While it has been in existence for years (which is another issue altogether), there is a “new” critical infrastructure attack in the news today: “Night Dragon”. In addition to naming this new attack with a really cool name, our friends at McAfee have done an excellent job analyzing every part of the multi-pronged attack in whitepaper titled “Global Energy Cyberattacks: Night Dragon”.
Night Dragon is a fascinating attack, with all sorts of international intrigue including links to entities in China (for a great primer on purported Chinese involvement in cyberattacks, check out Richard Stiennon’s blog). However, the multi-pronged attack is easily prevented by any good application whitelisting solution–just like Stuxnet. Continue reading this post…
A survey released this week found that more than 50% of financial services professionals consider banking Trojans such as Zeus to be the greatest threat to online banking today. Typically aimed at stripping business accounts of assets, the malware attacks steal from legitimate accounts and transfer funds to fraudsters’ own accounts or money mules.
69% of respondents said their organizations have seen an increase in Zeus-style attacks against customer accounts over the past year. The report noted that these types of attacks hit online banking services that 1-in-3 respondents said are either “extremely” or “very” vulnerable to attacks — online Automated Clearing House (ACH) and wire transfers. Continue reading this post…
An RSA study released on Wednesday claims that most major U.S. corporations — including up to 88% of Fortune 500 companies — may be affected by botnet activity from computers compromised by the Zeus Trojan.
In the article, “88 percent of firms show Zeus botnet activity,” RSA’s FraudAction Anti-Trojan services analyzed data stolen by Zeus from infected computers that included IP addresses and emails that belonged to the corporations. Among the stolen data found on the sites where infected computers drop the stolen data was compromised email addresses from about 60% of the firms. Continue reading this post…
In the midst of March Madness, it seems like security professionals everywhere are scurrying to find ways to safeguard their enterprises from new forms of malware and exploit techniques that have successfully bypassed most antivirus protections throughout the first quarter of 2010. With systems constantly under attack, what’s important is making sure our computer endpoints are protected from the latest viruses and botnets out there. Check out some of the top stories from March 2010.
Continue reading this post…