The week in security: Would you notice if you were hacked?
- — 13 February, 2012 09:44
Confident you would notice if your systems were being hacked? You’re in the minority: A new survey has found just 16 per cent of organisations hit by a breach last year noticed it before someone else told them about it. That’s hardly surprising given another study that found many of the worst malware offenders are using methods that antivirus software just can’t spot or deal with.
Of course, DDoS attacks can be particularly easy to spot – especially since the motivation for the attacks can often be political, not criminal. The crims have other tactics – which is why the European Union is moving to [[xref: http://www.cso.com.au/article/414777/eu_stengthen_its_cybersecurity_watchdog/ |strengthen its cyber security arm|]], the European Network and Information Security Agency (ENISA). ENISA may have a great task ahead of it after researchers in Germany cracked the encryption algorithms used to protect satellite phone communications. Interestingly enough: by contrast, US cyber security experts were pleading for lighter-touch regulations.
On the malware front, researchers have discovered a piece of malware that’s using a generally available file-sharing service SendSpace to store the fruits of its labour, for easy retrieval by persons unknown. Another one, a Trojan called Infostealer.Offsupload, has already stolen over 20,000 online archives, Symantec warned. And the Kel hos botnet killed by Microsoft last year is still out of action, the company says, but don’t rest on your laurels: a new and similar one is rapidly taking its place, the company admitted.
The prevalence of this sort of attack is making many people assume that overall malware levels are way, way up – but figures from Verizon suggest the actual number of records compromised per year has been on the decline since 2008. That’s unlikely to be much solace for those owners of unsecured WiFi networks who, a US test case will decide, may eventually end up potentially liable if someone uses their networks to illegally download copyrighted content.
One imagines that law would certainly apply to those that download the source code of Symantec’s pcAnywhere, which hackers claim to have posted on BitTorrent; the code was subsequently confirmed by Symantec to be legitimate.
Not that hackers need it: A new study has found that hackers’ favourite way of breaching security systems was already to use third-party remote access applications or VPNs to sneak their way in.
Recognising that this sort of threat requires tighter controls on access, Apple apparently now requires a special digital certificate be acquired by anybody wanting to use mobile device management (MDM) tools to manage iPads, iPod touches and iPhones in the enterprise. Adobe was also tightening its security, releasing a version of [[xref: http://www.cso.com.au/article/414592/adobe_releases_sandboxed_flash_beta_firefox/|Flash that sandboxes its processes|]] to deter security breaches and nastiness instigated by stray processes.
Browser security went both forwards and backwards, with Mozilla contemplating the revocation of Trustwave’s security certificate after it issued a man-in-the-middle security certificate; on the other side, Google shipped a new version of its Chrome browser and decided that Chrome will no longer check for revoked SSL certificates online. That's a significant change that's likely to spur considerable debate around strategies for ensuring quick promulgation of certificate security fixes.