Research from Kaspersky Lab shows malware on social networking sites such as Facebook and MySpace is 10 times more successful at infecting users than e-mail-based attacks. Enterprises and users need to adopt sound security practices to deal with the problem.
That hackers are using sites such as Facebook, LinkedIn and MySpace to launch attacks is no revelation. New statistics, however, show just how effective malware on social networking sites can be.

In its “Malware Evolution 2008″ report, published in February 2009, Kaspersky Lab revealed that malicious code distributed via social networking sites has a success rate of 10 percent in terms of infections, making it 10 times more potent than malware distributed via e-mail.

“In 2008 we increased the collection of malicious files relating to social networks by approximately 26,000,” said Stefan Tanase, a security researcher for the Kaspersky Lab Global Research and Analysis Team. “In 2008 alone we processed more of those samples than in the total of all years prior to 2008, making the growth rate exponential. Our collection of malicious software samples reached 43,000 at the end of last year.”

Tanase said he expects that number to hit 100,000 by the end of 2009. According to McAfee, 800 new variants of the notorious Koobface virus were discovered in March alone. Social networking sites have also been hit by malware hidden in seemingly legitimate third-party applications.

No particular site is more dangerous than others, Tanase said. Different sites are popular in different regions of the world, and attackers follow the users.

“It’s very hard for social networking sites to do better,” he said. “Their business is about having an easy-to-use Website, so that everyone can join. The problem is that usability and security don’t really go hand in hand most of the time.”

For enterprises, that means developing policies to control the use of social networks by employees. Organizations can instruct employees not to mention the company name on social networking sites, for example, and can couple that with education on configuring privacy settings and general Web safety.

“Blocking access to social networking site[s] is not going to work in the long run,” said Chenxi Wang, an analyst with Forrester Research. “As younger employees join the work force, they increasingly expect to have access to social networking sites from work, [so] having such a restrictive policy will damage the company’s [prospects of attracting] employees and ultimately may become a competitive advantage [to competitors].”

As for basic security advice, Tanase advised users to limit the code executed inside their browsers to trusted sources only and to make sure the operating system, anti-virus application and other software are fully patched and up-to-date.

“When talking about social networks, even though they are made of users wandering throughout cyber-space, we should not forget we’re actually talking about real people, actual human beings that have friends and relationships,” he said. “These relationships are usually based on trust, so the bad guys are trying to exploit this trust.” 

http://www.eweek.com/c/a/Security/Social-Networks-10-Times-as-Effective-for-Hackers-Malware-892010/?kc=rss

Note from Dave:  Soon I hope to start writing some more original content, until then I will continue to post hacker related news on here.  The reason I am post these articles is simple, Cyber Security is not an option.  Many businesses get it, others not so much.  If the FAA and the Pentagon can be successfully hacked,  how safe do you think you really are?  Better to understand your weaknesses and try to mitigate those vulnerabilities than to put you head back in the sand.

Dave

Hackers have broken into the air traffic control mission-support systems of the U.S. Federal Aviation Administration several times in recent years, according to an Inspector General report sent to the FAA this week.

In February, hackers compromised an FAA public-facing computer and used it to gain access to personally identifiable information, such as Social Security numbers, on 48,000 current and former FAA employees, the report said.

Last year, hackers took control of FAA critical network servers and could have shut them down, which would have seriously disrupted the agency’s mission-support network, the report said. Hackers took over FAA computers in Alaska, becoming “insiders,” according to the report dated Monday.

Then, taking advantage of interconnected networks, hackers later stole an administrator’s password in Oklahoma, installed “malicious codes” with the stolen password and compromised the FAA domain controller in the Western Pacific Region, giving them the access to more than 40,000 FAA user IDs, passwords, and other data used to control a portion of the mission-support network, the report said.

And in 2006, a virus spread to the air traffic control (ATC) systems, forcing the FAA to shut down a portion of its systems in Alaska, according to the report.

The attacks so far have primarily disrupted mission-support functions, but attacks could spread over network connections from those areas to the operational networks where real-time surveillance, communications and flight information is processed, the report warned.

“In our opinion, unless effective action is taken quickly, it is likely to be a matter of when, not if, ATC systems encounter attacks that do serious harm to ATC operations,” the report concluded.

An audit of the FAA’s air traffic control cybersecurity protection measures finds them lacking and says there have been several breaches by hackers and a virus.

(Credit: U.S. Department of Transportation, Office of Inspector General)

The breaches were possible because Web applications that support the air traffic control system operations are not properly secured to prevent unauthorized access and network intrusion-detection software is not adequately being used to monitor and detect cyberattacks, the report concluded.

The FAA’s increasing use of commercial software and Internet Protocol-based technologies as part of an effort to modernize the air traffic control systems poses a higher security risk to the systems than when they relied primarily on proprietary software, the report said.

“Now, attackers can take advantage of software vulnerabilities in commercial IP products to exploit ATC systems, which is especially worrisome at a time when the Nation is facing increased threats from sophisticated nation-state-sponsored cyber attacks,” the report said.

In general, the nation’s critical infrastructure is increasingly at risk as previously isolated and closed systems are moved to the Internet and commercial software, like Windows, is used, security experts have said.

The air traffic control system auditors said they discovered more than 760 high-risk vulnerabilities in the Web applications tested, including holes that provided “front-door access” to the systems and could allow attackers to inject malicious code onto FAA user computers. Web applications were not adequately configured and the applications with known vulnerabilities were not patched in a timely manner, auditors found.

Meanwhile, intrusion detection systems (IDS) are deployed at only 11 of hundreds of air traffic control facilities and none of the IDS sensors is installed to monitor operational systems at those sites, the report said. Cyber incidents are not effectively monitored or fixed quickly, the report concluded.

In 2008, more than 870 cyber incident alerts were issued to the organization responsible for air traffic control operations and by the end of the year 17 percent (more than 150 incidents) had not been remediated, “including critical incidents in which hackers may have taken over control” of operations computers, the report said.

The FAA is “identifying and fixing weaknesses,” FAA spokeswoman Laura Brown told The Wall Street Journal. “We are working on developing security architecture for that whole system.”

However, Brown dismissed the notion that hackers could get access to critical air traffic control operational systems.

The audit of the air traffic control systems was requested by the ranking minority members of the House Committee on Transportation and Infrastructure and its Aviation Subcommittee.

http://news.cnet.com/8301-1009_3-10236028-83.html

WASHINGTON — Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven’t sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.

“The Chinese have attempted to map our infrastructure, such as the electrical grid,” said a senior intelligence official. “So have the Russians.”

The espionage appeared pervasive across the U.S. and doesn’t target a particular company or region, said a former Department of Homeland Security official. “There are intrusions, and they are growing,” the former official said, referring to electrical systems. “There were a lot last year.”

Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, “If we go to war with them, they will try to turn them on.”

Officials said water, sewage and other infrastructure systems also were at risk.

“Over the past several years, we have seen cyberattacks against critical infrastructures abroad, and many of our own infrastructures are as vulnerable as their foreign counterparts,” Director of National Intelligence Dennis Blair recently told lawmakers. “A number of nations, including Russia and China, can disrupt elements of the U.S. information infrastructure.”

Officials cautioned that the motivation of the cyberspies wasn’t well understood, and they don’t see an immediate danger. China, for example, has little incentive to disrupt the U.S. economy because it relies on American consumers and holds U.S. government debt.

But protecting the electrical grid and other infrastructure is a key part of the Obama administration’s cybersecurity review, which is to be completed next week. Under the Bush administration, Congress approved $17 billion in secret funds to protect government networks, according to people familiar with the budget. The Obama administration is weighing whether to expand the program to address vulnerabilities in private computer networks, which would cost billions of dollars more. A senior Pentagon official said Tuesday the Pentagon has spent $100 million in the past six months repairing cyber damage.

Overseas examples show the potential havoc. In 2000, a disgruntled employee rigged a computerized control system at a water-treatment plant in Australia, releasing more than 200,000 gallons of sewage into parks, rivers and the grounds of a Hyatt hotel.

Last year, a senior Central Intelligence Agency official, Tom Donohue, told a meeting of utility company representatives in New Orleans that a cyberattack had taken out power equipment in multiple regions outside the U.S. The outage was followed with extortion demands, he said.

The U.S. electrical grid comprises three separate electric networks, covering the East, the West and Texas. Each includes many thousands of miles of transmission lines, power plants and substations. The flow of power is controlled by local utilities or regional transmission organizations. The growing reliance of utilities on Internet-based communication has increased the vulnerability of control systems to spies and hackers, according to government reports.

The sophistication of the U.S. intrusions — which extend beyond electric to other key infrastructure systems — suggests that China and Russia are mainly responsible, according to intelligence officials and cybersecurity specialists. While terrorist groups could develop the ability to penetrate U.S. infrastructure, they don’t appear to have yet mounted attacks, these officials say.

It is nearly impossible to know whether or not an attack is government-sponsored because of the difficulty in tracking true identities in cyberspace. U.S. officials said investigators have followed electronic trails of stolen data to China and Russia.

Russian and Chinese officials have denied any wrongdoing. “These are pure speculations,” said Yevgeniy Khorishko, a spokesman at the Russian Embassy. “Russia has nothing to do with the cyberattacks on the U.S. infrastructure, or on any infrastructure in any other country in the world.”

A spokesman for the Chinese Embassy in Washington, Wang Baodong, said the Chinese government “resolutely oppose[s] any crime, including hacking, that destroys the Internet or computer network” and has laws barring the practice. China was ready to cooperate with other countries to counter such attacks, he said, and added that “some people overseas with Cold War mentality are indulged in fabricating the sheer lies of the so-called cyberspies in China.”

Utilities are reluctant to speak about the dangers. “Much of what we’ve done, we can’t talk about,” said Ray Dotter, a spokesman at PJM Interconnection LLC, which coordinates the movement of wholesale electricity in 13 states and the District of Columbia. He said the organization has beefed up its security, in conformance with federal standards.

In January 2008, the Federal Energy Regulatory Commission approved new protection measures that required improvements in the security of computer servers and better plans for handling attacks.

Last week, Senate Democrats introduced a proposal that would require all critical infrastructure companies to meet new cybersecurity standards and grant the president emergency powers over control of the grid systems and other infrastructure.

Specialists at the U.S. Cyber Consequences Unit, a nonprofit research institute, said attack programs search for openings in a network, much as a thief tests locks on doors. Once inside, these programs and their human controllers can acquire the same access and powers as a systems administrator.

The White House review of cybersecurity programs is studying ways to shield the electrical grid from such attacks, said James Lewis, who directed a study for the Center for Strategic and International Studies and has met with White House reviewers.

The reliability of the grid is ultimately the responsibility of the North American Electric Reliability Corp., an independent standards-setting organization overseen by the Federal Energy Regulatory Commission.

The NERC set standards last year requiring companies to designate “critical cyber assets.” Companies, for example, must check the backgrounds of employees and install firewalls to separate administrative networks from those that control electricity flow. The group will begin auditing compliance in July.

—Rebecca Smith contributed to this article

http://online.wsj.com/article/SB123914805204099085.html

Looks like the Chinese are still aggresively attacking anyone and everyone – Dave

Computer hackers based in China built up a network of compromised computers in the offices of the Dalai Lama and many other national government offices and organisations around the world, Canadian computer security researchers have revealed.

The network, nicknamed GhostNet, included over 1295 computers belonging to the Tibetan Government in Exile, embassies belonging to countries including India, South Korea and Germany, the Association of Southeast Asian Nations, and the Asian Development Bank.

The investigation was carried out by Information Warfare Monitor (IWM) – an organisation formed by Canadian think tank, the Secdev Group – and a laboratory at the Munk Centre for International Studies, University of Toronto.

Email lure

IWM hacked into the control servers running GhostNet, using information gleaned by University of Cambridge computer scientists Ross Anderson and Shishir Nagaraja, who last year cleaned up computers from the Dalai Lama’s office that had been infected with malicious software, nicknamed malware.

IWM say it is unclear whether the attacks were carried out with the support of the Chinese government, or whether they were the work of isolated hackers. The Chinese government has denied all involvement.

GhostNet is run from 10 servers, IWM says. Most of them are in China – at Hainan, Guangdong, Jiangsu and Sichuan – while two others are in Hong Kong and the mainland United States.

The network uses a Trojan, a program that seems innocuous to the computer user but, when run, a hidden part of it causes harm or allows outside access to a machine. In this case, emails were used to spread the Trojan – called gh0st RAT – either by sending the malware as an attachment or by using a web link to direct a person to a site where it was downloaded.

Targeted attacks

The emails seem to have been carefully crafted to maximise the chances of someone installing the Trojan. For example, the Dalai Lama’s office was infected after a member of staff opened an email that apparently came from the email address “campaigns@freetibet.org” and downloaded a Microsoft Word document that appeared to relate to Tibetan independence.

In recent years, security services have frequently blamed cyber attacks on other governments, although comprehensive proof of their being used in such a way has not been made public. The Pentagon is now investing in greater cyber-defences for the US, while the UN recently added cyber weapons to the list of those considered by its body that advises on weapons of mass destruction.

As a sign of the shifting face of war, NATO last year opened its first “cyber defence centre”, dedicated to protecting its member nations from such attacks

Read more at http://www.newscientist.com/article/dn16862-chinese-spy-network-infiltrated-embassies-worldwide.html