Anti-zombie PC systems hit the market one after another in the wake of the DDoS (distributed denial of service) attack earlier in March this year and the recent NACF (National Agricultural Cooperative Federation) network breakdown caused by a laptop infected by a zombie PC.

Wins Technet, Piolink and NP Core are about to enter into the market soon with their CC (Common Criteria) certifications, a qualification to supply anti-malignant bot solutions to the local public-sector market.
Wins Technet has recently released the Sniper BPS, which not only detects and blocks a PC infected with a malicious bot from accessing networks but also analyzes malicious codes to treat affected computers. It has already won the CC mark and is getting ready to win over public-sector customers after June.
Piolink has also launched a similar product, dubbed TiFRONT-AntiBot, and has supplied it to the National Computing & Information Agency, the Korea Internet & Security Agency and major companies in the industry. The solution senses botnets trying to access networks in advance and analyzes them, directing the L2 security switch to shut them off. Saint Security, a local bot detection firm, participated in the development of the product and added to its detection accuracy.
In the meantime, foreign companies like Trend Micro, Symantec and FireEye are preparing themselves to land on the local malware detection software market, too. As such, it is likely that the domestic and foreign solution developers will be engaged in a neck-and-neck competition down the road.

According to a new case study published by the Internet Security Awareness Training (ISAT) firm KnowBe4, a telephony denial-of-service (TDoS) attack against a semi-retired St. Augustine dentist served as a smokescreen for a nearly $400,000 cyberheist.

In November 2009, Robert Thousand Jr. began receiving a flood of calls to his business, home and mobile phone lines. The calls consisted of a 30-second recorded message from a sex hotline. What appeared to be a phone service issue turned out to be far more sinister. The following month, Thousand discovered that five transfers totaling $399,000 had been made from his TD Ameritrade retirement account. When the FBI investigated his case, it became apparent that the TDoS attack was intended to prevent Thousand’s broker from reaching him while the criminals committed their cyberheist.

TDoS is a form of denial-of-service (DoS) attack. When the calls come from multiple sources, it is known as a distributed denial-of-service (DDoS) attack. The high volume of automated calls prevents victims from making or receiving legitimate calls, thereby denying them use of their phone service. In Thousand’s case, the cybercriminals set up a number of VoIP accounts and used automated dialing to inundate his phone lines. While that was happening, they initiated the transfers that drained his retirement account.

Thousand was not the only victim to be targeted in such a manner. Others reported similar telephony DoS attacks in the months that followed. In 2010, the Communication Fraud Control Association (CFCA) and the FBI formed a partnership to identify TDoS patterns and trends, prevent DoS attacks, raise Internet security awareness and catch those who conduct cyberheists. Despite these efforts, unsuspecting members of the public can still fall prey to increasingly sophisticated cybercrime tactics.

“The problem is larger than the issue of telephony denial of service alone,” explained KnowBe4 founder and CEO Stu Sjouwerman (pronounced “shower-man”). “Before the cybercriminals launched their TDoS attack, they found a way to obtain Dr. Thousand’s Ameritrade account information and password. Victims in these cases are often targeted through phishing attempts or by clicking an innocuous-looking email link that downloads malware to their system. In this manner, criminals are able to capture account details, passwords and other personal information. Once they have access to an account, they can then change the contact numbers and impersonate the victim when communicating with the bank or broker.”

Sjouwerman advises those on the receiving end of a telephony DoS attack to immediately contact all financial institutions where they hold accounts and request a halt to any transfer requests, and then report the suspected cybercrime to the authorities. The sooner victims act, the better chance they have of preventing or minimizing potential losses. However, Sjouwerman emphasizes that Internet security awareness is critical in order for targets to prevent a cybercriminal from obtaining their account information in the first place.

“As awareness of phishing tactics increases, people are becoming more wary of emails from unknown senders. However, cybercriminals have become much more sophisticated in their practices. They are able to convincingly make it appear as if an email is being sent by a bank, government institution or trusted friend or colleague,” noted Sjouwerman. “All it takes is a single click to unwittingly give intruders access to a computer. They can then view all of the personal information contained within, as well as any transactions conducted online.”

While individuals must take responsibility for their own Internet activity and data security, Sjouwerman stressed that businesses need to implement proactive measures to minimize their employees’ vulnerability to phishing tactics. “In many cases, data security breaches that occur from within a company are not the result of any employee’s malicious intent, but rather an honest mistake made by someone who happened to be susceptible to phishing. That’s why Internet security awareness training is so important. It helps personnel identify and avoid potential phishing attempts that can expose the company to financial loss and intellectual property theft.”

Australians love to place bets online but little do some punters know of the dangers lurking in cyberspace.

Melbourne-based internet betting and entertainment website Sportsbet.com.au found out about these dangers the hard way when in 2009 the company was the target of a distributed denial of service attack (DDoS).

A DDoS attack involves harnessing hundreds or thousands of computers to simultaneously bombard a website with data so it becomes overwhelmed. The computers in such attacks have typically been infected with malware so they can be used without the consent or knowledge of their owners.

According to the company, traffic on the Sportsbet site can reach 2000 hits per second as punters place bets on race days and cyber criminals are keen to try and take a share of the money. Heightened attention during the Spring Carnival race in Melbourne during 2009 proved a viable opportunity for attack on its services.

Competitors TABCorp, Sportingbet and Centrebet all faced attack over the same time frame.

Sportsbet IT security manager, Gonzalo Ernst, told Computerworld Australia the company managed to mitigate against heavy traffic resulting from the attack.

“We had help from our internet service provider [ISP] because it’s a bandwidth attack and can only be done at the ISP level,” he said. “We have an agreement with our ISP to offer protection.”

According to Ernst, there were rumours of more DDoS attacks in 2010 on betting agency websites but it has not experienced a DDoS attack since the X-Series was installed.

While the Sportsbet website experienced service degradation for only two hours during its attack, the IT department made a decision to upgrade its firewalls to ensure the security infrastructure had the capacity to handle future attacks.

At the time, the company was using a C12 security offering from its vendor Crossbeam but, following the attack, it upgraded to the X-Series combined with a Check Point firewall.

The new updated Crossbeam firewall handles 10 to 13 million connections per second., allowing the company to prevent connection attacks, in which millions of connections of directed at a homepage to pull it down.

Online betting was a growth industry for Sportsbet, continuing to double traffic to the company’s website.

Crossbeam Australia and South East Asia regional sales director, Andrew Draper, said in a statement that Sportsbet had been working with the vendor since 2006.

“In our [Australian] customer base they are completely unique in that they are a 100 per cent Web-based business. We’re not working with other online betting agencies in Australia at present,” he said.

While he would not name any other Australian customers, Draper said it does play in the telecommunications, university, financial services, insurance and government sectors.

Ernst advised other companies to have a close partnership with their ISP and good monitoring tools in place.

“The important thing is that once you get an attack is to know what kind of attack it is.”

The collective known as Anonymous has declared it will target Sony as a result of the company’s legal action against PlayStation 3 jailbreakers GeoHot and Graf_Chokolo.

A spokesperson for the collective writes, “Congratulations, Sony. Your recent legal action against our fellow hackers, GeoHot and Graf_Chokolo, has not only alarmed us, it has been deemed wholly unforgivable.”

Anonymous is perhaps most famous for its denial of service attacks (DDoS) against Amazon, PayPal, Visa and Mastercard for their perceived anti-WikiLeaks behaviours. Both Visa and Mastercard’s websites were brought down as a result of DDoS attacks.

Earlier this year, GeoHot and fail0verflow (a group that includes Graf_Chokolo) exposed the PlayStation 3’s root key after the removal of OtherOS from the console. Doing so has exposed Sony’s platform to rampant piracy.

London police charged five individuals under the Computer Misuse Act for their role in launching distributed denial-of-service attacks against commercial websites. Authorities believe the suspects are connected to the Anonymous hacking group, a loosely affiliated band of web savvy, politically motivated individuals. The hacktivist gang is being investigated for its role in taking down a number of high-profile websites.

The credentials of 30 million online daters were placed at risk following the exploit of an SQL injection vulnerability on PlentyOfFish.com. Creator of the Canada-based site, Markus Frind, said it was illegally accessed when email addresses, usernames and passwords were downloaded. He blamed the attack on Argentinean security researcher Chris Russo, who Frind claimed was working with Russian partners to extort money. But Russo said he merely learned of the vulnerability while trawling an underground forum, then tested, confirmed and responsibly reported it to Frind. He never extracted any personal data, nor had any “unethical” intentions.
Facebook announced a new security feature designed to deter attackers from snooping on users who browse the social networking site via public wireless networks. Users can now browse Facebook over “HTTPS,” an encrypted protocol that prevents the unauthorized hijacking of private sessions and data. The site was spurred on to add the security feature after a researcher unveiled a Firefox plug-in, known as Firesheep, that permits anyone to scan open Wi-Fi networks and hijack, for example, Twitter and Facebook accounts. HTTPS will eventually be offered as a default setting to all users.

For a third time, a California lawmaker introduced a bill that would update the state’s data breach notification law, SB-1386, to include additional requirements for organizations that lose sensitive data. The proposal by Sen. Joe Simitian (D-Palo Alto), would require that breach notification letters contain specifics of the incident, including the type of personal information exposed, a description of what happened and advice on steps to take to protect oneself from identity theft. Twice before, the bill has gone to former Gov. Arnold Schwarzenegger’s desk to be signed but was vetoed.

Facebook, MySpace and YouTube are the most commonly blacklisted sites at organizations, according to a report from OpenDNS, a DNS infrastructure and security provider. The yearly report, based on data from some 30 billion daily DNS queries, found that 23 percent of business users block Facebook, 13 percent restrict reaching MySpace, and 12 percent ban access to YouTube. Meanwhile, the OpenDNS-run PhishTank database found that PayPal is the most phished brand, based on verified fraudulent sites.

Google, maker of the Chrome web browser, made a feature available that allows users to opt out of online behavioral advertising tracking cookies. The tool, called “Keep My Opt-Outs,” is available as an extension for download. The announcement comes on the heels of a Federal Trade Commission report urging companies to develop a ‘do not track’ mechanism so consumers can choose whether to allow the collection of data regarding online browsing activities. Browser-makers Mozilla and Microsoft also announced intentions to release similar features for their browsers.

Verizon announced plans to acquire Terremark, a managed IT infrastructure and cloud services provider known for its advanced security offerings, for $1.4 billion. Verizon plans to operate Terremark as a standalone business unit. “Cloud computing continues to fundamentally alter the way enterprises procure, deploy and manage IT resources, and this combination helps create a tipping point for ‘everything-as-a-service,’” said Lowell McAdam, Verizon’s president and chief operating officer.

Source: http://www.scmagazineus.com/news-briefs/article/197112/