Posts Tagged ‘theft prevention’

Social Networking making it easier for Hackers

Uncategorized | Posted by Dave
May 14 2009

Research from Kaspersky Lab shows malware on social networking sites such as Facebook and MySpace is 10 times more successful at infecting users than e-mail-based attacks. Enterprises and users need to adopt sound security practices to deal with the problem.
That hackers are using sites such as Facebook, LinkedIn and MySpace to launch attacks is no revelation. New statistics, however, show just how effective malware on social networking sites can be.

In its “Malware Evolution 2008″ report, published in February 2009, Kaspersky Lab revealed that malicious code distributed via social networking sites has a success rate of 10 percent in terms of infections, making it 10 times more potent than malware distributed via e-mail.

“In 2008 we increased the collection of malicious files relating to social networks by approximately 26,000,” said Stefan Tanase, a security researcher for the Kaspersky Lab Global Research and Analysis Team. “In 2008 alone we processed more of those samples than in the total of all years prior to 2008, making the growth rate exponential. Our collection of malicious software samples reached 43,000 at the end of last year.”

Resource Library:
Employee Web Use and Misuse: Companies, Their Employees and the Internet
Top 10: To Trust or Not
The Shortcut Guide to Business Security Measures Using SSL
New Web Threats for 2009

Tanase said he expects that number to hit 100,000 by the end of 2009. According to McAfee, 800 new variants of the notorious Koobface virus were discovered in March alone. Social networking sites have also been hit by malware hidden in seemingly legitimate third-party applications.

No particular site is more dangerous than others, Tanase said. Different sites are popular in different regions of the world, and attackers follow the users.

“It’s very hard for social networking sites to do better,” he said. “Their business is about having an easy-to-use Website, so that everyone can join. The problem is that usability and security don’t really go hand in hand most of the time.”

For enterprises, that means developing policies to control the use of social networks by employees. Organizations can instruct employees not to mention the company name on social networking sites, for example, and can couple that with education on configuring privacy settings and general Web safety.

“Blocking access to social networking site[s] is not going to work in the long run,” said Chenxi Wang, an analyst with Forrester Research. “As younger employees join the work force, they increasingly expect to have access to social networking sites from work, [so] having such a restrictive policy will damage the company’s [prospects of attracting] employees and ultimately may become a competitive advantage [to competitors].”

As for basic security advice, Tanase advised users to limit the code executed inside their browsers to trusted sources only and to make sure the operating system, anti-virus application and other software are fully patched and up-to-date.

“When talking about social networks, even though they are made of users wandering throughout cyber-space, we should not forget we’re actually talking about real people, actual human beings that have friends and relationships,” he said. “These relationships are usually based on trust, so the bad guys are trying to exploit this trust.” 

http://www.eweek.com/c/a/Security/Social-Networks-10-Times-as-Effective-for-Hackers-Malware-892010/?kc=rss

Tags: , , , , , , ,
No Comments »

The FAA was successfully attacked

compliance, Recent News | Posted by Dave
May 08 2009

Note from Dave:  Soon I hope to start writing some more original content, until then I will continue to post hacker related news on here.  The reason I am post these articles is simple, Cyber Security is not an option.  Many businesses get it, others not so much.  If the FAA and the Pentagon can be successfully hacked,  how safe do you think you really are?  Better to understand your weaknesses and try to mitigate those vulnerabilities than to put you head back in the sand.

 

Dave

 

Hackers have broken into the air traffic control mission-support systems of the U.S. Federal Aviation Administration several times in recent years, according to an Inspector General report sent to the FAA this week.

In February, hackers compromised an FAA public-facing computer and used it to gain access to personally identifiable information, such as Social Security numbers, on 48,000 current and former FAA employees, the report said.

Last year, hackers took control of FAA critical network servers and could have shut them down, which would have seriously disrupted the agency’s mission-support network, the report said. Hackers took over FAA computers in Alaska, becoming “insiders,” according to the report dated Monday.

Then, taking advantage of interconnected networks, hackers later stole an administrator’s password in Oklahoma, installed “malicious codes” with the stolen password and compromised the FAA domain controller in the Western Pacific Region, giving them the access to more than 40,000 FAA user IDs, passwords, and other data used to control a portion of the mission-support network, the report said.

And in 2006, a virus spread to the air traffic control (ATC) systems, forcing the FAA to shut down a portion of its systems in Alaska, according to the report.

The attacks so far have primarily disrupted mission-support functions, but attacks could spread over network connections from those areas to the operational networks where real-time surveillance, communications and flight information is processed, the report warned.

“In our opinion, unless effective action is taken quickly, it is likely to be a matter of when, not if, ATC systems encounter attacks that do serious harm to ATC operations,” the report concluded.

 

An audit of the FAA’s air traffic control cybersecurity protection measures finds them lacking and says there have been several breaches by hackers and a virus.

(Credit: U.S. Department of Transportation, Office of Inspector General)

 

The breaches were possible because Web applications that support the air traffic control system operations are not properly secured to prevent unauthorized access and network intrusion-detection software is not adequately being used to monitor and detect cyberattacks, the report concluded.

The FAA’s increasing use of commercial software and Internet Protocol-based technologies as part of an effort to modernize the air traffic control systems poses a higher security risk to the systems than when they relied primarily on proprietary software, the report said.

“Now, attackers can take advantage of software vulnerabilities in commercial IP products to exploit ATC systems, which is especially worrisome at a time when the Nation is facing increased threats from sophisticated nation-state-sponsored cyber attacks,” the report said.

In general, the nation’s critical infrastructure is increasingly at risk as previously isolated and closed systems are moved to the Internet and commercial software, like Windows, is used, security experts have said.

The air traffic control system auditors said they discovered more than 760 high-risk vulnerabilities in the Web applications tested, including holes that provided “front-door access” to the systems and could allow attackers to inject malicious code onto FAA user computers. Web applications were not adequately configured and the applications with known vulnerabilities were not patched in a timely manner, auditors found.

Meanwhile, intrusion detection systems (IDS) are deployed at only 11 of hundreds of air traffic control facilities and none of the IDS sensors is installed to monitor operational systems at those sites, the report said. Cyber incidents are not effectively monitored or fixed quickly, the report concluded.

In 2008, more than 870 cyber incident alerts were issued to the organization responsible for air traffic control operations and by the end of the year 17 percent (more than 150 incidents) had not been remediated, “including critical incidents in which hackers may have taken over control” of operations computers, the report said.

The FAA is “identifying and fixing weaknesses,” FAA spokeswoman Laura Brown told The Wall Street Journal. “We are working on developing security architecture for that whole system.”

However, Brown dismissed the notion that hackers could get access to critical air traffic control operational systems.

The audit of the air traffic control systems was requested by the ranking minority members of the House Committee on Transportation and Infrastructure and its Aviation Subcommittee.

 

http://news.cnet.com/8301-1009_3-10236028-83.html

Tags: , , , , , , ,
No Comments »

FBI Probes Hacker’s $10 Million Ransom Demand for Stolen Medical Records

Recent News | Posted by Dave
May 06 2009


The FBI is investigating a $10 million ransom demand by a hacker or hackers who say they have stolen nearly 8.3 million patient records from a Virginia government Web site that tracks prescription drug abuse, an FBI official confirmed Wednesday.

The state police in Virginia are also investigating the possible breach of confidential records.

The FBI official said the Virginia Information Technologies Agency (VITA) referred the case to the FBI last week, asking for help.

Asked whether people’s personal information is secure, the official said he couldn’t say.

“I really can’t make a declarative statement as to whether anyone’s information is in jeopardy at this point,” the official said.

Asked whether people have been notified that their information may have been breached, the official said it would be up to VITA to do that.

http://www.foxnews.com/story/0,2933,519187,00.html

Tags: , , , ,
No Comments »

Suprise! Crime is going up in a bad economy!

Recent News | Posted by Dave
Apr 09 2009

Report says online crime surging in recession

 

 

By Jason Szep

Reuters
Monday, March 30, 2009; 3:53 PM
 

BOSTON (Reuters) – Fraud on the Internet reported to U.S. authorities increased by 33 percent last year, rising for the first time in three years, and is surging this year as the recession deepens, federal authorities said on Monday.

Internet fraud losses reported in the United States reached a record high $264.6 million in 2008, according to a report released on Monday from the Internet Fraud Complaint Center, run by the FBI and the National White Collar Crime Center.

Online scams originating from across the globe — mostly from the United States, Canada, Britain, Nigeria and China — are gathering steam this year with a nearly 50 percent increase in complaints reported to U.S. authorities in March alone.

“2009 is shaping up to be a very busy year in terms of cyber-crime,” the report’s author, John Kane, told reporters in a telephone briefing.

Last year’s losses compared with $239.1 million in 2007 and dwarfs the $18 million of losses of 2001.

The most common complaint of 2008 was non-delivery of promised merchandise, followed by auction fraud, credit card fraud and investment scams, according to the report.

Of 275,284 complaints received by the center in 2008, some 72,940 were referred to U.S. law enforcement agencies for prosecution. Those referrals spiked this year with 40,000 in the first quarter alone, said Kane.

“It is our belief that these numbers, both the complaints filed and the dollars, represent just a small tip of the iceberg,” said Kane, managing director of the National White Collar Crime Center in Richmond, Virginia.

UNDERREPORTED CRIME

“Our own research suggests that as few as 15 percent of cases of cyber-fraud are being reported to crime control agencies,” he said.

Scammers in the United States comprised 66 percent of complaints referred to authorities, followed by Britain at 11 percent, Nigeria 7.5 percent, Canada 3 percent and China 1.6 percent. Within the United States, the bulk originated in California (16 percent), followed by New York and Florida.

Fraudulent sales on online auction sites like eBay Inc and classified sites like craigslist.com contributed to a 32 percent rise in the hottest area of online fraud — non-delivery of promised merchandise, the report said.

That area alone made up about 33 percent of all complaints serious enough to be referred to law enforcement.

Other important areas included investment scams such as mini-versions of the $65 billion Ponzi scheme committed by New York financier Bernard Madoff in which money from new investors is used to pay existing investors.

About 74 percent of the scams were through e-mail messages last year, especially spam, while about 29 percent used websites. But criminals were increasingly tapping new technologies such as social networking sites and instant messenger services, said Kane.

The report highlights one new “significant’ identity-theft scam involving e-mail messages that give the appearance of originating from the FBI but seek bank account information to help in investigations of money being transferred to Nigeria. Recipients of the e-mails are told they could be richly rewarded by cooperating.

The report said almost 80 percent of known perpetrators of online scams are male. Of those bringing complaints, nearly half are between the ages of 30 and 50. The median dollar loss was $931 per complaint, although the median losses for check fraud reached $3,000 and that for investment scams was $2,000.

(Editing by Bill Trott)

Tags: , , ,
No Comments »