October saw another fake antivirus alert make the rounds, only this time masquerading Microsoft Security Essentials. This trend, along with more information about the Stuxnet worm, are making security experts wonder if these are signs of things to come. So, with cyber threats up and growing in severity, why then are security budgets down? According to McAfee, this is the paradox facing the IT security industry. Here are some of the top endpoint security stories of October 2010. Continue reading this post…
The white flag is a universal symbol of truce, a ceasefire if you will. In war, or in this case the war against cybercrime, McAfee this week issued a sort of truce with its call to arms for the security industry to take the offensive against malware attacks. This action speaks volumes about the current state of the security industry. And we couldn’t agree more. If one of the world’s leading antivirus security software makers is saying that the cat-and-mouse game of trying to keep up with the record amount of malware seen in the first half of 2010 is not working, then we all need to sit up and listen. Continue reading this post…
With targeted malware attacks posing greater threats to health care institutions, the director of CDPH, Dr. Mark Horton, said ensuring the privacy of patient data is a critical component to the medical industry.
“Medical privacy is a fundamental right and a critical component of quality medical care in California. We are very concerned with violations of patient confidentiality and their potential harm to the residents of California.”
While Federal regulations such as HIPAA have prompted health care organizations to take measures to better protect digital patient records, stopping highly targeted cyber attacks continue to be one of the industry’s top challenges. Continue reading this post…
Laser focus attacks, new exploits, and ongoing security woes continue to leave many organizations in disarray about how to defend their networks against highly targeted cyber-attacks. Even the government, which has taken a hard stance on protecting our digital infrastructure, has been slow to move. Here were some of the top security stories from May 2010. Continue reading this post…
An interesting study released this week shows that about 1.3 million malicious ads are being viewed online everyday. Most of these malvertisements are pushing drive-by downloads and fake security software. Some of the key findings in the report include:
Users are twice as likely to get infected by a malware ad on a weekend
The average lifetime of a malvertisement is 7.3 days
97% of Fortune 500 websites are at a high risk due to their external partners (JavaScript widget providers, packaged software providers etc.)
69% of Fortune 500 companies use external JavaScript to render portions of their sites
64% of Fortune 500 companies are running outdated web applications
This study drives home the point that everybody is exposed. Whether it’s a consumer hitting an ad on a website that’s got malware or an attack targeting the person running the grid, the fact is as long as there’s a human being in the loop malware is going to get deposited.
What I find interesting is that malvertisments targeting consumers take the same payload-type approaches as APTs that are specifically designed to go after the top government or corporate information, but just not in the same highly targeted, sniper-type fashion. But whatever approach is taken, the cornerstone to every one of these types of attacks that deposit some type of targeted malware is the payload.
This brings me to a poll question I’d like to ask you: What’s the most important step to stopping malware payloads? Said differently, if you could only do ONE thing to stop these attacks, which approach would you take? I’d love to get your feedback on it.
Questions? Leads on topics? Ideas for improvement? Or just want to open up a dialog and chat with us about — whatever? We want to hear what you have to say!