The week in security: Attacks continue; are you ready for 2013?

Are your BYOD-embracing employees decommissioning their old mobile devices to ensure they can't still access your corporate networks? Probably not some fear – and the implications could be significant.

Indeed, BYOD and its attendant mobile-security risks are expected to remain a significant disruptive threat in 2013 – but there are other threats on the horizon. McAfee researchers have warned that a co-ordinated attack against US banking customers, called Project Blitzkrieg due early next year, is indeed a real threat.

That could be a major problem, with analysis of DDoS attacks at banks showing the attacks have generated up to 60Gbps of traffic and experts are clamouring to pull lessons from the attacks. But they're not the only ones doing the pulling: malicious apps uploaded to Google Play are, it was suggested, stealing mobile transaction numbers sent to customers via SMS.

As the year winds down, it's worth revisiting your security strategy to help get ready for present and emerging threats. Some experts suggested questions you should ask about your company's security, while others had tips for avoiding malware attacks on social networks.

Japanese police offered their first-ever reward for a wanted hacker, while a British Royal Navy officer's smartphone landed him in jail and UK police arrested three suspects in a ransomware fraud racket. Another case, in which operators of a botnet were arrested and shown to have little technical skill, offered interesting insight into just how easy it is to manage a botnet these days.

A report by IBM suggested that India has become the world's largest source of spam , while home-entertainment sites were buzzing after news of a hack on smart TVs. This sort of thing continues to boost security's profile, which can only help Australian security company Senetas target European market opportunities after completing a trifecta of national encryption certifications.

Some advertisers are apparently exploiting a vulnerability in Microsoft Internet Explorer to improve visibility of users' activities, while Firefox improved its browser with a new private browsing mode. Microsoft denied the IE leak was a privacy risk even as another flaw was said to allow the tracking of a mouse's position on the screen.

Microsoft launched its own offensive attack as it launched a Chinese anti-piracy campaign highlighting the security risks of buying counterfeited software.

Also on the surveillance front, the EU parliament is pushing for bans on information-censoring tools to oppressive governments. Privacy groups are concerned that US authorities are using surveillance drones without regard for citizens' privacy, while US authorities are considering a ban on smartphone apps that track and share users' locations without permission. Google's popular Maps for iPhone app found itself in the spotlight with German authorities for exactly this reason.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags: hackers, mobile security risks, malicious apps, Google Play, Microsoft, encryption certifications, DDoS attacks, BYOD, emerging threats

Today's Approach to Security is Broken

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

AVG Internet Security 2011 Business Edition

Ultimate protection for your small or medium-sized business

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.