01/08/2010

Banking in a Time of Cybercrime

Any small business, educational organization or local government needs to be wary these days. In the past year, cybercriminals have increasingly targeted these less-than-security-savvy groups with malicious software tailored to facilitate bank fraud.

In one case, which I documented for an article in Technology Review, online thieves targeted the accountant at a small California firm with a banking trojan. When the worker signed into the company’s bank account, the thieves initiated 27 fraudulent transactions totaling approximately $447,000. Former Washington Post reporter Brian Krebs has reported on over two dozen such cases. In total, the government estimates that businesses have lost more than $100 million as of early November.

Now, financial institutions and the government are preparing to advise businesses and other organizations on how to better bank online in these treacherous times.

UnsafeBits

Posted at 05:06 PM in Articles, Cybercrime, Law and Policy, Published on UnsafeBits, Security | | Comments (0) | TrackBack (0)

Taming the Transfer of Monster-Sized Files

Despite being insecure and outdated, the file transfer protocol (FTP) continues to be a popular method for sending large files between data centers, corporate divisions, branch offices or business partners. But watch out.

A study commissioned by Sterling Commerce, a subsidiary of AT&T that focuses on business and collaboration software, found that nearly a third of companies do the majority—as much as 80 percent—of their large file transfers using FTP. Yet, the same study found that 93 percent of companies experienced failures in FTP transmission. Another survey of manufacturers conducted by Sterling found that about 8 percent of their file transfers fail.

CIO.com

Posted at 11:57 AM in Articles, Data Centers, Enterprise Technology, Published on CIO.com, Software | | Comments (0) | TrackBack (0)

01/06/2010

Zeus Attracts Developer Ecosystem

For the entry-level cybercriminal, the Zeus do-it-yourself botnet creation kit has become the go-to program for getting a modest botnet up and running.

An entire business ecosystem has evolved to serve the needs of would-be cybercriminals. Their draw to Zeus: Ease of use, a competitive marketplace, and lots of customization. The result is that cybercriminal networks based on the Zeus kits account for about one-in-ten botnets, according to security firm Damballa.

And the demand is feeding more development and competition, says Gunter Ollmann, Damballa’s vice president of research.

UnsafeBits

Posted at 12:10 PM in Articles, Cybercrime, Published on UnsafeBits, Viruses and Worms | | Comments (0) | TrackBack (0)

01/04/2010

Broken Exploit? Not so Fast

Attackers don’t always get it right. Many times, their attempts to exploit a program or a computer system go awry. The result: A crash.

So, when Bojan Zdrnja, a Croatia-based handler for SANS Internet Storm Center, looked at a PDF document submitted to the volunteer group of security experts, he didn’t think it odd that it merely seemed to crash Adobe’s Acrobat Reader. To Zdrnja, the document clearly had been altered, but not in a way that could have exploited Acrobat or the operating system.

UnsafeBits

Posted at 12:08 PM in Articles, Cybercrime, Hacking, Published on UnsafeBits, Research, Security | | Comments (0) | TrackBack (0)

12/18/2009

Twitter attacker had proper credentials

While Twitter has remained largely quiet on the hour-long hijacking of its domain name, additional information suggests that the attacker had compromised at least one user at the social networking company.

On Thursday, an unknown attacker hijacked Twitter's domain name and redirected visitors to an unrelated site hosting a page claiming Twitter had been hacked by the "Iranian Cyber Army." Evidence indicates, however, that the attackers were able to change the domain-name system (DNS) entries at Twitter's provider, Dyn Inc., said Rod Rasmussen, president and CEO of Internet Identity, an infrastructure security firm which monitors DNS changes.

SecurityFocus

Posted at 12:02 PM in Articles, Cybercrime, Hacking, Published on SecurityFocus, Security | | Comments (0) | TrackBack (0)

PhotoDNA scans images for child abuse

Internet service providers may have better success at scanning their networks to actively seek out illicit images of child abuse, thanks to technology donated by Microsoft and Dartmouth College.

On Wednesday, the software giant and the well-known college announced that they had developed a software program to match modified images to the original by using a form of robust hashing that can ignore certain types of changes, such as resizing, cropping and the inclusion of text. The team donated the program, dubbed PhotoDNA, to the National Center for Missing and Exploited Children.

SecurityFocus

Posted at 11:06 AM in Articles, Law and Policy, Published on SecurityFocus, Research, Software | | Comments (0) | TrackBack (0)

12/16/2009

Conficker data highlights infected networks

Conficker may be under control, but the malicious family of programs is resident on more than 6.5 million computers worldwide, with more than 5 percent of some network's Internet addresses showing signs of infection.

On Wednesday, the ShadowServer Foundation took the wraps off a revamped statistics page, showing how far the three main variants of Conficker have spread and the degree to which the world's networks are infected. More than 12,000 networks, as represented by their autonomous system numbers (ASNs), show signs of infection by Conficker. The ShadowServer Foundation limited their displayed data to the top 500 networks.

SecurityFocus

Posted at 12:04 PM in Antivirus, Articles, Cybercrime, Published on SecurityFocus, Security, Viruses and Worms | | Comments (0) | TrackBack (0)

12/10/2009

Harnessing the Cloud for Hacking

"Security is moving into the cloud ... so the attacks will follow security into the cloud as well," says Marlinspike. "Password cracking is an obvious thing. Normally, it is cost-prohibitive to run CPU-intensive jobs. [With cloud computing] it costs a lot less money than doing it yourself."

At its core, cloud computing is about providing services or infrastructure through the Internet that can easily be ramped up to meet demand. Online giants, including Amazon, Google, and Microsoft, all have services that offer the ability to run an application in a large data center or to rent time on a cluster of virtual computers, allowing customers to tap into large amounts of computing power more efficiently.

Security experts say the performance and costs advantages of cloud computing are already luring cybercriminals.

Technology Review

Posted at 09:42 PM in Articles, Cloud Computing, Cybercrime, Hacking, Published on Technology Review, Security | | Comments (0) | TrackBack (0)

12/04/2009

How to Keep Your Data Center Happy for the Holidays

In the brick-and-mortar world, this holiday season is shaping up to be a wash: More people are shopping, but they are spending less.

The online picture is different, however. Greater numbers of people are going online to shop and spending more. Data collection from retail sites showed that sales were up nearly 14 percent on the Monday following Thanksgiving, known as Cyber Monday, compared to a year ago, according to Web information firm Coremetrics. The amount spent per sale rose 38 percent, the firm says.

The trend highlights the importance of keeping the data centers powering e-commerce sites and online traffic running smoothly, says Dan Blum, principal analyst for the Burton Group.

CIO.com

Posted at 11:37 AM in Articles, Cloud Computing, Data Centers, Published on CIO.com, Security | | Comments (0) | TrackBack (0)

11/25/2009

Nasty iPhone Worm Hints at the Future

As mobile phones get more powerful, the threat of serious attacks against such devices increases, security experts warn. This week, cybercriminals moved closer to proving this point--exploiting a weakness in modified iPhones to spread a worm programmed to steal banking information. Some experts say the worm may be a sign that criminals are getting more savvy about hacking mobile devices.

Technology Review

Posted at 09:40 AM in Articles, Consumer Technology, Cybercrime, Hacking, Hardware, Published on Technology Review, Security, Viruses and Worms | | Comments (0) | TrackBack (0)

Next »