability to backup and recover data
Secure backup servers, offsite data storage
Organizations need to be aware of where sensitive information resides, who has access to it, and how it is coming in or leaving
These areas should receive higher priority when implementing security and information backup
IT policies need to be developed and enforced
How to treat sensitive information
Proper use of company network
Standardized system updates


Sources

PC WORLD-Asia Businesses Weather Regular Cyberattacks

By Ross O. Storey, MIS Asia 
Symantec’s ‘State of the Enterprise Security Report’ 

Popular Science-Chinese Attack on Google Among the Most Sophisticated Cyberattacks Ever, Experts Say By Jeremy Hsu 

Guest Post - Ricky Peterson - Antivirus

Ricky Peterson was a Spring Research Analyst at Fortalice® LLC and is a student at Immaculata University.


TEASER/TITLE: Viruses, the unseen foe  

SUMMARY PARAGRAPH: The development of antivirus software has increased dramatically in the past few years. It is however, not a sure bet. Statistics show that antivirus only catches half of Malware threats and misses 15 percent altogether. There are also many misconceptions about how to protect yourself better. New technologies are being created that will decrease the threat of Malware significantly. While this technology is only in its infancy, there are several things one can do to protect against this relentless foe.

KEY FINDINGS

The economic damage caused by malware is substantial, estimated in the billions, and is growing by 30 to 40 percent a year.
Multiple antivirus programs may cause more harm than good.
  They compete with eachother.
The number of malicious programs are increasing every year.
The rate at which malicious programs multiply and infect systems is astounding.
Antivirus companies cannot create solutions fast enough to keep up.
Resource management is a big problem with antivirus programs.
Quickly scanning programs more often than not miss the infection
The more meticulous the scanning, the more the program hogs resources.
BACKGROUND

Antivirus software is a multi billion dollar industry. There are big name companies such as Symantec and McAfee, and there are smaller ones like GriSoft, the makers of AVG. This industry is big, and rightfully so. The people and groups of coders who use their skills for malicious intent number in the thousands. The intent behind malware is thought to be mainly monetary. While some do it for the thrill or make a name for themselves, the number is relatively small. Most malware is created for the soul purpose of making money illegally. This is done by stealing account logins and passwords, pin numbers, credit card information, or to create zombie computers and cause a denial of service attack, then demand money to restore service. Antivirus software is not foolproof. Most companies cannot guarantee a successful detection rate of more than 90 percent. This should not however, discourage people from investing in a good antivirus program. Some protection is better than none. While there is new technologies being researched to stop malware, they are still a few years off.

STRATEGIC PLANNING ASSUMPTIONS:

Security by Virtualization
Let the viruses in, then contain them.
ANALYSIS:

Malware is a constant threat to companies and home users alike. While no antivirus, as of now, is perfect, it is wise to invest in one. Most antivirus software stops at least 54 percent outright, and finds an additional 23 percent in subsequent scans. Multiple antivirus applications running on the same system is not generally a good idea. The software tends to compete with each other and this causes both to operate inefficiently. The better choice is to choose one software package. When choosing one, make sure that it does everything, not just viruses. Malware comes in all shapes and forms, and some programs are not built to look for them. A good choice would be a total protection suit, such as Symantec’s Norton 360. Other tools that clean the registry and look for spyware are also good investments. An example of each would be Acelogix’s Ace Utilities and Lavasoft’s Ad-Aware respectively. Programs such as these usually do not interfere with the antivirus software, and offer additional protection. Companies or institutions may also consider a dedicated firewall server that has no other function than to stop intrusions and viruses. Some technology that may be viable in the near future is “Security by Virtualization.” This new system is special in that not only does it protect from viruses but it is also one of the first to protect users from intellectual property theft, cyber crime, and cyber terrorism. The system works by creating a virtual computer for every program and all associated files that runs on the system. When a malicious piece of software comes in, a virtual computer is created for it as well. The virus is then allowed to run its course and think it’s causing harm, when in reality, it’s isolated from all other functions on the system. It is therefore rendered harmless as it cannot gain access to any other files or programs.

IMPLICATIONS:

Antivirus software is shaky at best, but is much better than nothing.
Cyber criminals are getting smarter and faster
Antivirus is struggling to keep up.
Antivirus software is only as good as its support crew
Virtualization seems to be the direction virus protection is going in
Everyone is susceptible to viruses.
Home users to the government



RECOMMENDATIONS:

When purchasing virus protection, make sure to get a program suite(Norton 360) so that you cover all your bases.
Supplement your virus protection with additional cleaners and spyware software
Ace Utilities
Ad-Aware
When purchasing antivirus software, more is not always better
More than one virus program running tends to compete with each other.
Remember software is not a cure-all
Take steps to ensure employees are not visiting sites or doing things that invite malicious software.
Look for low profile antivirus
This type of software does not hog computing resources while still keeping viruses out
Consider investing in a firewall server that stands between your network and potential threats
SOURCES:

Viruslist.com,  The contemporary antivirus industry and its problems-Eugene Kaspersky-Nov 2005
Darkreading.com, Study: Antivirus Software Catches About Half Of Malware, Misses 15 Percent Altogether-Kelly Jackson Higgins May 2009

Israel21c.org, A new Israeli approach to computer viruses - let the worms in!- Nicky Blackburn September 2004

Symantec, General information
The 2004 article technology is still being researched today

The problems posed in the 2005 article are still relevant.

Tuesday, May 4, 2010

A Real and Growing Problem - Cyberscumbags Hijacking Social Media Accounts

See Charlotte's CBS Story - 1 person knows 2 victims:  http://www.wbtv.com/Global/story.asp?S=12396739


Our Word for the Week:  KOOBFACE.
Koobface is Facebook scrambled.   This malicious software targets users of social networking websites such as Facebook, MySpace, and Twitter.  It’s purpose is to infect your PC and try to collect information about you or others via your computer such as credit card numbers, bank account information, and other details.  

A SCAM YOU NEED TO KNOW ABOUT:
1.8 Million!  That is the number of hits you get when you type in “What To Do If Your Account Was Hacked” on Google.

Cybercreeps are using every trick in the trade to take money from you and your friends.  A scam you need to know about involves cybercreeps hijacking your Facebook, email, or Twitter accounts to get to your friends.  

Picture this Scenario:
Your heart pounds and you can barely comprehend the message you got from your friend.  Your friend just sent you a message online -  The message mentions real and personal facts about their life such as a sick Dad or a trip they are on.  You say something supportive and then your friend mentions she or he needs a small sum of money in a pinch and quick.  You want to help your friend but if you are not careful, you will find yourself in the middle of a scam. 

This is scary.  It is happening to very internet saavy people.  Theresa had a social media professional contact her to ask for help.  Cyberthugs had hijacked her Facebook account and email.  Not only were they sending messages asking her friends for money, they also began setting up new accounts and profiles in her name!  The kicker is, she could not get immediate help at Facebook or her email service provider so the cyberscumbags had her account hijacked for weeks.  Her accounts are essential to her business.  The social media professional believes she was targeted because her list of contacts is so large.  This is not just annoying, it’s impacted her business.  She wants me to educate others about this.  She and I both agree that if it can happen to a social media expert, it can happen to anyone.

How to tune your antenna to spot this scam:
1.    SHOW ME THE MONEY:  Anyone that needs money wired to them quickly, it is most likely a scam.
2.    E-CHAT ONLY CONTACT:  Only communicating with you via online and not willing to let you call them.
3.    GRAMMER:  Bad grammar is usually a dead give away.
4.    TRUST BUT VERIFY:  Ask a few questions that may not be easily found on their accounts such as, “Where did we first meet?” or, “When I last saw you, what did we talk about?”




A NIGHTMARE COME TRUE.  READ ABOUT A SOCIAL MEDIA EXPERT'S EXPERIENCE:

Caitlin runs a Social Media business.  Facebook, Twitter and Email are her lifeline to her customers and colleagues.  She's as saavy and connected as they come.  She knew social media sites are risky but figured, when the time came, if she needed help, she could get it.  

She had no idea how at risk she really was.

About 3 weeks ago, she sent out a couple of emails.  She then linked her Facebook and Foursquare accounts using a service.  

About 10 minutes later she could not get into her email on her phone.

It was not long before her phone started ringing non stop.  A friend called her and said, "I think your account has been hacked, I'm getting weird emails."

Frantically, she tried to get into her email account and could not.  Her Mom contacted her and read her the emails, "I'm stuck in London.  I need help getting home.  Please email me back if you can help me out."

Friends start calling her and were worried.

She went to Facebook and posted on her Facebook account that something was wrong with her email and not to respond.

Then the hackers took over Facebook and started spamming her friends.  They had conversations with up to 30 people.  They chatted with her network pretending to be her. 

That's when they started asking for money.

The story takes an ugly turn.  

Caitlin had not shared with her network of friends and customers that her Dad is in poor health.  She confided in a few about his condition, some via email. 

The cyberscumbags trolled through her email and learned that her Dad is in poor health.  They used this information to appeal to people's hearts and emotions.  They started telling people her Dad died.

Caitlin tried to contact Twitter, Facebook, and Gmail to get help.  She was faced with a bureaucracy of forms to fill out.  She could not find a human being.

Caitlin begins to worry about her business reputation.  She's spent 2 years building her blog and was worried they would take over that.

Frankly, she was helpless.  

When I talked with her and asked her what help she received, she said, "Only 2 people helped me.  Richard (who is a colleageue) and you.  Not one person from any of the companies got back to me."

To make matters worse,  Facebook kept rejecting her forms to ask to be let back in.  

She did finally get control of her Facebook account - 3 weeks later.  

In the meantime, the hackers opened up a Microsoft email for her and forwarded her gmail account to that new account.  

It took her 2 days to get into her original account.  

When she got in, they had ransacked her email and removed all financial information from her email.  These cybercreeps had the audacity to pull emails out of her account about her personal life.  

The cybercreeps contacted people on Facebook they directed them to new email account that they had created under fraudulent circumstances.

She contacted Microsoft to ask them to shut down the account and nobody every got back to her.

What upsets Caitlin the most?  "They did not take advantage of me.  They took advantage of my network.  The people that were really harmed, was the secondary group that are not as close to me but still care about me."

Thankfully, nobody lost any money.  2-3 people almost did send the money but Caitlin got to everyone before they did.

Caitlin sums up the experience in two words, "Total nightmare."

"I was literally sitting there watching them take over my life.  I had friends calling me saying they were talking to the hackers online."  

Caitlin filed a report with the FTC and local law enforcement.   

"I really hope people understand the house of cards that we have in the social networking sites.  There is nothing you can do, there is nobody you can call.  Law enforcement is really more interested in what they are doing to my banking account vs. my Facebook account."

People with LARGE networks are the most at risk for this type of hijacking.

"I used to use the same password for Facebook and Gmail.  I think they may have cracked my Facebook password somehow.  I will never trust the social media space the same way.  I really had an eye opener.  Like a lot of people, I had a false sense of security that if I really needed someone that I could get someone to help you.  I look at what I put online differently.  This is really at an risk thing."  

Caitlin also added, "I went to all of my clients and told them to change all their passwords."

When I asked her how she felt now and if she felt her accounts were finally clean and free of cybercreeps she said, "No, I don't trust that my accounts are completely clean."


HOW TO AVOID THE H.A.C.K.:
1.   H: Have a routine in place to regularly change your social network passwords.
2.   A: Always antivirus.  Sometimes your account may be easy to hijack via a virus on your computer. 
3.   C:  Choose a different password for each of your accounts. 
4.   K:  Keep private details of your life off of social media accounts.  It’s harder to act like you if they can’t read it in your profile.

WHAT TO DO IF YOU OR A LOVED ONE HAS BEEN HACKED:
FACEBOOK:
To report this kind of scam to Facebook, visit: http://www.facebook.com/help/contact.php?show_form=419_scam
Facebook write up on the hacked account and money transfer scheme:

How to report your account as hacked:  http://www.facebook.com/help/?page=420

TWITTER:

GMAIL: 

DO YOU HAVE A VIRUS?
It is possible that this scenario might have happened through a computer virus.  

Stop using your home and work computer until they are checked out.  Call your computer support desk or seek out a local expert to assist you with your computer to find and isolate the virus.

Microsoft provides free virus and spyware removal support to Windows customers who think they have an infected computer.

Call:                    1-866-PC Safety for phone support.
Online:           Microsoft customers can also visit http://safety.live.com for 
free online virus and spyware removal.

Apple provides help to computer users that believe their Mac may be infected.

Call:                    1-800-APL-CARE (1-800-275-2273)
Online:         Set up a phone appointment 
request an in-person appointment at your closest 
Apple Store’s Genius Bar:  


BANK ACCOUNTS / CREDIT CARDS:
Check your banking and credit card balances regularly after something like this occurs.

I recommend online alert services where you can set up alerts to notify you if a transaction takes place or if a transaction is over a certain amount.  Go to your online banking and credit card page for more information.

CREDIT REPORT:
As a precaution, also FREEZE the credit file.  Request alerts on your credit reports.  .

Online:
Equifax:                  http://www.equifax.com
Experian:                    http://www.experian.com/
TransUnion:                  http://www.transunion.com/

North Carolina offers a free credit freeze for victims of identity theft - Go to the following website for more information:

LAW ENFORCEMENT / AUTHORITIES:

Engage authorities.  They are committing fraud.

a.  File a report at the FBI's IC3.gov. 

b.  Contact the Federal Trade Commission.  

Federal Trade Commission:
Call:                    877-IDTHEFT or 877-438-4338
Online:          http://www.consumer.gov/idtheft

PRIVACY RIGHTS:
You may also want to review your Privacy Rights at www.privacyrights.org for more information.