The week in security: Attacks continue; are you ready for 2013?

Are your BYOD-embracing employees decommissioning their old mobile devices to ensure they can't still access your corporate networks? Probably not some fear – and the implications could be significant.

Indeed, BYOD and its attendant mobile-security risks are expected to remain a significant disruptive threat in 2013 – but there are other threats on the horizon. McAfee researchers have warned that a co-ordinated attack against US banking customers, called Project Blitzkrieg due early next year, is indeed a real threat.

That could be a major problem, with analysis of DDoS attacks at banks showing the attacks have generated up to 60Gbps of traffic and experts are clamouring to pull lessons from the attacks. But they're not the only ones doing the pulling: malicious apps uploaded to Google Play are, it was suggested, stealing mobile transaction numbers sent to customers via SMS.

As the year winds down, it's worth revisiting your security strategy to help get ready for present and emerging threats. Some experts suggested questions you should ask about your company's security, while others had tips for avoiding malware attacks on social networks.

Japanese police offered their first-ever reward for a wanted hacker, while a British Royal Navy officer's smartphone landed him in jail and UK police arrested three suspects in a ransomware fraud racket. Another case, in which operators of a botnet were arrested and shown to have little technical skill, offered interesting insight into just how easy it is to manage a botnet these days.

A report by IBM suggested that India has become the world's largest source of spam , while home-entertainment sites were buzzing after news of a hack on smart TVs. This sort of thing continues to boost security's profile, which can only help Australian security company Senetas target European market opportunities after completing a trifecta of national encryption certifications.

Some advertisers are apparently exploiting a vulnerability in Microsoft Internet Explorer to improve visibility of users' activities, while Firefox improved its browser with a new private browsing mode. Microsoft denied the IE leak was a privacy risk even as another flaw was said to allow the tracking of a mouse's position on the screen.

Microsoft launched its own offensive attack as it launched a Chinese anti-piracy campaign highlighting the security risks of buying counterfeited software.

Also on the surveillance front, the EU parliament is pushing for bans on information-censoring tools to oppressive governments. Privacy groups are concerned that US authorities are using surveillance drones without regard for citizens' privacy, while US authorities are considering a ban on smartphone apps that track and share users' locations without permission. Google's popular Maps for iPhone app found itself in the spotlight with German authorities for exactly this reason.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags hackersmobile security risksmalicious appsGoogle PlayMicrosoftencryption certificationsDDoS attacksBYODemerging threats

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

ZENworks® Endpoint Security Management

Protect against bugs in USB Storage devices

Latest Jobs
Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.