Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Security / Recently Commented

UK's Utility Companies and Large Financial Firms Facing Major Cyber Espionage Attacks

Industrial espionage probes are being waged on companies that provide UK's national infrastructure and on similar organizations across Europe, security experts have warned. Mark Oram, head of information security knowledge department at the Centre for the Protection of National Infrastructure (CPNI), said the instances of political, economic and technical spying were more common than cyber-terrorism attacks. "We see frequent attacks on organizations for the purpose of intellectual property theft that we would not obviously classify as an attack on infrastructure," he said. more»

Economic Crisis Fueling New Cybercrime Wave, According to UK Cybercrime Report

The number of cybercrimes committed in the UK soared last year driven by a huge increase in online financial fraud, according to a report released by online identity firm Garlik. "Our annual UK cybercrime report in collaboration with leading criminologists indicates that online financial fraud grew significantly jumping nearly twenty percent to 250,000 incidents in 2007 compared with 207,000 in 2006." more»

Malicious Email Attachments Spiked Last Quarter

IT security and control firm Sophos has released the results of its investigation into the latest spam trends and revealed the top twelve spam-relaying countries for the third quarter of 2008. The figures show an alarming rise in the proportion of spam emails sent with malicious attachments between July and September 2008, as well as an increase in spam attacks using social engineering techniques to snare unsuspecting computer users. more»

Domain Slammers Go Phishing

ICANN introduced a requirement for domain name registrars to send out annual notices to all their customers (registrants) to check the Whois on their domain names to ensure the information is correct. While this seemed fairly reasonable (if cumbersome), the fact is it confuses the heck out of people -- and creates a whole lot of confusion for registrants. But that was a problem we could deal with. Fast-forward to October, 2008... more»

Anti-Phishing Working Group Join Domain Registrars in Fight Against Phishing

The Anti-Phishing Working Group (APWG), in consultation with the ICANN Registrar Constituency and several domain name registrars, has published a "best practices" advisory for registrars to help them implement mechanisms to make it more difficult to register and use domains for illicit uses such as phishing, a confidence scheme used to dupe consumers out of personal financial information. Several globally active registrars, including APWG members Go Daddy, the world's largest registrar and Network Solutions, the world's oldest commercial registrar, have already implemented or are planning to implement many of the best practices prescribed by the APWG's Anti-Phishing Best Practices Recommendations for Registrars, released this month. more»

Financially Based Cybercrime is Recession-Proof

According to experts, organized cybercrime is one "industry sector" that is not unhappy about the current global economic crisis. "One thing we've seen is financially based cybercrime is recession-proof," says Darren Mott, supervisory special agent for the FBI's Cyber Division. "With [this] changing economy, the only thing that changes is the way they go about obtaining their information." more»

ITU Criticized For Its Role in Cybersecurity Standardization

At EuroDIG, the first European Dialogue on Internet Governance, the scientists and experts of the Council of Europe have sharply criticised the International Telecommunication Union (ITU) for acting behind closed doors in its initiatives towards cybersecurity standardization. Bertrand de la Chapelle, godfather of the first EuroDIG on behalf of the French government, said EuroDIG should tell the ITU to allow all interest groups to participate in discussing new technology standards. The recent meeting in Strasbourg emphasized the idea of cooperation between governments, the industry and users as one of the central points to be presented at the UN Internet Governance Forum in Hyderabad. more»

Compromised Portfolios of Legitimate Domain Names for Sale

Is the demand for access to compromised legitimate portfolios of domain names -- where the price is based on the pagerank and is shaped by the number of domains in question -- the main growth factor for the increasing supply of such stolen accounting data? Or is it the result of cybercriminals data mining their botnets for accounting data that would provide them with access to such portfolios of high trafficked domains with clean reputation? more»

Co-Operation to Make the Domain Business More Secure

In order to provide more security for the Domain Name System (DNS), a group of large domain-name registries and registrars has got together with IT security providers and government agencies to launch a new workgroup: the "Registry Internet Safety Group" (RISG). The announcement was made by the Public Internet Registry, which operates the .org domain, and its backend provider Afilias. more»

Massive SQL Injection Attacks: The Chinese Way

From copycats and "localizers" of Russian web malware exploitation kits, to suppliers of original hacking tools, the Chinese IT underground has been closely following the emerging threats and the obvious insecurities on a large scale. They are either filling the niches left open by other international communities, or coming up with tools and setting new benchmarks for massive SQL injection attacks. more»

Energy Industry Number One Target by Cyber Criminals, According to New Study

Web security company, ScanSafe reports that, in the past quarter, companies in the Energy industry faced the greatest risk of Web-based malware exposure, at a 196% heightened risk compared to other verticals. The Pharmaceutical and Chemicals industry faced the second highest risk of exposure at 192% followed by the Construction & Engineering industry at 150%. The Media and Publishing industry were also among those at highest risk, with a 129% heightened risk compared to other verticals. more»

Direct Correlation Between Economic Cybercrime and Stock Market Declines, Reveals Security Group

Security researchers and PandaLabs have issued a security alert today revealing a direct correlation between the recent stock market volatility and the growth of new threats. According to firm, the two are tied together much more closely than previously thought and recent stock market instability has accelerated the volume of targeted cyber attacks and their relative impact on the economy over the last month and a half. In addition, analysts believe the recent spike in malware could be related to cybercriminals now having fewer possible targets as a result of consolidation within the banking industry. more»

The Growing Security Concerns… Don't Have Nightmares

Anyone concerned about the security of their computers and the data held on them might sleep a little uneasily tonight. Over the past few weeks we've heard reports of serious vulnerabilities in wireless networking and chip and pin readers, and seen how web browsers could fall victim to 'clickjacking' and trick us into inadvertently visiting fake websites. The longstanding fear that malicious software might start infecting our mobile phones was given a boost... And now a group of researchers have shown that you can read what is typed on a keyboard from twenty metres away... more»

IT Security Guide: "Financial Impact of Cyber Risk" Released by ANSI and ISA

The American National Standards Institute (ANSI) and the Internet Security Alliance (ISA) released today a new action guide to assist business executives in the analysis, management and transfer of financial risk related to a cyber attack. In 2004, the Congressional Research Service estimated the annual economic impact of cyber attacks on businesses -- which can come from internal networks, the Internet or other private or public systems -- to be more than $226 billion. In 2008, U.S. Department of Homeland Security Secretary Michael Chertoff named cyber risks one of the nation's top four priority security issues. more»

Secret Service, IBM, Others Form Alliance to Fight Cyber Crime, Identity Theft

A coalition of leading corporate, government and academic institutions today announced the formation of the Center for Applied Identity Management Research (CAIMR). CAIMR plans include developing research and solutions for identity management challenges such as cyber crime, terrorism, financial crimes, identity theft and fraud, weapons of mass destruction, and narcotics and human trafficking. The Center brings cross-disciplinary experts in criminal justice, financial crime, biometrics, cyber crime and cyber defense, data protection, homeland security and national defense to address identity management challenges that impact individuals, public safety, commerce, government programs and national security. more»