The week in security: Attacks continue; are you ready for 2013?

Are your BYOD-embracing employees decommissioning their old mobile devices to ensure they can't still access your corporate networks? Probably not some fear – and the implications could be significant.

Indeed, BYOD and its attendant mobile-security risks are expected to remain a significant disruptive threat in 2013 – but there are other threats on the horizon. McAfee researchers have warned that a co-ordinated attack against US banking customers, called Project Blitzkrieg due early next year, is indeed a real threat.

That could be a major problem, with analysis of DDoS attacks at banks showing the attacks have generated up to 60Gbps of traffic and experts are clamouring to pull lessons from the attacks. But they're not the only ones doing the pulling: malicious apps uploaded to Google Play are, it was suggested, stealing mobile transaction numbers sent to customers via SMS.

As the year winds down, it's worth revisiting your security strategy to help get ready for present and emerging threats. Some experts suggested questions you should ask about your company's security, while others had tips for avoiding malware attacks on social networks.

Japanese police offered their first-ever reward for a wanted hacker, while a British Royal Navy officer's smartphone landed him in jail and UK police arrested three suspects in a ransomware fraud racket. Another case, in which operators of a botnet were arrested and shown to have little technical skill, offered interesting insight into just how easy it is to manage a botnet these days.

A report by IBM suggested that India has become the world's largest source of spam , while home-entertainment sites were buzzing after news of a hack on smart TVs. This sort of thing continues to boost security's profile, which can only help Australian security company Senetas target European market opportunities after completing a trifecta of national encryption certifications.

Some advertisers are apparently exploiting a vulnerability in Microsoft Internet Explorer to improve visibility of users' activities, while Firefox improved its browser with a new private browsing mode. Microsoft denied the IE leak was a privacy risk even as another flaw was said to allow the tracking of a mouse's position on the screen.

Microsoft launched its own offensive attack as it launched a Chinese anti-piracy campaign highlighting the security risks of buying counterfeited software.

Also on the surveillance front, the EU parliament is pushing for bans on information-censoring tools to oppressive governments. Privacy groups are concerned that US authorities are using surveillance drones without regard for citizens' privacy, while US authorities are considering a ban on smartphone apps that track and share users' locations without permission. Google's popular Maps for iPhone app found itself in the spotlight with German authorities for exactly this reason.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags hackersmobile security risksmalicious appsMicrosoftGoogle Playencryption certificationsemerging threatsBYODDDoS attacks

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place