Tag Archive for Network security

| May 8, 2012
Comments Off on Unknown Malware Rampant in Enterprise Networks

Unknown Malware Rampant in Enterprise Networks

Unknown Malware Rampant in Enterprise NetworksUnknown malware plague enterprise networks according to network security company Palo Alto Networks. Help Net Security reports that Palo Alto Networks found hundreds of unique, previously unknown malware samples on live networks. Palo Alto Networks conducted the research with their new WildFire malware analysis engine.

DarkReading says that the cloud-based WildFire analysis engine found that seven percent of all unknown files analyzed contained malware. WildFire is a new service recently announced by Palo Alto Networks that integrates in-line firewalling with automated cloud-based malware analysis. Over a three-month period of analyzing unknown files from the Internet entering enterprise networks,the firm discovered more than 700 unique malware samples, 57 percent of which had no coverage by any antivirus service or were unknown by Virus Total at the time of discovery. Out of all the new malware identified, 15 percent also generated malicious or unknown outbound command and control traffic.

The firewalls identify unknown and potentially malicious files by executing them in a virtual cloud-based environment to expose malicious behavior even if the malware has never been seen in the wild before. Wade Williamson, Senior Security Analyst at Palo Alto Networks says, “WildFire is taking sandbox technology out of the lab and applying it to a real product … customers can detect and protect themselves against malware using the hardware that they already have deployed today.”

automatically generates new signaturesFor malicious files, Palo Alto Networks automatically generates new signatures for both the file itself and for any traffic generated by the malicious file. These signatures are then distributed with regular signature updates, as well as providing the user with actionable analysis of exactly how the malware behaves, who was targeted, and what application delivered the threat.

“I think we were all a bit surprised by the volume and frequency with which we were finding unknown malware in live networks,” the Senior Security Analyst said. “Unknown malware often represents the leading edge of an organized attack, so this data really underscores the importance of getting new anti-malware technologies out of the lab and into the hands of IT teams who are on the front lines. The ability to detect, remediate and investigate unknown malware needs to become a practical part of a threat prevention strategy in the same way that IPS and URL filtering are used today.

MalwarePalo Alto Networks found that a variety of web applications distributed zero-day malware, in addition to the traditional HTTP web-browsing and email traffic commonly associated with malware distribution. WildFire was able to identify specific phishing campaigns based on their affinity for particular applications. One attacker used AOL Mail and another used the Hotfile file hosting service as the delivery vector.

It’s important to note this because many enterprises only inspect email or FTP traffic for malware but do not have the ability to scan other applications. Applications that tunnel within HTTP or other protocols can carry malware that will be invisible to a traditional anti-malware solution,” said Williamson. “These are examples of the big reasons why a lot of malware gets missed – most enterprises only focus on scanning their corporate email application. To control this problem we need to expand our view to other applications, pull the traffic apart, and go a level deeper in to find out if there’s a file transfer happening.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| February 19, 2011
Comments Off on Hackers Can Target Cars

Hackers Can Target Cars

Hackers Can Target CarsWired reports that over 100 drivers in Austin, TX found their cars disabled or the horns honking out of control. This happened after an intruder ran amok in a web-based vehicle-immobilization system called Webtech Plus (PDF). Webtech Plus is normally used to get the attention of consumers delinquent in their auto payments. The app is operated by Cleveland-based Pay Technologies system. It allows car dealers to install a black box in the vehicle that responds to commands issued through a central website and relayed over a wireless pager network.

How he got in

Austin police claim the perpetrator was Omar Ramos-Lopez, a former Texas Auto Center employee who was laid-off. The hacker allegedly sought revenge by bricking the cars sold from the Austin-area dealership. Reportedly Mr. Ramos-Lopez’s account was closed when he was terminated but he allegedly got in through another employee’s account. At first, the intruder targeted specific customers. The attacker later moved to access the database of all 1,100 customers whose cars were equipped with the device. It is charged that he went through the database, vandalizing the records, disabling the cars, and setting off the horns.

Cars are targets

The Webtech attack was an external attack but Bob Brammer, CTO, and VP at Northrop Grumman Information Systems (NOC)  told GovInfo Security that cars themselves are likely to become targets. Mr. Brammer points out that most cars contain 50 to 100 or more tiny computers. The computers are controlled by over 100 megabytes of code that control the accelerator, brakes, displays, steering, etc. All of these systems can be accessed through a diagnostic port that serves as the vehicles’ USB port. Mr. Brammer cites a study published in an IEEE journal. “It’s possible to take over a car, controlling the brakes, the accelerator, the steering wheel, despite whatever the driver might want to do. Our automobiles are highly vulnerable from a cybersecurity view.

The paper, Experimental Security Analysis of a Modern Automobile, (PDF) says the potential attack window could widen as more automakers offer vehicle-to-vehicle and vehicle-to-infrastructure communications networks to third-party development, “An attacker who is able to infiltrate almost any electronic control unit can leverage this ability to completely circumvent a broad array of safety-critical systems.”  GigaOm cites data from iSuppli that Wi-Fi in automobiles will be integrated into 7.2 million cars by 2017.

The researchers said they took control of a number of the car’s functions and the driver could do nothing about it. They bypassed basic network security protections within the car. They then embedded malicious code in the telematics unit to erase evidence of the hack’s presence after a crash.

More theoretical than practical

I luv your PCMr. Brammer, for now, sees the threat to cars as more theoretical than practical. But he says it demonstrates that we must think about cyber-security more broadly than we have in the past. “As the trend is to put more IT into everything that we do – whether it’s cars, airplanes, power grids, water supplies, whatever – we have to think about the security aspects of the design. These systems, within reason, have to be able to withstand certain types of attempts to attack or exploit them. That’s a terrible thing have to say, but I think that’s the way world is these day.”

Wi-Fi can give attackers an entry point into critical systems. Professor Stefan Savage of the University of California, San Diego told Technology Review. “In a lot of car architectures, all the computers are interconnected, so that having taken over one component, there’s a substantive risk that you could take over all the rest of them. Once you’re in, you’re in.” This could lead to brakes failing or the steering wheel seizing on scores if not hundreds of cars simultaneously, causing catastrophic crashes.

rb-

Cars have become more computerized. They are linked through Wi-Fi and 3G networks making our daily transportation vulnerable to hackers and cyber-attacks. Cyber-terrorists could target cars to begin the chain of events leading to a Hollywood-style disaster. Hopefully, the Auto manufacturers are going to tighten up the security of our cars. They will delay improving security if safety belts and airbags are examples.

Will the auto industry tighten the security onboard cars?

Will the government have to step in?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Cars | Tags: , , , , , , , , ,
| August 28, 2010
Comments Off on New School Year Same Security Threats

New School Year Same Security Threats

New School Year Same Security Threats Another school year is starting up and security firm WatchGuard has a list of the top threat to school IT systems as classes start up again. Eric Aarrestad, Vice President at privately held WatchGuard Technologies says, “With so much at risk and so much to gain by cybercriminals, today’s campus is one of the most dangerous IT environments around.” He continues, “Unlike enterprise organizations that can throw substantial resources towards network and data protection, schools and universities are more constrained, yet they face some of the most demanding security challenges due to the dynamic interaction between students and their school’s IT resources.”

Top threats at school

WatchGuard’s top at school threats include:

watchguard_logoSocial Networks The security firm calls social networks, the number one threat to school and university networks is social networks, such as Facebook and MySpace. Unfortunately, social networks act as an ideal platform to launch a myriad of attacks against students and departments, including spam, viruses, malware, phishing, and more. Adding to this, socially engineered attacks are often extremely successful due to the “trusted” environment that social networks create.

Malware As students and teachers use the web for educational purposes, the Seattle-based firm company says many unwittingly expose themselves to drive-by downloads or corrupted websites, which inject malicious forms of software on their computers. Once infected, they risk becoming victims of identity theft or loss of personal information via spyware and keyloggers.

Viruses Today, email remains one of the primary ways of delivering viruses. According to the release, recent surveys suggest that 27 percent of users fail to keep their antivirus signatures which may, in any case, be unable to up stop the new generation of viruses with polymorphic properties.

Botnets The privately held security firm estimates that 15 to 20 percent of all school and university computers connected to the Internet are part of a botnet. As part of a botnet, school and university systems can be used in a variety of unknown exploits, including spam delivery, denial of service attacks, click-fraud, identity theft, and more.

Phishing scams continue to get more advanced and selective, with students being specifically targeted. WatchGuard claims that phishing attacks via social networks achieve a success rate of over 70 percent.

Hacking In a recent survey of education IT professionals, 23 percent ranked student hackers as one of their greatest threats to network security.

Access Control Usage of mobile devices and wireless access to education IT resources continues to plague network administrators. As the use of mobile devices escalates, schools will face increasing challenges in managing authorized network access according to the security vendor.

WatchGuard Technologies provides a variety of Internet security software and hardware products, including firewalls, virtual private network (VPN) appliances, and anti-virus applications under the XTM, XCS, and e-Series brands.

Related articles
  • The Science of Cyber Security (usnews.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,