Hackers increasingly zero in on small businesses
The percentage of targeted attacks aimed at small businesses doubled in the first half of 2012, an indication that hackers are dedicating more resources to what they see as the most vulnerable marks, a major security vendor said.
In the first six months of the year, more than a third of targeted attacks on businesses were pointed toward companies with fewer than 250 employees. That was twice the percentage of attacks aimed at similar sized companies at the end of 2011, Symantec said in its mid-year Intelligence Report.
A targeted attack is one that's tailored to a specific company. Cyber criminals customize malware to particular vulnerabilities and use information gathered publicly -- or stolen from other companies -- to create emails with malicious attachements that have a higher chance of being opened by employees. That type of social engineering has proved successful despite corporate efforts to bolster security training and warn workers away from opening potentially dangerous emails. Read more...
Kaspersky detects more APT attacks targeting Macs
Kaspersky Labs has detected a new wave of Mac OS X APT (advanced persistent threat) attacks, marking the second time this year the security company has presented evidence that the Apple platform is susceptible to such threats.
This particular attack is aimed at Uyghur activists -- but that's no reason for other Mac users to be complacent. "With Macs growing in popularity and their increased adoption by high-profile targets, we expect the number of Mac OS X APT attacks will also grow," cautioned Costin Raiu, a Kaspersky Lab Expert. Read more...
Microsoft quashes 21 bugs, blocks drive-by attacks
Microsoft today issued nine security updates that patched 21 vulnerabilities in Windows, Internet Explorer (IE), Office, .Net, Silverlight and SharePoint Server, including several critical bugs that can be exploited with drive-by attacks.
Four of the nine updates were labeled "critical," Microsoft's highest threat ranking; the others were marked "important." Of the 21 total vulnerabilities, Microsoft classified six as critical, 14 as important and one as "moderate," a step below important on the company's four-step rating system.
MS12-010, which included fixes for four vulnerabilities in Ie, and MS12-013, a one-patch update to Windows Vista, Windows 7, Server 2008 and Server 2008 R2, were unanimously selected by both Microsoft and independent security researchers as the two to deploy immediately. Read more...
Websites, apps vulnerable to low-bandwidth, bot-free takedown, say researchers
Hackers armed with a single machine and a minimal broadband connection can cripple Web servers, researchers disclosed Wednesday, putting uncounted websites and Web apps at risk from denial-of-service attacks.
In a security advisory issued the same day, Microsoft, whose ASP .Net programming language is one of several affected by the flaw, promised to patch the vulnerability and offered customers ways to protect their servers until it releases an update.
In a follow-up message, Microsoft announced it was shipping an "out-of-band," or emergency update today. The update was released at 1 p.m. ET. Designated MS11-100, it also fixed three other bugs in ASP .Net, one tagged "critical." None of those three had been disclosed publicly prior to today.
The problem that caused a stir in the security community exists in many of the Web's most popular application and site programming languages, including ASP .Net, the open-source PHP and Ruby, Oracle's Java and Google's V8 JavaScript, according to two German researchers, Alexander Klink and Julian Walde. Read more...
10 years after 9/11, cyberattacks pose national threat, committee says
Ten years after the terrorist attacks of Sept. 11, 2001, the nation faces a critical threat to its security from cyberattacks, a new report by a bipartisan think tank warns.
The report, released last week by the Bipartisan Policy Center's National Security Preparedness Group (NSPG), offers a broad assessment of the progress that the public sector has made in implementing the security recommendations of the 9/11 Commission. The comments about cybersecurity are part of broader discussion on nine security recommendations that have yet to be implemented.
The report, the foreword to which is signed by Lee Hamilton, a former Democratic representative from Indiana, and Thomas Kean, former governor of New Jersey, notes that catastrophic cyberattacks against U.S. critical infrastructure targets are not a mere theoretical threat. Read more...
Hackers acquire Google certificate, could hijack Gmail accounts
Hackers have obtained a digital certificate good for any Google website from a Dutch certificate provider, a security researcher said today.
Criminals could use the certificate to conduct "man-in-the-middle" attacks targeting users of Gmail, Google's search engine or any other service operated by the Mountain View, Calif. company.
"This is a wildcard for any of the Google domains," said Roel Schouwenberg, senior malware researcher with Kaspersky Lab, in an email interview Monday.
"[Attackers] could poison DNS, present their site with the fake cert and bingo, they have the user's credentials," said Andrew Storms, director of security operations at nCircle Security. Read more...
Linux marks 20th anniversary, recounts past slights from Microsoft
The mythical "year of the Linux desktop" still hasn't come, and may never, but on the 20th anniversary of Linux the free operating system's proponents threw a party to celebrate its success and scoff at past attacks launched by Microsoft, its biggest rival.
Linux Foundation Executive Director Jim Zemlin - known among Network World readers for saying that bashing Microsoft is "like kicking a puppy" - used his keynote at the LinuxCon conference in Vancouver to recount past slights from Microsoft and explain how wrong they were, one by one. Read more...
Google highlights trouble in detecting web-based malware
Google issued a new study on Wednesday detailing how it is becoming more difficult to identify malicious websites and attacks, with antivirus software proving to be an ineffective defense against new ones.
The company's engineers analyzed four years worth of data comprising 8 million websites and 160 million web pages from its Safe Browsing service, which is an API (application programming interface) that feeds data into Google's Chrome browser and Firefox and warns users when they hit a website loaded with malware.
Google said it displays 3 million warnings of unsafe websites to 400 million users a day. The company scans the Web, using several methods to figure out if a site is malicious.
"Like other service providers, we are engaged in an arms race with malware distributors," according to a blog post from Google's security team.
That detection process is becoming more difficult due to a variety of evasion techniques employed by attackers that are designed to stop their websites from being flagged as bad, according to the report. Read more...
China hit by 480,000 Trojan horse attacks in 2010
China said it saw close to 480,000 Trojan horse attacks in 2010, with almost half originating from outside the country, according to a government security agency.
China's National Computer Network Emergency Response Technical Team (CNCERT) released some of the figures Tuesday from an upcoming annual report. Of the 221,000 attacks that originated outside of China, 14.7% came from the U.S., while another 8.8% came from India. Read more...
Attackers Can Use IPv6 to Launch Man-in-the-Middle Attacks
Attackers are already using IPv6 networks to attack users on IPv4 networks. One security researcher outlines one possible attack scenario.
Organizations face several information security challenges as they transition from IPv4 to IPv6, according to security experts. The difficulties are compounded by the fact that some attackers are using the IPv6 address space to sneak attacks onto IPv4 networks.
Even though theĀ transition to IPv6 has been notoriously slow amongst organizations, many cyber-criminals have already made the switch, James Lyne, director of technology strategy at Sophos told . Many scammers are pushing out spam over the IPv6 infrastructure and taking advantage of misconfigured firewalls. Read more...