An RSA study released on Wednesday claims that most major U.S. corporations — including up to 88% of Fortune 500 companies — may be affected by botnet activity from computers compromised by the Zeus Trojan.
In the article, “88 percent of firms show Zeus botnet activity,” RSA’s FraudAction Anti-Trojan services analyzed data stolen by Zeus from infected computers that included IP addresses and emails that belonged to the corporations. Among the stolen data found on the sites where infected computers drop the stolen data was compromised email addresses from about 60% of the firms. ( Read More… )
Targeted cyberattacks that use sophisticated social engineering techniques to exploit network vulnerabilities are creating advanced persistent threats (APT) to enterprise security models like never before. According to the article, “Targeted cyberattacks test enterprise security controls,” these threats pose a more immediate danger to sensitive data of U.S. commercial entities than a full-fledged cyberwar. George Kurtz, a long time colleague of mine and CTO of McAfee, expects these types of attacks to continue.
“These attacks have demonstrated that companies of all sectors are very lucrative targets. [APTs are] the equivalent of the modern drone on the battlefield. With pinpoint accuracy, they deliver their deadly payload, and once discovered — it is too late.”
One of the methods the article suggests to protect systems from targeted attacks is using a whitelist to allow specific traffic over its networks while excluding everything else. ( Read More… )
In Monday’s blog, “Why Rockefeller-Snowe’s Regulations Won’t Prepare The U.S. For Cyberwar,” security expert Richard Stiennon provides a straightforward analysis of why we can’t effectively regulate cyber security. In a nutshell, passing a new cyber security bill would do nothing to better prepare us for cyber attacks. What we need to do is beef up our defenses with accepted security practices. I couldn’t agree more.
Historically, legislation has proven to be woefully inadequate in preparing the U.S. for cyberwar. Why? Because there are no consequences. ( Read More… )
In the midst of March Madness, it seems like security professionals everywhere are scurrying to find ways to safeguard their enterprises from new forms of malware and exploit techniques that have successfully bypassed most antivirus protections throughout the first quarter of 2010. With systems constantly under attack, what’s important is making sure our computer endpoints are protected from the latest viruses and botnets out there. Check out some of the top stories from March 2010.
( Read More… )
Although last week’s theft of identity data on 3.3 million people with student loans may not have been the work of hackers, it still underscores the need for organizations to safeguard their private information from every type of crime. In other words, even with the most sophisticated anti-fraud tools in place, a company’s network can still be seriously compromised by a single swipe of a briefcase.
In the article, “Data Theft Hits 3.3 Million Borrowers,” a spokesperson for the victimized Educational Credit Management Corporation (ECMC), a nonprofit company that helps with student loan financing, said the stolen information was on a portable media device. Despite being a simple old-fashioned theft, the company and federal officials believe the incident was the largest-ever breach of such information, which could potentially affect as many as 5% of all federal student-loan borrowers. ( Read More… )