Category Archives: malware

Cybercrime Statistics Expose Five Industries Most Susceptible to Phishing

Business news from the Ascentive team

Internet security awareness training firm KnowBe4 has released new cybercrime statistics that identify the nation’s most Phish-prone industry sectors, which are those most susceptible to cybercrime ploys. The top five industries vulnerable to cybercrime include travel, education, financial services, government services and IT services. These findings are based on a recent phishing experiment KnowBe4 conducted among small and medium enterprises featured in the latest Inc. 500 and Inc. 5000 listings.

Using the Inc.com website to obtain domain names and a free data-gathering service to find publicly available email addresses, KnowBe4 sent out a simulated phishing email to employees at more than 3,500 companies. Individuals who clicked the link were directed to a landing page that informed them they had just taken part in phishing research. The emails were successfully delivered to about 29,000 recipients at 3,037 businesses; and in nearly 500 of those companies, one or more employees clicked the link. Because of the potential for Internet security breaches among these businesses, KnowBe4 dubbed them the “Fail 500.”

“Any business that provides access to email or access to its networks via the Internet is only as safe from cybercrime to the degree that its employees are trained to avoid phishing emails and other cyberheist schemes. The more employees within an organization that use email or go online, the greater the risk of exposure to cybercrime,” said KnowBe4 founder and CEO Stu Sjouwerman.

KnowBe4 conducted a comprehensive data analysis of its FAIL500 study results, which included categorizing the companies into 25 industry sectors. The findings revealed that some industries are particularly vulnerable to cybercrime. Based on the percentage of companies in each sector that responded to the phishing email, the most Phish-prone industries are:

  • Travel – 25%
  • Education – 22.92%
  • Financial Services – 22.69%
  • Government Services – 21.23%
  • IT Services – 20.44%

Cybercriminals have become very sophisticated in their tactics, and Sjouwerman notes that they often target businesses through official-looking emails that appear to be sent by government agencies, business partners or even company executives. “Many of the top Phish-prone industries are regulated and subject to compliance rules, so well-meaning employees can be tricked into clicking a link if they believe an email was sent by a government or law enforcement agency, or by someone they know and trust. And with just one click, malware can be instantly uploaded to a system – bypassing both antivirus software and IT firewalls. A cyberheist can be underway within minutes.”

According to YourMoneyIsNotSafeInTheBank.org, small-business accounts suffered more than $40 million in cybercrime losses as of 2009. The website also cites FDIC figures indicating this type of crime increased five-fold within a 12-month period, and notes that the FBI is tracking hundreds of related cases. Small and medium-sized organizations have become the primary targets of the Eastern European hacker gangs behind this frightening new crime wave. These cybercriminals tend to prey on smaller businesses and banks that lack the cyber-fraud controls many larger institutions have in place.


Sony Apologizes for Network Breach

From FinallyFast

On Sunday Sony executives bowed in apology for a security breach in the company’s PlayStation Network that compromised the personal data of some 77 million user accounts. Kazuo Hirai, chief of Sony Corp.’s PlayStation video game unit, said parts of the service would be back this week and that the company would increase security measures, and promised that the company’s network services were under a basic review to prevent a recurrence. He also said the FBI and other authorities had been contacted to start an investigation into what the company called “a criminal cyber attack” on Sony’s data center in San Diego, California.

Sony said account information, including names, birth dates, email addresses and login information, was compromised for players using its PlayStation Network. Hirai asked all users to change their passwords, and noted that even though it had no direct evidence the data were even taken, it cannot rule out the possibility. He said data from 10 million credit cards were believed to be involved, and that Sony still does not know whether information was stolen or not.

Sony has now added software monitoring and enhanced data protection and encryption as new security measures, and will offer complimentary downloads and 30 days of free service worldwide. The network, which serves both the PlayStation video game machines and Sony’s Qriocity movie and music services, has been shut down since April 20. It is a system that links gamers worldwide in live play, and also allows users to upgrade and download games and other content. Hirai said Sony suspected it was under attack by hackers starting April 17.

According to Sony, of the 77 million PlayStation Network accounts, about 36 million are in the U.S. and elsewhere in the Americas, while 32 million are in Europe and 9 million in Asia, mostly in Japan. Pressure is mounting on Sony to restore services and compensate players. U.S. lawmakers have sent a letter to Hirai demanding answers by May 6 about the security breach and Sony’s response. Hirai said he had read the online version of the letter and would answer the questions as soon as possible.

Last month, U.S. lawyers filed a lawsuit against Sony on behalf of Kristopher Johns for negligent protection of personal data and failure to inform players in a timely fashion that their credit card information may have been stolen. The lawsuit seeks class-action status. Hirai said the network problems would not hurt or delay Sony’s product plans, which includes an upgrade to the PlayStation Portable and a gradual global rollout of the Qriocity service. Hirai denied Sony had purposely held off on releasing information about network problems, a criticism that some have expressed. He also said the service was shut down to prevent damage, and that time was needed to find out what had happened and who was responsible.


Google’s Android Market Website May Change Phishing, Malware Distribution

Google recently made it easier for its mobile customers to download apps on their computer and install them on their mobile phones. In this same update, the company also made it much easier for their mobile customers to transfer and spread malware, according to a recent report from security research firm Sophos.
Google updated the website for its Android Market, allowing users to download apps on their computer and access them on their mobile devices. This enhances the app downloading experience by providing additional information, through a website accessed on a larger PC screen, and offering a website for the Android Market to customers who may prefer a website format over an app.
Vanja Svajcer, principal virus researcher at SophosLabs, examined the new Android Market website for security and protective standards, downloading a popular game also available on the iPhone. According to Svajcer, Google is generally secure in its standards for downloading apps, providing permission requests designed to ensure the user is aware of everything he or she downloads. Early in the investigation, these standards appeared prevalent and functional in the Android Market website, according to Svajcer.
“The most important security aspect of the installation process on Android are the permissions an app requires on a device after the installation. Android users should particularly carefully read the required permissions before they install any applications, from the official Android Market or any other source,” Svajcer wrote in a recent company blog post. “As expected, the web-based Android Market displays the required permissions so that the user can make an informed decision about whether to install the application.”
This process is flawed on the new system, according to Svajcer, because of an exploit Google researchers have been aware of since last year. Because the system begins downloading an application as soon as the user clicks the install button on the website, the INSTALL_ASSET intent vulnerability, discovered by Jon Oberheide last year, could facilitate the distribution of malicious mobile web apps.
“In summary – if someone managed to steal your Google password they could trick your Android smartphone into installing software, without you having to grant permission on the device itself,” Svajcer wrote.
This vulnerability, and its presence on the new Android Market website, is presenting an entirely new dynamic in phishing and password strength for Google users.
“The result of all this is that a Google password suddenly becomes even more valuable for potential attackers, and I would not be surprised to see even more Gmail phishing attacks as a consequence,” Svajcer wrote. “In future, however, the phishers’ intention may not be to use stolen account credentials for the purposes of sending spam but to install malware on the user’s Android devices instead.”
Mobile malware, which grew 33 percent last year, is set to become more complex and common in 2011, according to AdaptiveMobile.


News from Clutter Free PC: The Demon In Your Mailbox

From Clutter Free PC :

“Help!  There’s a demon in my mailbox!”

Email users may have received a confusing message in their inbox from a mysterious address called MAILER-DAEMON. The message typically comes in response to an email previously sent by the user. The email that comes from the mailer-daemon return address is sent because of a failure in the original message sent by the user.

Specifically, the mailer-daemon is software stored in email servers that automatically delivers messages. The software goes through all email sent throughout the internet. Users are not contacted by the mailer-daemon software if there are no problems with any messages. The software exists to ensure the messages are properly addressed and sent, and only sends out its reply messages to users who have attempted to send a message that has an inherent problem.

The mailer-daemon informs senders of a failure in an email message that prevents it from being delivered to its original destination. This failure could be the result of a problem with the email address typed into the “to” section, such as a misspelling or a mistake. Another failure could be the result of a server problem with the email account, which should be fixed automatically in a matter of time.

The most common reasons for mailer-daemon alert messages are the account the message is addressed to does not exist, or the server – the information listed after @ – does not exist. Most of the time, problems that cause a mailer-daemon message are harmless and relatively easy to fix.

However, a message from mailer-daemon software may be an important sign that the recipients computer has been infected by malware that is using it as a launch point for spam email messages.

A common reason for the mailer-daemon message is the account that sent the message has been blacklisted by the receiving company. The mailer-daemon sets up the blacklist from email accounts that have sent an alarming amount of spam messages. Because certain types of malware infect computers and automatically send spam messages from users’ email addresses, an email account could be sending bulk messages without its registered account owner knowing about them. The mailer-daemon does not acknowledge the malware that causes the spam messages because it is designed to keep problem messages out of its respective server, simply sending the spam message back.

Email users who regularly receive messages from mailer-daemon software from multiple sources may be infected by malware. Certain worms and viruses infect computers and copy their victims’ email account information, using them later as sending addresses for spam attacks. As the account information is copied, and the spam messages are sent from a remote location, users may have a difficult time locating the virus and finding out their email address was used to send bulk messages.

To determine why they are receiving constant mailer-daemon messages, users should run a scan of their computer for malware. Regular computer scans can be important to detecting malware some users may not know about. Locating and removing a virus through a computer scan can eliminate mailer-daemon messages, as the software that was sending spam from the user’s email account is removed altogether.  You can find more information  about protecting your computer from attacks on the Ascentive website, or visit Clutter Free PC for software assistance.

Also, installing a protective software to prevent malware infections can eliminate the threat of malicious software from affecting users’ email accounts.

While the first steps to solving the mailer-daemon issue should be to check the accuracy of the recipient and server of sent email messages, scanning for malware could be a solution to prevent regular mailer-daemon messages.


New cyber crime techniques discovered

Cyber criminals are becoming even more elusive with their techniques, using new methods that pose threats some PC security standards have yet to address.

Security firm Stonesoft recently discovered “advanced evasion techniques,” or AETs, that cyber criminals use to get around firewalls or other protective measures. These methods are particularly dangerous to businesses, as they exploit certain enterprise software and applications to gain access to sensitive, protected data.

However, the firm stressed that these methods could spread to other cyber criminals and organizations that may apply them to more dangerous systems, including the Stuxnet and Zeus malware that have threatened national security and stolen millions of dollars.

“We have reason to believe that we have seen just the tip of the iceberg,” said Juha Kivikoski, chief operating officer at Stonesoft. “The dynamic and undetectable nature of these advanced evasion techniques has the potential to directly affect the network security landscape.”

Many current security standards do not address the format of AETs, leaving their systems vulnerable to advanced malware attacks.

“Field tests and experimental data show many of the existing network security solutions fail to detect AETs and thus fail to block the attack inside,” Stonesoft’s report said. “With only a select few products available to provide protection, organizations may be challenged to protect their systems quickly.”

However, the finding does pose a significant contribution to future web security solutions, as anti-malware software developers can apply their upcoming products to address these recently discovered cyber crime formats.

“The industry is facing a non-stop race against this type of advanced threats and we believe only dynamic solutions can address this vulnerability,” Kivikoski said.

The discovery signifies a similar breakthrough to prior malware systems. While new developments will not eliminate the threat of AETs in the wild, they will safeguard individual systems against infiltration. In the past, security developers have addressed successful, complex cyber crime methods and generated solutions to keep these threats out of protected computers. For example, the Conficker worm was discovered in 2008 as particularly successful malware that spread itself throughout devices connected in a similar network. Although a recent study found Conficker remains the most commonly found worm in the wild, most anti-malware software solutions safeguard computers from the threat associated with it, which generally target unprotected computers.

Security experts advise updating anti-malware software as new developments are released, in an effort to keep pace with the methods and techniques cyber criminals come up with.