Homeland security is understandably a hot topic right now as the U.S. remembers the 9/11 terrorist attacks that took place 10 years ago. In light of the aftermath and the advances in technology since then, a new report by the Intelligence and National Security Alliance warns that the U.S. needs to take steps to increase cyber intelligence that can better predict and prevent cyber attacks.
There’s more news from the China front today, but this tidbit is a little more sinister than a dry piece on PC sales numbers. For a long time, the Chinese government has been rumored to be the hidden hand behind cyber attacks across the world. They’ve always denied any wrongdoing. But now, it appears that a Chinese military propaganda documentary has inadvertently (or not) tipped China’s hand and shown proof of the nation’s role in hack attacks.
The US's cyber strategy sucks – just ask the Pentagon. They're not shy about the problem, and in fact, just yesterday they were all too ready to provide an example; earlier this spring, "foreign intruders" managed to get hold of over 24,000 Pentagon files in one of the worst security breaches in US military history.
According to the Security Labs Report released by M86 Security Labs, advanced cyber attacks are both on the rise and becoming ever more sophisticated in nature.
"We're seeing that as one way the attackers are specifically trying to get around some of the security technologies in the marketplace," said Bradley Anstis, vice president of technology strategy at M86.
Also in the report was a list of the top 10 countries hosting malicious code, with the U.S. topping the list at 43.3 percent. In a distant second was China with 14.1 percent, followed by Russia and Germany with 4.1 percent and 3.7 percent, respectively.
Some 75 percent of organizations have been the target of a successful cyber attack in the past year, suggests a new study by security firm Symantec. According to Symantec's 2010 State of Enterprise Security study, companies on average lose $2 million annually as a result of these attacks.
"Protecting information today is more challenging than ever," said Francis deSouza, senior vice president, Enterprise Security, Symantec Corp. "By putting in place a security blueprint that protects their infrastructure and information, enforces IT policies, and manages systems more efficiently, businesses can increase their competitive edge in today’s information-driven world."
The study also found that 42 percent of organizations rate security their top issue, especially as enterprise security becomes more difficult due to understaffing.
The study represents responses from 2,100 enterprise CIOs, CISOs, and IT manager from 27 countries, Symantec said.
Cybercriminals have a lot in common with the Periplaneta americana, the common household cockroach. They seek out the dark, poking and prodding for ways to get in where they are unwanted. In their case it isn’t food, but the misery of computer users they seek out. And, just like cockroaches, once you think you’ve got them blocked, they find a new way in.
Kaspersky Labs’ Cyberthreat Forecast for 2010 says that IT managers and users are becoming more savvy, making fake programs, gaming Trojans, or web sites less useful for cybercriminals. Instead, it looks like they’ll be focusing their attention on P2P networks, botnets, and mobile platforms.
P2P networks will be used to support malware attacks. According to Kaspersky: “This method has been used to spread notorious threats such as TDSS and Virut as well as the first backdoor for Mac OS X. In 2010, we expect to see a significant increase in these types of incidents on P2P networks.”
Mobile platforms, iPhone and Android, will also be more frequently targeted. Kaspersky suspects that iPhone users, without compromised handsets, will be okay, but that Android users might be in for some pain: “The increasing popularity of mobile phones running the Android OS combined with a lack of effective checks to ensure third-party software applications are secure, will lead to a number of high-profile malware outbreaks.”
As for botnets, Kaspersky sees them as offering profitable possibilities by manipulating Internet traffic: “In the future, we foresee the emergence of more "grey" schemes in the botnet services market. These so-called "partner programs" enable botnet owners to make a profit from activities such as sending spam, performing denial of service (DoS) attacks or distributing malware without committing an explicit crime.”
Lastly, Kaspersky sees Google Wave as a potential target for 2010. It’s new. It’s untested. And therefore it’s vulnerable. Kaspersky says: “Attacks on this new Google service will no doubt follow the usual pattern: first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware.”