In a blog post today, Google has revealed some details on what it says was an unusually coordinated series of cyber-attacks launched against it in December. The attacks, which originated in China, were apparently aimed at gaining access to the Gmail accounts of a number of advocates for human rights in China. Google says only two accounts appear to have been accessed, and even then only basic details like subject lines and date stamps were taken.
As part of their investigation, Google claims to have discovered that dozens of human rights activists the world over have had unauthorized individuals access their Google accounts. This was not part of the December attacks, but was likely the result of phishing. Google has apparently plugged the holes that were exploited, but they aren’t done yet.
The Google.cn domain was launched in 2006 when the internet giant agreed to censor some search results. At the time, Google indicated they would monitor the situation, and adjust their approach if needed. According to the blog post, “These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China.”
So starting now, Google says they will stop filtering search results in China. The Mountain View based company plans to discuss with the Chinese government the possibility of operating an unfiltered search engine. If that is not possible, the Google.cn domain may be shut down along with the Chinese Google offices. Is this a good move for Google? Should a commitment to free speech outweigh the lucrative nature of the Chinese market? Or maybe this move is just long overdue.
Google's Chrome OS has garnered a lot of attention in recent times. Early glimpses, however, don't quite justify the hype. Many tech savants have already written off the operating system as nothing more than a sexed up browser. However, it is still a little early for obituaries as Google may have a trump hiding up its sleeve. McAfee is one company that acknowledges the possibility of Chrome OS living up to all the hype.
According to its latest report titled "2010 Threat Predictions,"the operating system may become a prime target for hackers in the eventuality of it becoming rife. The security company fears that Chrome OS's dependence on HTML5 - allows web apps both online and offline access to a user's PC - will endear it to hackers. "When a technology is widely used and adopted, the bad guys will latch onto it before the good guys do,"said McAfee's director of security research, David Marcus. McAfee also expects the popularity of Adobe software among hackers to soar to such levels that it may become the most targeted application software in 2010.
The report had a word of caution for users of social networking sites as well. They might become more vulnerable in the new year as such sites come under increased attack. The report specifically mentioned the use of URL-shortening services in spreading malicious links through the social web.
McAfee, maker of computer security software, has released a report detailing their take on the threats computer users will face in 2010. The bad news is not only will threats increase, they’ll be emphasizing different areas than in the past. The good news--McAfee expects that law enforcement efforts will be more effective against cybercrime than in the past.
According to the report, McAfee “foresees an increase in threats related to social networking sites, banking security, and botnets, as well as attacks targeting users, businesses, and applications.” In particular, McAfee predicts, social networking sites will be subject to more sophisticated threats; HTML 5 will create new opportunities for malware writers; email attachments will continue to plague recipients; banking Trojans will become more clever; and the use of botnets will expand.
In what might be considered good news for Microsoft, long a prime target for malware, McAfee says that Adobe software, in particular Acrobat Reader and Flash, will now be the principal focus of malware creators.
McAfee expects that some of this shift/increase will be mitigated by a more sophisticated approach by law enforcement, which McAfee says is finally wising-up to the threat: “[T]he U.S. Secret Service, Australian Federal Police, Royal Canadian Mounted Police, U.K. National Crime Squad, and law enforcement organizations in other parts of the world were reorganizing themselves to create high-tech crime centers dedicated to investigations of cybercrime.” McAfee concludes, “that in 2010 we’ll see many more successes in the pursuit of organized cybercriminals.”
We all know that the increasing sophistication of technology opens up literally dozens of new opportunities for those wanting to inflict harm on that technology’s users. The Internet is, if anything, an object lesson for this truism. Once the Internet became mainstream, so to did viruses, spybots, DOS attacks, and all the other nastiness we collectively refer to as malware. One long term weaknesses in the security armor of the Internet is cross-site scripting (XSS). For the better part of a decade it has for Internet users left a door wide open to an unwanted destructive potential.
Michael Sutton, the vice president of security research at Zscaler, says that XSS typically needs a user to click a link, such as those that appear in spam or phishing efforts, which then strikes back at the user. But, he continues, XSS is becoming more sophisticated. Rather than being limited to a user-web site interaction, Sutton says that XSS efforts can now work within a web platform, such as a social networking environment, spreading itself readily among all users in the social network’s ecosystem.
Sutton also says that such sophisticated attacks, so far, have been by “[b]ored and bright individuals...tinkering with the concept”, and that “true criminals wait on the sidelines ready to move in when traditional techniques fail to achieve desired goals.” Translation: another malware threat to be concerned about. Not today, perhaps, but definitely tomorrow.
Solutions aren’t all that difficult. Users could quit doing stupid things. For instance, if you don’t know where an email originated, don’t click the link it contains. But, let’s face it, there’ll always be one or two of us who do it anyway. Which means that another level of protection is needed. Sutton says that’s got to be developers--they need to be more vigilant about writing into code the necessary protections for web programs, such as Microsoft has done with Internet Explorer 8.
Traditionally, the lowlifes running botnets have made due with shared hosting provided by shady ISPs. As these crimes become higher profile, enforcement has stepped up resulting in many of these ISPs going offline. To address this dilemma it looks like some purveyors of malware have started buying their own data centers.
It’s actually depressingly easy to do. The people running a botnet need only acquire a block of IP addresses from one of the Regional Internet Registries (RIR) or Local Internet Registries (LIR). These regulatory bodies are only supposed to be handing out IP blocks to large companies, ISPs, and telecoms. Turns out the RIRs aren’t doing their due diligence in investigating applications. Once the bad guys get the IP addresses, they buy some servers in a data center, and they become their own ISP.
This effectively takes away the best point of attack for authorities. “If there's a problem, who are you going to talk to? It's a different ball game now. These guys are buying their own data centers. These LIRs and RIRs aren't going to push back if you say you need a /24 or /16. They're not the Internet police," said Alex Lanstein of FireEye Research. The process is becoming common is places like Europe and the Caribbean. What’s worse, getting the IP addresses back can take a lot of time and effort. The procedures just don’t exist. The solution? Well, there isn’t one right now, but if you have an idea, we’d love to hear it in the comments.
Cybercriminals have a lot in common with the Periplaneta americana, the common household cockroach. They seek out the dark, poking and prodding for ways to get in where they are unwanted. In their case it isn’t food, but the misery of computer users they seek out. And, just like cockroaches, once you think you’ve got them blocked, they find a new way in.
Kaspersky Labs’ Cyberthreat Forecast for 2010 says that IT managers and users are becoming more savvy, making fake programs, gaming Trojans, or web sites less useful for cybercriminals. Instead, it looks like they’ll be focusing their attention on P2P networks, botnets, and mobile platforms.
P2P networks will be used to support malware attacks. According to Kaspersky: “This method has been used to spread notorious threats such as TDSS and Virut as well as the first backdoor for Mac OS X. In 2010, we expect to see a significant increase in these types of incidents on P2P networks.”
Mobile platforms, iPhone and Android, will also be more frequently targeted. Kaspersky suspects that iPhone users, without compromised handsets, will be okay, but that Android users might be in for some pain: “The increasing popularity of mobile phones running the Android OS combined with a lack of effective checks to ensure third-party software applications are secure, will lead to a number of high-profile malware outbreaks.”
As for botnets, Kaspersky sees them as offering profitable possibilities by manipulating Internet traffic: “In the future, we foresee the emergence of more "grey" schemes in the botnet services market. These so-called "partner programs" enable botnet owners to make a profit from activities such as sending spam, performing denial of service (DoS) attacks or distributing malware without committing an explicit crime.”
Lastly, Kaspersky sees Google Wave as a potential target for 2010. It’s new. It’s untested. And therefore it’s vulnerable. Kaspersky says: “Attacks on this new Google service will no doubt follow the usual pattern: first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware.”
Malware is no easy thing to get rid of--bandwidth-hogging botnets in particular. One small chink in Internet security armor is all it takes for malware to thrive. Recognizing that no one entity can combat malware alone, the German Federal Office for Information Security (BSI), the Association of the German Internet Industry (eco), and German Internet service providers (ISPs) have come together to establish a malware clean-up helpline for Germany.
The three groups will work together to identify malware and remove it from the system. ISPs will be on the frontline, hunting down infected computers. ISPs will inform the owner of a machine suspected of infection, and direct her to a website with information on how to cleanse her computer. If the website’s advice doesn’t resolve the problem, the computer owner will be directed to a call center where realtime help will be available.
Germany’s need for the service is a great one indeed. Germany ranks third on the international scale for the number of infected computers. This new venture, according to eco, has raised safety awareness among German computer users. With the addition of professional support to remove malware, eco hopes to see Germany out of the top ten.
As if there weren't already enough infected websites floating around in cyberspace, security researchers are warning of a new mass injection attack that has already compromised more than 130,000 Internet destinations since the attacks first began in late November.
Researchers say the nasty code is a rogue IFrame being used to exploit visitors and inject their PCs with a banking trojan.
"The injected IFrame loads the first stage of malicious content from 318x.com. A series of IFrames and code redirections (invisible to the user) then ensues, culminating in a rather curious methoed for managing the final payload," explains mary Landesman, serior security researcher at Web security company ScanSafe, now part of Cisco.
Landesman says the redirects are used to determine the potential victim's web browser, Flash Player version, and other details. Using that information, only exploits relevant to that person's setup are used.
McAfee used its SiteAdvisor technology to crawl the web and test domains for security threats--a total of 27 million domains in all. Overall, McAfee reports that 5.8% of them were a problem. The percentage of risky sites is up over 2007 and 2008, but, McAfee says, because of a change in methodology it’s not possible to say the Internet has become more risky.
The places to avoid? By Top Level Domain (TLD) they are .CM (Cameroon), with a risk factor of 36.7%, .COM (Commercial), 32.3%, .CN (People’s Republic of China), 23.4%, .WS (Samoa), 17.8%, and .INFO (Information), 15.8%. For downloads the worst place to be is .RO (Romania).
The safest places to play on the Internet (and perhaps the least interesting), are .GOV (Government), .JP (Japan), .EDU (Education), .IE (Ireland), and .HR (Croatia).
The Untied States sits toward the top of the risky list, ranked 17th, with a risk ratio of 3.1%.
McAfee also says the likelihood of receiving spam if registering with an email address has dropped from 7.6% to 2.8%. And the percent of sites delivering viruses, spyware or adware has edged down, from 4.7% to 4.5%. (McAfee cautions that this last finding doesn’t mean there are fewer Potentially Unwanted Programs (PUPs) in the tubes, but rather they are getting harder to detect using standard procedures.)
Overall, sites registered in the Americas, Europe, the Middle East, and Africa are relatively safe. Sites registered in the Asia-Pacific region are not.
For those of us who download applications, programs, extensions, or really anything off the Internet in great frequency, what's the best way to keep a computer completely protected from external threats? I'm talking about locking down your system tighter than a Supermax prison--not impacting your ability to carry out your everyday tasks, rather, making sure that you're protected from attack at your PC's primary entry points.
That's exactly what I'll be exploring in this week's freeware roundup: The five best free applications for keeping your computer as secure as can be. If you aren't running some combination of these freeware and open-source apps, well, you only have yourself to blame if your system gets infected with something unpleasant!