The week in security: Huawei, ZTE, Galaxy Tab deemed unacceptable for business use

How much damage could a malware infection do in your company?

How much damage could a malware infection do in your company? A new study found that cyberattacks cost an average $US8.9m to clean up. This, in the context of a relentless exposure profile that saw Windows 7's malware infection rate climb by up to 182% this year.

The popularity of key-generation software intended to help 'crack' trial software – but which actually deliver malware 75% of the time – could be one factor. The actual number could, however, be much higher amidst reports that the volume of reported application vulnerabilities has increased.

This, amidst suggestions that antivirus solutions miss 60% of in-the-wild malware. Users continue to click on questionable links such as the 'Dorkbot' Skype malware link at a rate of knots, while Japanese police were dealing with a bizarre case after two men were arrested on suspicion of making murder threats and malware was ultimately fingered as the likely culprit. Microsoft's Bing search engine was also on the malware watch list after it was suggested that malware-embedded images are causing major headaches for users.

Meanwhile, researchers identified a piece of malware that recruits systems for a commercial proxy service. In many other cases, legitimate notices, such as ISP advisories, are being ignored by Australians who think they're spam.

Far less secure are some of the devices end-users are sneaking into companies thanks to increasingly permissive bring your own device (BYOD) policies: Research In Motion CIO Robin Bienfait has his concerns about iPhones or Android devices, for example, while getting forensic data from smartphones and tablets can be difficult. And Samsung's Galaxy Tab reportedly has enough flaws that analysts warn that it cannot be recommended for enterprise use.

Neither, it would seem, can networking hardware from Chinese vendors Huawei and ZTE. Analysts were weighing in on the ongoing controversy over the vendors, with many arguing that concerns over their security are more an issue of politics than actual fact. Yet this didn't stop Cisco Systems from cutting ties with ZTE after it was alleged ZTE sold Cisco gear to the government of Iran, and both companies were blacklisted after a US congressional committee named them as security threats.

Huawei hit back, arguing that the report is "not fact-based", but analysts agreed the report raises real concerns. Some questioned why Huawei is still acceptable for use in New Zealand; a UK parliamentary committee began looking into the relationship between BT and Huawei; and still others said that while the concerns were understandable, there were other, technical reasons not to use Huawei routers.

Even the phones aren't safe anymore, with users relating takes of woe as US Federal Trade Commission action targeted Indian scammers posing as Microsoft technical support officers. Security firm Websense warned that targeted 'spear-phishing' attacks are targeting focused-interest sites, while 30 US banks were targeted by a Russian criminal syndicate. Along similar lines, Natwest Bank suspended its GetCash mobile application service after it was bilked out of thousands of pounds through phishing attacks. Furthermore, three more US banks have been targeted by Islamic hacktivists. These sorts of targeted attacks could cripple the US, the US Secretary of Defense warned, while a UK academic was concerned about a loophole in EU data protection laws, and it was revealed that a Facebook lookup feature can be used to find the phone numbers and names of their owners.

Facebook soon patched the hole, but this sort of capability has strengthened calls for more social-media regulation. But administrators at one school didn't even have to work that hard to track people, with a Texas school district using RFID tags to track the locations of what could eventually be nearly 100,000 students. A Japanese mobile app was proving equally adept at compromising security after it published up to 760,000 address book entries from its users in a publicly searchable database. And, it was revealed, German police have been monitoring Facebook, Gmail and Skype conversations for years.

RSA launched an implementation of a theoretical security improvement with an app that splits stored passwords into two pieces, theoretically making them harder to steal. Yet even the best-protected software can be vulnerable: Mozilla pulled and then re-released its new Firefox 16 browser after a security vulnerability was found, while a hacker scored $US60,000 after compromising Google's Chrome browser at the Hack In The Box conference in Kuala Lumpur. Tongues were wagging after two Pirate Bay founders were supposed to speak at the event but failed to show up before being belatedly located.

Finally, the relationship between CIOs and CSOs was under the spotlight as a CSO-PricewaterhouseCoopers survey found that a disconnect between the two executives' priorities can become a major loss for companies. Another relationship was also strained as Anonymous and WikiLeaks had a falling-out of sorts, with an angry Anonymous claiming Wikileaks has become all about Julian Assange.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts