Although last week’s theft of identity data on 3.3 million people with student loans may not have been the work of hackers, it still underscores the need for organizations to safeguard their private information from every type of crime. In other words, even with the most sophisticated anti-fraud tools in place, a company’s network can still be seriously compromised by a single swipe of a briefcase.
In the article, “Data Theft Hits 3.3 Million Borrowers,” a spokesperson for the victimized Educational Credit Management Corporation (ECMC), a nonprofit company that helps with student loan financing, said the stolen information was on a portable media device. Despite being a simple old-fashioned theft, the company and federal officials believe the incident was the largest-ever breach of such information, which could potentially affect as many as 5% of all federal student-loan borrowers. ( Read More… )
If securing our enterprise wasn’t already a full-time job, smart phones are becoming a popular platform for hackers to penetrate larger company systems. In Bill Brenner’s article, “Smart Phone Attacks: Here and Now,” he writes that after years of anticipating smart phone threats we’ve finally come to a point where we can no longer ignore them.
Smart phone threats have been looming for years. But with more people now using their BlackBerry’s and iPhones like their home computers and laptops to surf the Internet, trade files and potentially open infected email attachments, their phones can fall prey to viruses and malware that steal sensitive information such as credit card and Social Security numbers. Brenner writes:
“With all this happening, the bad guys now have reason to shift their attention and create new flavors of mobile malware. With so many of these devices hooked to company networks for access to e-mail and other programs, attacks on the phones can now be used to penetrate larger company systems. In other words, it’s time for IT security practitioners to start paying attention and making plans.”
Google’s head of Android security, Rich Cannings, agrees. He said phone attacks are not a thing of the future. They are upon us. And as smart phones grow in popularity, so will the number of attacks. “The smartphone OS will become a major security target. Personally, I think this will become an epiphany to malware authors.”
And one doesn’t have to look far to see how quickly this can be done. An article published today reported how a security analyst was able to successfully exploit Apple’s Safari browser on a MacBook Pro on the first day of a Pwn20wn contest, which awarded the winner the hardware they successfully attacked. It appears that these hacks involved a payload first being deposited before executing. Application whitelisting would have stopped them from running in the first place.
Compounding the problem is the fact that the growing number of applications on smart phones leave the same security holes wide open. With more mobile devices now being used to access corporate networks, security professionals need to consider how they can protect their systems from growing mobile threats.
On Saturday, a faulty update for 64-bit Windows systems caused the BitDefender anti-virus software to flag thousands of legitimate Windows and BitDefender files as potential threats to the system. According to an article by Brian Krebs, “Bad BitDefender Antivirus Update Hobbles Windows PCs,” the glitch caused quite a stir with users who expressed their concerns on the antivirus firm’s Twitter page.
BitDefender later issued a statement to users saying it was creating a patch that would restore the quarantined files. The company also posted a partial recovery for users to follow, but that was met with more disconcerting Tweet’s from users saying that after following the instructions they were still unable to boot up their computers.
To make matters worse, BitDefender has also reportedly warned users that malware writers are issuing fake downloads that fix the problem. The company is advising users to download the fix only from its website.
This story appears to be another example of the escalating problems antivirus solutions are experiencing with bad system updates. The inability to effectively stop malicious code from exploiting system vulnerabilities is causing more work and frustrations for security professionals and users, alike. Including application whitelisting as part of a company’s endpoint security strategy not only prevents malicious code from executing, but also eliminates the risks that can accompany updates.
Most recent comment:
Greg Newman
Ahhhh, you guys are trying to make it EASY on everybody. Great! And then WHAT are we gonna do with ...
Escalating revenue losses from cyber crimes and understaffed network security teams have Indian companies more concerned about cyber attacks than terrorism.
In the article, “Cyber attacks worry firms more than terrorism,” the “2010 State of Enterprise Security Study” conducted by Symantec Software Solutions Pvt. Ltd. found that 42% of companies representing industries such as telecom, hospitality, manufacturing, retail and technology perceive cyber attacks as the biggest threat to their enterprises.
One reason cited was the lack of adequate network security. Over the past year, 66% of companies surveyed said they had experienced cyber intrusions while 51% reported repeated attacks. The study also pointed out that deployment of enterprise security has turned into a difficult task for many organizations. Said Vishal Dhupar, managing director at Symantec:
“Enterprise security is understaffed and the most affected areas in organizations are network security, web security and data-loss prevention. To tackle the issue, companies need to secure their messaging and web environments and defending critical internal servers. They should also have the ability to back up and recover data and respond to threats rapidly.
With the rise in malicious attacks targeting sectors that can have a significant impact on India’s economy, one has to wonder if cyber attacks and terrorism weren’t one in the same. As I mentioned in a recent blog, “Are we in a cyberwar or not?” cyber threats continue to have a growing impact on our nation’s economy and global competitiveness. Although U.S. Cyber Czar, Howard Schmidt, may not think we are engaged in cyber warfare, the impacts from targeted attacks are being felt everywhere, and are top IT concerns for many organizations and nations around the world.
A recent study by NSS Labs revealed just how ineffective some of today’s top anti-virus software solutions are at stopping one of the most highly profiled and successful cyber attacks of 2010. According to the article, “More Anti-Virus Fail,” NSS Labs created variants of the Operation Aurora attack to see how many AV products caught the malicious code. The result: Only one out of the seven products tested correctly thwarted multiple exploits and malicious code payloads.
This says a lot about the current state of the AV industry. With so many new viruses and malware variants successfully bypassing security solutions, it is time to shift our way of thinking about how to protect our networks from new and unknown forms of malware and viruses.
With online crime losses doubling in 2009, we simply can’t afford to rely solely on AV software to protect our critical infrastructures from the countless number of malware variants out there. If these solutions are already losing the battle against highly visible malware, I can’t imagine the success rate of stopping unknown attacks would be any better.
As an example of how the industry currently looks at these problems, NSS Labs’ CTO, Vikram Phatak, said: “There are many ways to possibly exploit a vulnerability, and rather than focusing on every attack method, vendors need to focus on [shielding] the vulnerability itself.”
Vikram is correct in pointing out that you can’t defend against every attack method, but focusing on protecting against exploitation of the vulnerability is reactive, and a failure as well. This still leaves companies open to newly discovered vulnerabilities, relies on reactive patching and security system updates, and will ultimately fall on its face. We need to completely rethink our approach to endpoint security that begins with a foundation of whitelisting that would defeat new malware completely independently of the vulnerability or attack.