Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Security / Recently Commented

Malicious Email Attachments Spiked Last Quarter

IT security and control firm Sophos has released the results of its investigation into the latest spam trends and revealed the top twelve spam-relaying countries for the third quarter of 2008. The figures show an alarming rise in the proportion of spam emails sent with malicious attachments between July and September 2008, as well as an increase in spam attacks using social engineering techniques to snare unsuspecting computer users. more»

Domain Slammers Go Phishing

ICANN introduced a requirement for domain name registrars to send out annual notices to all their customers (registrants) to check the Whois on their domain names to ensure the information is correct. While this seemed fairly reasonable (if cumbersome), the fact is it confuses the heck out of people -- and creates a whole lot of confusion for registrants. But that was a problem we could deal with. Fast-forward to October, 2008... more»

Anti-Phishing Working Group Join Domain Registrars in Fight Against Phishing

The Anti-Phishing Working Group (APWG), in consultation with the ICANN Registrar Constituency and several domain name registrars, has published a "best practices" advisory for registrars to help them implement mechanisms to make it more difficult to register and use domains for illicit uses such as phishing, a confidence scheme used to dupe consumers out of personal financial information. Several globally active registrars, including APWG members Go Daddy, the world's largest registrar and Network Solutions, the world's oldest commercial registrar, have already implemented or are planning to implement many of the best practices prescribed by the APWG's Anti-Phishing Best Practices Recommendations for Registrars, released this month. more»

Financially Based Cybercrime is Recession-Proof

According to experts, organized cybercrime is one "industry sector" that is not unhappy about the current global economic crisis. "One thing we've seen is financially based cybercrime is recession-proof," says Darren Mott, supervisory special agent for the FBI's Cyber Division. "With [this] changing economy, the only thing that changes is the way they go about obtaining their information." more»

ITU Criticized For Its Role in Cybersecurity Standardization

At EuroDIG, the first European Dialogue on Internet Governance, the scientists and experts of the Council of Europe have sharply criticised the International Telecommunication Union (ITU) for acting behind closed doors in its initiatives towards cybersecurity standardization. Bertrand de la Chapelle, godfather of the first EuroDIG on behalf of the French government, said EuroDIG should tell the ITU to allow all interest groups to participate in discussing new technology standards. The recent meeting in Strasbourg emphasized the idea of cooperation between governments, the industry and users as one of the central points to be presented at the UN Internet Governance Forum in Hyderabad. more»

Compromised Portfolios of Legitimate Domain Names for Sale

Is the demand for access to compromised legitimate portfolios of domain names -- where the price is based on the pagerank and is shaped by the number of domains in question -- the main growth factor for the increasing supply of such stolen accounting data? Or is it the result of cybercriminals data mining their botnets for accounting data that would provide them with access to such portfolios of high trafficked domains with clean reputation? more»

Co-Operation to Make the Domain Business More Secure

In order to provide more security for the Domain Name System (DNS), a group of large domain-name registries and registrars has got together with IT security providers and government agencies to launch a new workgroup: the "Registry Internet Safety Group" (RISG). The announcement was made by the Public Internet Registry, which operates the .org domain, and its backend provider Afilias. more»

Massive SQL Injection Attacks: The Chinese Way

From copycats and "localizers" of Russian web malware exploitation kits, to suppliers of original hacking tools, the Chinese IT underground has been closely following the emerging threats and the obvious insecurities on a large scale. They are either filling the niches left open by other international communities, or coming up with tools and setting new benchmarks for massive SQL injection attacks. more»

Energy Industry Number One Target by Cyber Criminals, According to New Study

Web security company, ScanSafe reports that, in the past quarter, companies in the Energy industry faced the greatest risk of Web-based malware exposure, at a 196% heightened risk compared to other verticals. The Pharmaceutical and Chemicals industry faced the second highest risk of exposure at 192% followed by the Construction & Engineering industry at 150%. The Media and Publishing industry were also among those at highest risk, with a 129% heightened risk compared to other verticals. more»

Direct Correlation Between Economic Cybercrime and Stock Market Declines, Reveals Security Group

Security researchers and PandaLabs have issued a security alert today revealing a direct correlation between the recent stock market volatility and the growth of new threats. According to firm, the two are tied together much more closely than previously thought and recent stock market instability has accelerated the volume of targeted cyber attacks and their relative impact on the economy over the last month and a half. In addition, analysts believe the recent spike in malware could be related to cybercriminals now having fewer possible targets as a result of consolidation within the banking industry. more»

The Growing Security Concerns… Don't Have Nightmares

Anyone concerned about the security of their computers and the data held on them might sleep a little uneasily tonight. Over the past few weeks we've heard reports of serious vulnerabilities in wireless networking and chip and pin readers, and seen how web browsers could fall victim to 'clickjacking' and trick us into inadvertently visiting fake websites. The longstanding fear that malicious software might start infecting our mobile phones was given a boost... And now a group of researchers have shown that you can read what is typed on a keyboard from twenty metres away... more»

IT Security Guide: "Financial Impact of Cyber Risk" Released by ANSI and ISA

The American National Standards Institute (ANSI) and the Internet Security Alliance (ISA) released today a new action guide to assist business executives in the analysis, management and transfer of financial risk related to a cyber attack. In 2004, the Congressional Research Service estimated the annual economic impact of cyber attacks on businesses -- which can come from internal networks, the Internet or other private or public systems -- to be more than $226 billion. In 2008, U.S. Department of Homeland Security Secretary Michael Chertoff named cyber risks one of the nation's top four priority security issues. more»

Secret Service, IBM, Others Form Alliance to Fight Cyber Crime, Identity Theft

A coalition of leading corporate, government and academic institutions today announced the formation of the Center for Applied Identity Management Research (CAIMR). CAIMR plans include developing research and solutions for identity management challenges such as cyber crime, terrorism, financial crimes, identity theft and fraud, weapons of mass destruction, and narcotics and human trafficking. The Center brings cross-disciplinary experts in criminal justice, financial crime, biometrics, cyber crime and cyber defense, data protection, homeland security and national defense to address identity management challenges that impact individuals, public safety, commerce, government programs and national security. more»

$300 Million Annual Loss Due to Non-Cooperation in Fight Against Phishing

During a presentation today at the eCrime Researchers Summit in Atlanta, Georgia, security researchers revealed that average lifetime of malicious websites are often longer than they should be due to lack of communication and cooperation between security vendors. According to results, website lifetimes are extended by about 5 days when "take-down" companies -- often hired by Banks -- are unaware of the site. "On other occasions, the company learns about the site some time after it is first detected by someone else; and this extends the lifetimes by an average of 2 days," says Richard Clayton. more»

Global Threat to U.S. Cybersecurity a Major Concern, Says FBI

Shawn Henry, the newly appointed Assistant Director of FBI's Cyber Division has warned that "a couple dozen" countries are eager to hack U.S. government, corporate and military networks. Although specific details of countries in question were not discussed, reporters were informed during yesterday's meeting that cooperation with overseas law enforcements is of highest priority at FBI and so far there has been great success fostering partnerships. more»