Tag Archive for Security

| June 25, 2011
Comments Off on 40 Years of Malware – Part 2

40 Years of Malware – Part 2

40 Years of Malware - Part 22011 marks the 40th anniversary of the computer virus. Help Net Security notes that over the last four decades, malware instances have grown from 1,300 in 1990, to 50,000 in 2000, to over 200 million in 2010. Fortinet (FTNT) marks this dubious milestone with an article that counts down some of the malware evolution low-lights.

The Sunnyvale, CA network security firm says that viruses evolved from academic proof of concepts to geek pranks which have evolved into cybercriminal tools. By 2005, monetization of the virus scene was underway and almost all viruses developed for the sole purpose of making money via more or less complex business models. According to FortiGuard Labs, the most significant computer viruses over the last 40 years are:

See Part 1 Here – See Part 2 Here  – See Part 3 Here  – See Part 4 Here

1945 – A Bug is Born –  Grace Murray Hopper, a researcher at Harvard, notes a system failure and finds a moth trapped in relay panels.

1949 – Self-replicating programsJohn von Newman a researcher from Hungary published the theoretical base for computers that store information in their “memory”.

1962 – A group of Bell Telephone Labs researchers invents a game that destroys software programs.

1971 – The Creeper Virus appears on ARPANET, the forerunner of the Internet. It replicates itself and displays a message: “I’m the Creeper: Catch Me if You Can.”

1974 – The Wabbit – was a self-replicating program, that made multiple copies of itself on a computer until it bogs down the system to such an extent that system performance is reduced to zero and the computer eventually crashes. This virus was named wabbit because of the speed at which it was able to replicate.

Apple IIe1981 – Elk Cloner – the first widespread virus on the Apple (AAPL) II platform, spreads by the floppy disk and infects boot sectors, generating messages and impairing performance.

1983 –  The term “computer virus” comes into vogue after Professor Len Adleman at Lehigh University demonstrates the concept at a seminar.

1986 – The Brain is the first global epidemic on the PC platform and shows businesses and consumers are clueless about protection.

1987 – Jerusalem virus – On any Black Friday (Friday the 13th), it would delete any programs that were run, instead of infecting them, so it simply couldn’t be ignored,” Roger Thompson told News.com, Australia. “You couldn’t throw away your hard drive, and reformatting it didn’t remove the virus,” the chief research officer for AVG said.

BSD Daemon1988 – The Morris worm – created by Robert Tappan Morris, infects DEC VAX and Sun machines running BSD UNIX connected to the Internet and becomes the first worm to spread extensively “in the wild”, and one of the first well-known programs exploiting buffer overrun vulnerabilities.

1990 – Chameleon– the first documented polymorphic virus, malware that adapts and changes to avoid detection.

1992 – Michelangelo – was expected to create a digital apocalypse on March 6, with millions of computers having their information wiped according to mass media hysteria surrounding the virus.  Later assessments of the damage showed the aftermath to be minimal.

1995 –  Concept – the first Macro virus attacked Microsoft (MSFT) Word documents.

1996 – Laroux – the first Microsoft (MSFT) Excel virus, appears in the wild.

1999 – The Happy99 worm – invisibly attached itself to emails and would display fireworks to hide the changes being made then wished the user a happy New Year. It modified system files related to Microsoft (MSFT) Outlook Express and Internet Explorer (IE) on Windows 95 and Windows 98.

1999 – The Melissa worm targeted Microsoft (MSFT) Word and Outlook-based systems, and created considerable network traffic.

rb-

Back in the day, I had to deal with both Happy99 and Melissa, as well as the occasional Stoned. Melissa was the easiest to deal with since I was running a GroupWise shop at the time, once the news spread, we just pulled the Cat5 from the GWIA and we saw minimal blowback. Let’s hear it for technological diversity.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , ,
| June 22, 2011
Comments Off on Teachers Highly Susceptible To Phishing Attacks

Teachers Highly Susceptible To Phishing Attacks

Teachers Highly Susceptible To Phishing Attacks Internet Security Awareness Training (ISAT) firm KnowBe4 has released new cybercrime statistics that identify Education as one of the most Phish-prone™ industry sectors. Education is the second most susceptible sector to cybercrime ploys. DarkReading reports the percentage of companies in each sector that responded to the phishing emails are:

  • Travel – 25%
  • Education – 22.92%
  • Financial Services – 22.69%
  • Government Services – 21.23%
  • IT Services – 20.44%

KnowBe4 founder and CEO Stu Sjouwerman told DarkReading,  “Our cybercrime statistics should serve as a wake-up call … Not only are these businesses at risk for financial loss through a cyberheist, but their susceptibility to phishing tactics could compromise sensitive customer data such as credit card, bank account, and social security numbers.

These findings are based on a recent phishing experiment KnowBe4 conducted among enterprises featured in the latest Inc. 500 and Inc. 5,000 listings.

rb-

Having worked in K12 for a number of years, I saw lots of teachers and a few superintendents get caught by phishing traps, They would then complain to me why they and their organization has entered SPAM jail and then needed me to hit SORBS.net to get the mail flowing again.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| June 15, 2011
Comments Off on Investigating Internet Liability Insurance

Investigating Internet Liability Insurance

Investigating Internet Liability InsuranceEnterprises now face the question of determining the right kinds of cyber insurance to buy in addition to the other traditional insurance that covers the risk of doing business. Internet Evolution asks, “What would you pay to be insured against data loss or theft“? While cyber insurance of all kinds has been around for a while, more firms than ever are seriously considering it, as data breaches, Web fraud, and security breaches continue to make headlines.

chubb_logoTracey Vispoli, global financial fidelity manager for Chubb, told Internet Evolution, “Although I would still characterize business interest in cyber insurance as emerging, we saw a 40 percent growth in firms securing some form of Internet liability insurance in 2009.” Chubb provides Internet liability and other insurance coverage for businesses worldwide. “I’ve been talking with several insurance companies now about entering the cyber-insurance area,” says Paul Sop, CTO for computer security and consulting firm Prolexic Technologies Inc.

For insurers like Chubb, the Internet provides an opportunity to develop new products to meet emerging business needs. For potential business clients, Internet insurance plugs gaps in coverage that current business insurance policies don’t address. The article says the gaps include:

  • Website-related losses,
  • Website copyright infringements,
  • Cyber-attacks and
  • Unauthorized online access to customer information.

We encourage companies to think not only about their Web-based assets but also about their entire technology base when they consider insurance,” Ms. Vispoli told Internet Evolution. This includes not only cyber-attacks that directly target the Website from the Internet but also breaches of confidential corporate data such as customer and employee records. Ms. Vispoli explained that at least 45 states require a company whose data is compromised to send out official notifications to all those affected.

Someone from the outside can hack into your employee or customer information, and then there’s the financial pressure of not only fixing the breach and taking action, but also of notifying potentially hundreds of thousands of individuals whose information has been compromised.

The article says that the cost of notification alone can be worth insuring, but there are other costs as well. As recently as five years ago, companies were not required to send out notices nor did they spend the amount of money that it takes today to bring in a forensics team to analyze a cyber breach and find the hack.

The cost of Internet liability and other e-commerce-related insurance varies, depending on the risk factors a given organization presents. Internet Evolution says one of the variables is the amount of online sales it books each year. Common types of cyber-insurance that are available today include:

  • Technology professional liability,
  • Media errors and omissions,
  • Telecommunications professional liability and
  • Computer information and data security liability.

We are seeing an aggressive trend in businesses subscribing to cyber-insurance, especially in industry sectors like healthcare, financial services, retail, services companies like hotel chains and media,” Ms. Vispoli said in the article. “Depending on the size of the organization, we might be contacted for coverage information by a Chief Security Officer, or possibly by a CFO or CIO.” All of them see growing exposures from e-theft, e-fraud, compromise of critical data, loss of goodwill, e-threats, and vandalism, denial of service, copyright infringement, and regulatory compliance issues.

What do you think?

Does your organization have cyber insurance?

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| May 23, 2011
Comments Off on 40 Years of Malware – Part 1

40 Years of Malware – Part 1

40 Years of Malware - Part 1Twenty-five years ago, two brothers in Pakistan came up with one of the greatest annoyances in the modern world. Basit and Amjad Farooq Alvi developed the first major personal computer malware “Brain” in 1986 at their Lahore, Pakistan computer shop. Brain spread eventually spread across the world,  one infected floppy disk at a time.

– See Part 1 Here – See Part 2 HereSee Part 3 HereSee Part 4 Here

Floppy diskBrain was the first of what became known as “stealth viruses.” Because most 1980s computers only had tiny internal hard drives or none at all, everything had to be run from floppy disks. Brain would bury itself in the part of the disk necessary for running programs and infect any computer it ran into. It would then sit in the computer’s memory and infect new disks inserted into that machine as well. While Brain was relatively harmless, it was the mother of all viruses, which spawned a host of malicious malware.

Robert Slade, a senior instructor at the International Information System Security Certification Consortium (ISC2) told News.Com, Australia:

… the virus itself spreads far and wide without any reference to the original media and programs they were selling … Because this was a boot sector infector, it just spread on to any floppy disk that had been put into an infected machine.

There has been a great deal of speculation about why the brothers created the virus. So on the 25th anniversary, F-Secure (FSC1V) researcher Mikko Hypponen, who was among the first to analyze Brain, decided to track down the Farooq brothers and ask them about their groundbreaking work. Mr. Hypponen originally reverse-engineered the virus and discovered a short block of text with the phone number and address of the place where it was created buried within Brain’s code.  Amazingly enough, the brothers are still working at their company, Brain Telecommunications, which is still headquartered at the same Pakistan address near Lahore Railway Station listed in the virus code.

During the interview, the brothers explained how and why they created Brain, adding that they wrote the code primarily as an experiment to see how far it could spread via floppy disk. The brothers, who are now successful businessmen in Lahore, were quick to point out that Brain wasn’t destructive, and explicitly distanced themselves from the more malicious viruses that have sprung up in the past quarter of a century. To the Farooqs, today’s malware is rooted in pure criminality — something they denounce, but don’t feel entirely responsible for spawning. As they pointed out, if they hadn’t created the world’s first PC virus, someone else surely would have.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| May 21, 2011
Comments Off on 2/3 K-12 Networks Breached Multiple Times

2/3 K-12 Networks Breached Multiple Times

2 of 3 K-12 Networks Breached Multiple Times a YearPanda Security, a provider of cloud-based security software, recently released a report that says 63 percent of K-12 schools experience malware outbreaks or unauthorized user access at least twice a year.  The report, Kindergarten-12 Education IT Security Report (PDF), had some other interesting infobits.

Personal devices on K-12 networks

The survey reports that eighty-two percent of schools allow students and staff to connect personal computers and laptops to the school network. Panda says schools recognize outside devices introduce external risks, but they struggle to fully integrate security policies for multiple devices. Only 74 percent of districts are monitoring the use of external devices. Fifteen percent fail to take any extra security measures, leaving those school systems more vulnerable to infection.Pamda Laptop chart Most schools have implemented IT security best practices, there is still room for improvement reports Panda. The report says ninety percent of schools install anti-virus and/or anti-malware on computers, but nearly 25 percent fail to use firewalls, block high-risk websites, or employ user authentication. 86% prevented the use of very risky websites; while 89% mandated users install security software on their systems. Further, 15% of respondents acknowledged that there weren’t any extra security measures in their districts if they wanted to use laptops.Panda Best Pratices

Social media threats

Social media is a top concern for schools, but the stringency of school policy varies greatly. Ninety-five percent of schools have a social media policy in place, citing the mitigation of malware-related risks as the main reason for implementation. Twenty-nine percent of schools allow students unlimited access to social media sites, while 32 percent deny students access altogether.

Panda Social MediaSchools lack the funding to be secure. I have always said that schools face attacks from the inside and the outside. Insiders in a K-12 school network range from technically unsavvy to damn good malicious attackers. Despite this, the report says 72% of schools reported that budget limitations were the main obstacle, to better security and 38% reported non-availability of staff, and 29% of the schools, reported their IT staff had to attend to other more important tasks than IT security.  IT administrative staff at 38 percent of schools report removing viruses or malware from IT systems a few times a week, and 21 percent are doing this daily according to Panda.

With malware on the rise and new threats propagated through social media every day, having the right security tools in schools has never been more important. Security issues consume staff time, diverting attention from the business of education. Help Net Security quotes Rick Carlson, president of Panda Security US, who has a great grasp of the obvious, “While the Internet is an invaluable tool for education, it can cause serious interruptions to day-to-day operations if schools fail to properly address security concerns.”

rb-

Just to prove the point, the Oakland Press is reporting that 4 students at Romeo High School in Romeo, Michigan were caught allegedly intercepting 60 staff members’ emails, including the Superintendent after “something goofy” happened to the website. While I have no first-hand knowledge, the news did say the attackers went after people who read their emails on their cellphones. So more than likely it was some kind of Bluesnarfing attack, maybe including a Cain and Able payload to get at passwords.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
« Older Entries   Recent Entries »