Tag Archives: malware

Cyberattacks on the Rise

AscentiveCybersecurity information from the Ascentive team

New cybercrime statistics published by HP reveal that the cost of cyber attacks has risen more than 50%* since last year, and IT security expert Stu Sjouwerman cautions that number is likely to grow. As the founder and CEO of Internet Security Awareness Training (ISAT) firm KnowBe4, Sjouwerman (pronounced “shower-man”) has made it his mission to learn the increasingly sophisticated tactics used by the latest generation of cybercriminals – and to educate small and medium enterprises (SMEs) on how to recognize and avoid them.

According to the Second Annual Cost of Cyber Crime Study, which was sponsored by ArcSight (an HP company) and conducted by the Ponemon Institute, survey respondents reported losses between $1.5 million and $36.5 million per year due to cyber attacks. Collectively, their median annualized cost was $5.9 million – a 56% increase over the $3.8 million figure reported in the July 2010 study. Other key findings announced by HP: the frequency of cyber attacks has increased nearly 45%, and the time and cost to resolve them has risen. The study’s findings indicate that a single attack now takes an average of 18 days and $416,000 to correct.

As many executives and entrepreneurs have learned the hard way, today’s cybercriminals are stepping up their efforts with stealthy tactics and sophisticated technology. This latest study shows that cyber attacks and their related costs are rapidly growing, so business need to be proactive in combating cybercrime if they want to avoid financial loss,” cautioned Sjouwerman.

To educate SMEs on the evolution of cybercrime – and help them better understand what they’re up against today – KnowBe4 provides an overview of the “Five Generations of Cybercrime” on its website. “While the first generation of hackers were more interested in notoriety than financial gain, today’s cybercriminals – Generation Five – are more likely to be operating within organized crime syndicates and profiting handsomely from their schemes,” Sjouwerman explained. “Coding skills are no longer required. Tools and malware are readily available through a thriving underground market, so even a relative novice could quickly get in on the action.”

Among the alarming developments Sjouwerman and his KnowBe4 colleagues are seeing today are:

  • · Licensed malware complete with technical support
  • · Cybercrime social networks with escrow services
  • · “Pay-for-play” malware infection services
  • · Botnet rentals for cybercrime sprees

Sjouwerman believes that the reason so many companies are falling victim to cybercrime is because they’re not taking proactive measures to prevent it. He attributes the growth of the criminal enterprise to a false sense of security among executives at SMEs and a lack of training among their employees. “Many people assume antivirus software and an IT team are sufficient protection against cyber attacks. But the fact is that cybercriminals can bypass corporate security measures simply by tricking one employee into clicking a link. With one click, malware can be instantly downloaded to a computer and quickly spread across an entire network. And in most cases, the employee is completely unaware he or she has just given cybercriminals open access to company systems.”

Photo Credit


Google’s Android Market Website May Change Phishing, Malware Distribution

Google recently made it easier for its mobile customers to download apps on their computer and install them on their mobile phones. In this same update, the company also made it much easier for their mobile customers to transfer and spread malware, according to a recent report from security research firm Sophos.
Google updated the website for its Android Market, allowing users to download apps on their computer and access them on their mobile devices. This enhances the app downloading experience by providing additional information, through a website accessed on a larger PC screen, and offering a website for the Android Market to customers who may prefer a website format over an app.
Vanja Svajcer, principal virus researcher at SophosLabs, examined the new Android Market website for security and protective standards, downloading a popular game also available on the iPhone. According to Svajcer, Google is generally secure in its standards for downloading apps, providing permission requests designed to ensure the user is aware of everything he or she downloads. Early in the investigation, these standards appeared prevalent and functional in the Android Market website, according to Svajcer.
“The most important security aspect of the installation process on Android are the permissions an app requires on a device after the installation. Android users should particularly carefully read the required permissions before they install any applications, from the official Android Market or any other source,” Svajcer wrote in a recent company blog post. “As expected, the web-based Android Market displays the required permissions so that the user can make an informed decision about whether to install the application.”
This process is flawed on the new system, according to Svajcer, because of an exploit Google researchers have been aware of since last year. Because the system begins downloading an application as soon as the user clicks the install button on the website, the INSTALL_ASSET intent vulnerability, discovered by Jon Oberheide last year, could facilitate the distribution of malicious mobile web apps.
“In summary – if someone managed to steal your Google password they could trick your Android smartphone into installing software, without you having to grant permission on the device itself,” Svajcer wrote.
This vulnerability, and its presence on the new Android Market website, is presenting an entirely new dynamic in phishing and password strength for Google users.
“The result of all this is that a Google password suddenly becomes even more valuable for potential attackers, and I would not be surprised to see even more Gmail phishing attacks as a consequence,” Svajcer wrote. “In future, however, the phishers’ intention may not be to use stolen account credentials for the purposes of sending spam but to install malware on the user’s Android devices instead.”
Mobile malware, which grew 33 percent last year, is set to become more complex and common in 2011, according to AdaptiveMobile.


News from Clutter Free PC: The Demon In Your Mailbox

From Clutter Free PC :

“Help!  There’s a demon in my mailbox!”

Email users may have received a confusing message in their inbox from a mysterious address called MAILER-DAEMON. The message typically comes in response to an email previously sent by the user. The email that comes from the mailer-daemon return address is sent because of a failure in the original message sent by the user.

Specifically, the mailer-daemon is software stored in email servers that automatically delivers messages. The software goes through all email sent throughout the internet. Users are not contacted by the mailer-daemon software if there are no problems with any messages. The software exists to ensure the messages are properly addressed and sent, and only sends out its reply messages to users who have attempted to send a message that has an inherent problem.

The mailer-daemon informs senders of a failure in an email message that prevents it from being delivered to its original destination. This failure could be the result of a problem with the email address typed into the “to” section, such as a misspelling or a mistake. Another failure could be the result of a server problem with the email account, which should be fixed automatically in a matter of time.

The most common reasons for mailer-daemon alert messages are the account the message is addressed to does not exist, or the server – the information listed after @ – does not exist. Most of the time, problems that cause a mailer-daemon message are harmless and relatively easy to fix.

However, a message from mailer-daemon software may be an important sign that the recipients computer has been infected by malware that is using it as a launch point for spam email messages.

A common reason for the mailer-daemon message is the account that sent the message has been blacklisted by the receiving company. The mailer-daemon sets up the blacklist from email accounts that have sent an alarming amount of spam messages. Because certain types of malware infect computers and automatically send spam messages from users’ email addresses, an email account could be sending bulk messages without its registered account owner knowing about them. The mailer-daemon does not acknowledge the malware that causes the spam messages because it is designed to keep problem messages out of its respective server, simply sending the spam message back.

Email users who regularly receive messages from mailer-daemon software from multiple sources may be infected by malware. Certain worms and viruses infect computers and copy their victims’ email account information, using them later as sending addresses for spam attacks. As the account information is copied, and the spam messages are sent from a remote location, users may have a difficult time locating the virus and finding out their email address was used to send bulk messages.

To determine why they are receiving constant mailer-daemon messages, users should run a scan of their computer for malware. Regular computer scans can be important to detecting malware some users may not know about. Locating and removing a virus through a computer scan can eliminate mailer-daemon messages, as the software that was sending spam from the user’s email account is removed altogether.  You can find more information  about protecting your computer from attacks on the Ascentive website, or visit Clutter Free PC for software assistance.

Also, installing a protective software to prevent malware infections can eliminate the threat of malicious software from affecting users’ email accounts.

While the first steps to solving the mailer-daemon issue should be to check the accuracy of the recipient and server of sent email messages, scanning for malware could be a solution to prevent regular mailer-daemon messages.