Just when browsers have become more secure from cybercrime, hackers are turning their attentions to the people using them. According to the article, “Microsoft: One in 14 downloads is malicious,” social engineering attacks have blossomed into one of the most preferred criminal tactics to get users to download harmful Trojans. With the rate of about 1 in every 14 programs downloaded by Windows users being some type of malware, Alex Stamos, a founding partner with security consulting firm, Isec Partners, said if attackers can’t get passed tougher browser defenses, they’re adopting new tricks that prey on peoples’ poor decision making.
Today, there are a number of different social engineering techniques that cyber criminals are using to deliver malware to end users, including:
Email from a friend: Users get a message from a friend telling them to view a video. When the link asks to download some required software, they are actually downloading a malicious program.
Continue reading this post…
Escalating revenue losses from cyber crimes and understaffed network security teams have Indian companies more concerned about cyber attacks than terrorism.
In the article, “Cyber attacks worry firms more than terrorism,” the “2010 State of Enterprise Security Study” conducted by Symantec Software Solutions Pvt. Ltd. found that 42% of companies representing industries such as telecom, hospitality, manufacturing, retail and technology perceive cyber attacks as the biggest threat to their enterprises.
One reason cited was the lack of adequate network security. Over the past year, 66% of companies surveyed said they had experienced cyber intrusions while 51% reported repeated attacks. The study also pointed out that deployment of enterprise security has turned into a difficult task for many organizations. Said Vishal Dhupar, managing director at Symantec:
“Enterprise security is understaffed and the most affected areas in organizations are network security, web security and data-loss prevention. To tackle the issue, companies need to secure their messaging and web environments and defending critical internal servers. They should also have the ability to back up and recover data and respond to threats rapidly.
With the rise in malicious attacks targeting sectors that can have a significant impact on India’s economy, one has to wonder if cyber attacks and terrorism weren’t one in the same. As I mentioned in a recent blog, “Are we in a cyberwar or not?” cyber threats continue to have a growing impact on our nation’s economy and global competitiveness. Although U.S. Cyber Czar, Howard Schmidt, may not think we are engaged in cyber warfare, the impacts from targeted attacks are being felt everywhere, and are top IT concerns for many organizations and nations around the world.
In its 2009 Annual Security Report, released today, Cisco Systems did an excellent job of explaining the 2009 threat landscape and outlining its expectations for 2010.
While the 40 page report covers many, many topics, there was one overarching theme that continued to bubble to the surface for me: there are no patches for people, and people are the primary vulnerability going forward.
Like it or not, our people (employees, contractors, partners, etc.) will continue accessing social media sites, cloud computing solutions and parts of the web that we know nothing about (the “Dark Web” as Cisco calls it). Continue reading this post…
There have been many cases of social networks overlapping security software this year. Whether they are using