Television Development Community
Daily Report - January 8, 2010
Top Story - Mobility and Convergence, Virus and Malware -- From the mSecurity Survey 2009 Part 2 - Mobile Virus/Malware: Mobility and convergence will be two of the biggest challenges for information security professionals over the coming years. Employees and customers alike are using high-powered Smartphones, such as the iPhone and Google’s Android, that can access data over high-speed radio networks (3G and HSDPA) and WiFi. They can store gigabytes of data on internal flash memory and removable storage media and run enterprise applications. In short, they have the opportunity to transform the way that we carry out business and access enterprise information.
More and more organisations are allowing their employees to use ‘open’ mobile phones, i.e. mobile phones running operating systems that allow the user to download applications and access dual networks, GSM and WiFi, to be used for business purposes.
62 percent of company mobile phones are procured by an office management function and only 40 percent of information security professionals have any input into their purchase.
13 percent of organisations currently protect their mobile phones against the threat of mobile phone viruses. This figure is set to rise to 54 percent by the end of 2010 as organisations feel that the threat from mobile phone viruses will increase.
GI believes that the threat from mobile viruses is currently low but with the rising adoption of datacentric applications on Smartphones, including financial services, GI feels that the threat will rise from 2010 onwards.
In the last couple of years the percentage of mobile messaging traffic (SMS/MMS/Email) that is defined as spam or malware has risen from approximately 2% to between 20-30% of total traffic – and between 14-22% of this figure is considered to be malicious.
Last year’s iPhone worms could be just the start of a concerted attack on Smartphones. The threat is increased by the proliferation of mobile App stores with users downloading applications, most of them free, to their Smartphones.
GI believes that companies must seriously consider the consequences of an unprotected corporate mobile phone being infected with malware that could potentially upload all of that phone’s data to a criminal server.
Register free to access the report: Goode Intelligence
January 7, SC Magazine – (International) Deployment of mobile security software is on the agenda for more than half of companies this year. More than half of companies are planning to deploy mobile anti-virus products and services this year. According to the second part of the Mobile Security 2009 Survey by Goode Intelligence, 54 per cent of the organizations surveyed plan to deploy mobile anti-virus products and services, with 33 percent planning to deploy mobile anti-virus products and services by March 2010. The remaining 67 percent plan to deploy by September 2010. The survey reveals that while nearly 71 per cent of organizations currently feel that the threat from mobile phone viruses is low, this number drops significantly for the perceived threat by 2011, with only 21 percent believing the risk to be low and 29 percent forecasting that the risk will be high or very high. This rise in awareness and plans for deployment has been welcomed by Acumin Consulting who co-produced the report. The marketing manager said that it was “reassuring to see that mSecurity is being taken seriously and becoming more of a priority for the IT and security functions.”
Source: http://www.scmagazineuk.com/deployment-of-mobile-security-software-...
January 7, DarkReading – (National) Industry group plans cyber attack simulation. A financial services industry group is planning to simulate a series of cyber attacks to test how well banks, payment processors and retailers deal with online threats. The Financial Services Information Sharing and Analysis Center (FS-ISAC), a group formed in response to a 1998 Presidential security directive, on January 5 invited financial institutions, retailers, card processors, and businesses of all sizes to participate in its Cyber Attack against Payment Processes (CAPP) Exercise. “FS-ISAC in conjunction with a variety of industry partners is testing their members’ emergency response, notification, and communication procedures in response to a number of different types of cyber attacks against payment processes,” the group’s Web site says. “The three-day exercise will simulate a different attack scenario each day. Detailed result collection is kept confidential.” The CAPP event is scheduled for February 9 through 11, 2010. Participants will be expected to activate their incident response procedures in accordance with the scenario presented and to complete an anonymous survey to evaluate their organization’s response. “When cyber security threats occur, swift and well-planned reactions can mean the difference between business continuity and business catastrophe,” said FS-ISAC’s president and CEO in a statement. “This is especially true with cyber attacks against payment processes. FS-ISAC is eager to provide payment systems participants with this unique opportunity to test their readiness to respond to major cyber attack incidents.” The incidence of such incidents has been rising.
Source: http://www.darkreading.com/security/attacks/showArticle.jhtml?artic...
January 4, Associated Press – (Arizona) Rights group texts police sweep warnings. An advocate for immigrant and civil rights has started using text messages to warn residents about crime sweeps by a high-profile Arizona sheriff. The director of the nonprofit immigrant advocacy group Respect/Respeto is the trunk of a sophisticated texting tree designed to alert thousands of people within minutes to the details of the sweeps, which critics contend are an excuse to round up illegal immigrants. The Maricopa County Sheriff said his opponents are walking a line between exercising free speech and breaking the law by helping immigration violators avoid detection. He said the texts are possibly even tipping off human-smuggling organizations.
Source: http://www.cbsnews.com/stories/2010/01/04/national/main6051585.shtml
January 7, Computerworld – (International) Large-scale attacks exploit unpatched PDF bug. A week before Adobe is scheduled to patch a critical vulnerability in its popular PDF software, hackers are actively exploiting the bug with both targeted and large-scale attacks, a security researcher said January 7. The SANS Institute’s Internet Storm Center (ISC) reported on January 4 that they had received samples of a new rigged PDF document that hijacked PCs using a bug Adobe acknowledged December 14. Later last month, Adobe said it would not patch the bug until January 12. In his write-up of the sample, a ISC analyst called the attack PDF “sophisticated” and its use of egg-hunt shellcode “sneaky.” “Egg-hunt shellcode” is a term for a multi-stage payload used when the hacker can’t determine where in a process’ address space the code will end up. A security intelligence manager at Symantec confirmed that the malicious PDF exploited the Adobe Reader and Acrobat vulnerability, but unlike the ISC analyst, said it wasn’t out of the ordinary. “It’s not particularly novel or sophisticated,” the security intelligence manager said.
Source: http://www.computerworld.com/s/article/9143259/Large_scale_attacks_...
January 7, The Register – (International) Easily spoofed traffic can crash routers, Juniper warns. Juniper Networks is warning customers of a critical flaw in its gateway routers that allows attackers to crash the devices by sending them small amounts of easily-spoofed traffic. In an advisory sent on January 6, the networking company said a variety of devices could be forced to reboot by sending them internet packets with maliciously formed TCP options. The flaw affects versions 3 through 10 of Junos, the operating system that powers devices at ISPs, backbones, and other large networks. Software releases built on or after January 28, 2009 have already fixed the issue. “The Junos kernel will crash (i.e. core) when a specifically crafted TCP option is received on a listening TCP port,” the bulletin, which was issued by Juniper’s technical assistance center, stated. “The packet cannot be filtered with Junos’s firewall filter. A router receiving this specific TCP packet will crash and reboot.” There are “no totally effective workarounds,” the bulletin added. It is unclear how many Juniper systems remain vulnerable or exactly when customers began installing patches. But the wording of the bulletin was enough to make some security watchers pay close heed, particularly since the Junos ACL, or access control list, was powerless to prevent the attacks.
Source: http://www.theregister.co.uk/2010/01/07/juniper_critical_router_bug/
January 6, Computerworld – (National) FTC to examine cloud privacy concerns. In a development likely to be closely watched by Google Inc., Amazon.com, Microsoft Corp. and other vendors, the Federal Trade Commission (FTC) is examining potential threats to consumer privacy and data security posed by cloud computing services. The agency will hold a roundtable session on January 28, and another later this year, to gather information from industry stakeholders and to study ways of protecting consumer privacy in cloud environments. The FTC plan was also detailed in a letter sent last month to the Federal Communications Commission. The letter was filed in response to a request for comment on a national broadband plan that is being drawn up by the FCC. In its letter, the FTC said it wants to be sure the FCC pays attention to technologies such as cloud computing and identity management in drawing up its plans. The letter, signed by the director of the FTC’s Bureau of Consumer Protection, highlighted some of the cost benefits of cloud computing services but also expressed concerns at the associated risks. The letter, dated December 9, was dug up by The Hill blog, which reported the story recently. “The ability of cloud computing services to collect and centrally store increasing amounts of consumer data, combined with the ease with which such centrally stored data may be shared with others, create a risk that larger amounts of data may be used by entities in ways not originally intended or understood by consumers,” the director warned.
Source: http://www.computerworld.com/s/article/9143192/FTC_to_examine_cloud...
January 6, The Register – (International) Hacker pierces hardware firewalls with web page. On January 5, a hacker demonstrated a way to identify a browser’s geographical location by exploiting weaknesses in many WiFi routers. Now, the same hacker is back with a simple method to penetrate hardware firewalls using little more than some javascript embedded in a webpage. By luring victims to a malicious link, the attacker can access virtually any service on their machine, even when it’s behind certain routers that automatically block it to the outside world. The method has been tested on a Belkin N1 Vision Wireless router, and the hacker says he suspects other devices are also vulnerable. “What this means is I can penetrate their firewall/router and connect to the port that I specified, even though the firewall should never forward that port,” the hacker told the Register. “This defeats that security by visiting a simple web page. No authentication, XSS, user input, etc. is required.” The hacker’s proof-of-concept page forces the visitor to submit a hidden form on port 6667, the standard port for internet relay chat. Using a hidden value, the form surreptitiously coerces the victim to establish a DCC, or direct client-to-client, connection. Vulnerable routers will then automatically forward DCC traffic to the victim’s internal system, and using what’s known as NAT traversal an attacker can access any port that’s open on the local system. For the hack to work, the visitor must have an application such as file transfer protocol or session initiation protocol running on his machine. The hack does not guarantee an attacker will be able to compromise that service, but it does give the attacker the ability to probe it in the hope of finding a weak password or a vulnerability that will expose data or system resources.
Source: http://www.theregister.co.uk/2010/01/06/web_based_firewall_attack/
The abstracts above are selected from today's DHS Daily Open Source Infrastructure Report (Daily Report). The Daily Report is collected each week day as a summary of open-source published information concerning significant critical infrastructure issues. Each Daily Report is divided by the critical infrastructure sectors and key assets defined in the National Infrastructure Protection Plan. Items selected by Cybercrime.TV are drawn from Banking and Finance, Information Technology, and Communications, as well as other sectors when an item is computer-related.
More and more organisations are allowing their employees to use ‘open’ mobile phones, i.e. mobile phones running operating systems that allow the user to download applications and access dual networks, GSM and WiFi, to be used for business purposes.
62 percent of company mobile phones are procured by an office management function and only 40 percent of information security professionals have any input into their purchase.
13 percent of organisations currently protect their mobile phones against the threat of mobile phone viruses. This figure is set to rise to 54 percent by the end of 2010 as organisations feel that the threat from mobile phone viruses will increase.
GI believes that the threat from mobile viruses is currently low but with the rising adoption of datacentric applications on Smartphones, including financial services, GI feels that the threat will rise from 2010 onwards.
In the last couple of years the percentage of mobile messaging traffic (SMS/MMS/Email) that is defined as spam or malware has risen from approximately 2% to between 20-30% of total traffic – and between 14-22% of this figure is considered to be malicious.
Last year’s iPhone worms could be just the start of a concerted attack on Smartphones. The threat is increased by the proliferation of mobile App stores with users downloading applications, most of them free, to their Smartphones.
GI believes that companies must seriously consider the consequences of an unprotected corporate mobile phone being infected with malware that could potentially upload all of that phone’s data to a criminal server.
Register free to access the report: Goode Intelligence
January 7, SC Magazine – (International) Deployment of mobile security software is on the agenda for more than half of companies this year. More than half of companies are planning to deploy mobile anti-virus products and services this year. According to the second part of the Mobile Security 2009 Survey by Goode Intelligence, 54 per cent of the organizations surveyed plan to deploy mobile anti-virus products and services, with 33 percent planning to deploy mobile anti-virus products and services by March 2010. The remaining 67 percent plan to deploy by September 2010. The survey reveals that while nearly 71 per cent of organizations currently feel that the threat from mobile phone viruses is low, this number drops significantly for the perceived threat by 2011, with only 21 percent believing the risk to be low and 29 percent forecasting that the risk will be high or very high. This rise in awareness and plans for deployment has been welcomed by Acumin Consulting who co-produced the report. The marketing manager said that it was “reassuring to see that mSecurity is being taken seriously and becoming more of a priority for the IT and security functions.”
Source: http://www.scmagazineuk.com/deployment-of-mobile-security-software-...
January 7, DarkReading – (National) Industry group plans cyber attack simulation. A financial services industry group is planning to simulate a series of cyber attacks to test how well banks, payment processors and retailers deal with online threats. The Financial Services Information Sharing and Analysis Center (FS-ISAC), a group formed in response to a 1998 Presidential security directive, on January 5 invited financial institutions, retailers, card processors, and businesses of all sizes to participate in its Cyber Attack against Payment Processes (CAPP) Exercise. “FS-ISAC in conjunction with a variety of industry partners is testing their members’ emergency response, notification, and communication procedures in response to a number of different types of cyber attacks against payment processes,” the group’s Web site says. “The three-day exercise will simulate a different attack scenario each day. Detailed result collection is kept confidential.” The CAPP event is scheduled for February 9 through 11, 2010. Participants will be expected to activate their incident response procedures in accordance with the scenario presented and to complete an anonymous survey to evaluate their organization’s response. “When cyber security threats occur, swift and well-planned reactions can mean the difference between business continuity and business catastrophe,” said FS-ISAC’s president and CEO in a statement. “This is especially true with cyber attacks against payment processes. FS-ISAC is eager to provide payment systems participants with this unique opportunity to test their readiness to respond to major cyber attack incidents.” The incidence of such incidents has been rising.
Source: http://www.darkreading.com/security/attacks/showArticle.jhtml?artic...
January 4, Associated Press – (Arizona) Rights group texts police sweep warnings. An advocate for immigrant and civil rights has started using text messages to warn residents about crime sweeps by a high-profile Arizona sheriff. The director of the nonprofit immigrant advocacy group Respect/Respeto is the trunk of a sophisticated texting tree designed to alert thousands of people within minutes to the details of the sweeps, which critics contend are an excuse to round up illegal immigrants. The Maricopa County Sheriff said his opponents are walking a line between exercising free speech and breaking the law by helping immigration violators avoid detection. He said the texts are possibly even tipping off human-smuggling organizations.
Source: http://www.cbsnews.com/stories/2010/01/04/national/main6051585.shtml
January 7, Computerworld – (International) Large-scale attacks exploit unpatched PDF bug. A week before Adobe is scheduled to patch a critical vulnerability in its popular PDF software, hackers are actively exploiting the bug with both targeted and large-scale attacks, a security researcher said January 7. The SANS Institute’s Internet Storm Center (ISC) reported on January 4 that they had received samples of a new rigged PDF document that hijacked PCs using a bug Adobe acknowledged December 14. Later last month, Adobe said it would not patch the bug until January 12. In his write-up of the sample, a ISC analyst called the attack PDF “sophisticated” and its use of egg-hunt shellcode “sneaky.” “Egg-hunt shellcode” is a term for a multi-stage payload used when the hacker can’t determine where in a process’ address space the code will end up. A security intelligence manager at Symantec confirmed that the malicious PDF exploited the Adobe Reader and Acrobat vulnerability, but unlike the ISC analyst, said it wasn’t out of the ordinary. “It’s not particularly novel or sophisticated,” the security intelligence manager said.
Source: http://www.computerworld.com/s/article/9143259/Large_scale_attacks_...
January 7, The Register – (International) Easily spoofed traffic can crash routers, Juniper warns. Juniper Networks is warning customers of a critical flaw in its gateway routers that allows attackers to crash the devices by sending them small amounts of easily-spoofed traffic. In an advisory sent on January 6, the networking company said a variety of devices could be forced to reboot by sending them internet packets with maliciously formed TCP options. The flaw affects versions 3 through 10 of Junos, the operating system that powers devices at ISPs, backbones, and other large networks. Software releases built on or after January 28, 2009 have already fixed the issue. “The Junos kernel will crash (i.e. core) when a specifically crafted TCP option is received on a listening TCP port,” the bulletin, which was issued by Juniper’s technical assistance center, stated. “The packet cannot be filtered with Junos’s firewall filter. A router receiving this specific TCP packet will crash and reboot.” There are “no totally effective workarounds,” the bulletin added. It is unclear how many Juniper systems remain vulnerable or exactly when customers began installing patches. But the wording of the bulletin was enough to make some security watchers pay close heed, particularly since the Junos ACL, or access control list, was powerless to prevent the attacks.
Source: http://www.theregister.co.uk/2010/01/07/juniper_critical_router_bug/
January 6, Computerworld – (National) FTC to examine cloud privacy concerns. In a development likely to be closely watched by Google Inc., Amazon.com, Microsoft Corp. and other vendors, the Federal Trade Commission (FTC) is examining potential threats to consumer privacy and data security posed by cloud computing services. The agency will hold a roundtable session on January 28, and another later this year, to gather information from industry stakeholders and to study ways of protecting consumer privacy in cloud environments. The FTC plan was also detailed in a letter sent last month to the Federal Communications Commission. The letter was filed in response to a request for comment on a national broadband plan that is being drawn up by the FCC. In its letter, the FTC said it wants to be sure the FCC pays attention to technologies such as cloud computing and identity management in drawing up its plans. The letter, signed by the director of the FTC’s Bureau of Consumer Protection, highlighted some of the cost benefits of cloud computing services but also expressed concerns at the associated risks. The letter, dated December 9, was dug up by The Hill blog, which reported the story recently. “The ability of cloud computing services to collect and centrally store increasing amounts of consumer data, combined with the ease with which such centrally stored data may be shared with others, create a risk that larger amounts of data may be used by entities in ways not originally intended or understood by consumers,” the director warned.
Source: http://www.computerworld.com/s/article/9143192/FTC_to_examine_cloud...
January 6, The Register – (International) Hacker pierces hardware firewalls with web page. On January 5, a hacker demonstrated a way to identify a browser’s geographical location by exploiting weaknesses in many WiFi routers. Now, the same hacker is back with a simple method to penetrate hardware firewalls using little more than some javascript embedded in a webpage. By luring victims to a malicious link, the attacker can access virtually any service on their machine, even when it’s behind certain routers that automatically block it to the outside world. The method has been tested on a Belkin N1 Vision Wireless router, and the hacker says he suspects other devices are also vulnerable. “What this means is I can penetrate their firewall/router and connect to the port that I specified, even though the firewall should never forward that port,” the hacker told the Register. “This defeats that security by visiting a simple web page. No authentication, XSS, user input, etc. is required.” The hacker’s proof-of-concept page forces the visitor to submit a hidden form on port 6667, the standard port for internet relay chat. Using a hidden value, the form surreptitiously coerces the victim to establish a DCC, or direct client-to-client, connection. Vulnerable routers will then automatically forward DCC traffic to the victim’s internal system, and using what’s known as NAT traversal an attacker can access any port that’s open on the local system. For the hack to work, the visitor must have an application such as file transfer protocol or session initiation protocol running on his machine. The hack does not guarantee an attacker will be able to compromise that service, but it does give the attacker the ability to probe it in the hope of finding a weak password or a vulnerability that will expose data or system resources.
Source: http://www.theregister.co.uk/2010/01/06/web_based_firewall_attack/
The abstracts above are selected from today's DHS Daily Open Source Infrastructure Report (Daily Report). The Daily Report is collected each week day as a summary of open-source published information concerning significant critical infrastructure issues. Each Daily Report is divided by the critical infrastructure sectors and key assets defined in the National Infrastructure Protection Plan. Items selected by Cybercrime.TV are drawn from Banking and Finance, Information Technology, and Communications, as well as other sectors when an item is computer-related.
Views: 0
Comment
© 2012 Created by Cybercrime.TV.
You need to be a member of CYBERCRIME.TV to add comments!
Join CYBERCRIME.TV