The sharing of personal information over the Internet has been a huge driver for targeted attacks, which are designed to steal highly sensitive corporate information. According to the article, “Surviving today’s targeted attacks,” hackers who once sought fame and notoriety are now motivated by money. Targeted attacks go after the most valuable corporate data including source codes, future product information, third-party data, executives’ emails and customer information. Stefan Tanase, senior security researcher at Kaspersky Lab, said there are four steps cyber criminals take in executing a targeted attack: ( Read More… )
Laser focus attacks, new exploits, and ongoing security woes continue to leave many organizations in disarray about how to defend their networks against highly targeted cyber-attacks. Even the government, which has taken a hard stance on protecting our digital infrastructure, has been slow to move. Here were some of the top security stories from May 2010. ( Read More… )
An interesting study released this week shows that about 1.3 million malicious ads are being viewed online everyday. Most of these malvertisements are pushing drive-by downloads and fake security software. Some of the key findings in the report include:
Users are twice as likely to get infected by a malware ad on a weekend
The average lifetime of a malvertisement is 7.3 days
97% of Fortune 500 websites are at a high risk due to their external partners (JavaScript widget providers, packaged software providers etc.)
69% of Fortune 500 companies use external JavaScript to render portions of their sites
64% of Fortune 500 companies are running outdated web applications
This study drives home the point that everybody is exposed. Whether it’s a consumer hitting an ad on a website that’s got malware or an attack targeting the person running the grid, the fact is as long as there’s a human being in the loop malware is going to get deposited.
What I find interesting is that malvertisments targeting consumers take the same payload-type approaches as APTs that are specifically designed to go after the top government or corporate information, but just not in the same highly targeted, sniper-type fashion. But whatever approach is taken, the cornerstone to every one of these types of attacks that deposit some type of targeted malware is the payload.
This brings me to a poll question I’d like to ask you: What’s the most important step to stopping malware payloads? Said differently, if you could only do ONE thing to stop these attacks, which approach would you take? I’d love to get your feedback on it.
http://www.networkworld.com/newsletters/sec/2010/052410sec2.html?source=NWWNLE_nlt_security_2010-05-28
Daniel Kennedy, Master of Science in Information Assurance (MSIA) from the School of Graduate Studies of Norwich University and co-created ...
Because of the strong demand for application whitelisting, I couldn’t be happier with the significant growth CoreTrace continues to experience well into 2010. Nearly halfway into the New Year, I’m also very pleased to announce the addition of three software veterans who have joined our senior management team and will lead both our sales and product efforts. ( Read More… )
Earlier this week, I wrote how modern day targeted attacks don’t lend themselves to today’s security solutions. I’d like to follow up those thoughts by exploring strategies for combating these types of highly calculated threats.
While organizations focus on their business growth, they are also forced to contend with cyber criminals targeting their corporate networks to steal valuable information that can make them lots of money. As a result, evolving fraud professionals are truly changing how businesses protect their private data and fight cyber crime. ( Read More… )
Questions? Leads on topics? Ideas for improvement? Or just want to open up a dialog and chat with us about — whatever? We want to hear what you have to say!