Cybersecurity Lessons from the New York Times Security Breach
The New York Times selected a premier vendor of security products, Symantec Corporation, to provide antivirus software. Recently, they were attacked by hackers originating in China. After the attacks, the Times’ security consultant reported that the antivirus software did not protect the company. I consult for DLT Solutions with some of the most secure government agencies in the U.S. My primary suite of products comes from Symantec. Their security solutions are among the best in the industry. If they had fully deployed and properly utilized Symantec’s anti-virus software in their enterprise, most, if not all, of the attacks could have been prevented.
Mobile Malware is the New PC Malware
In 2004, Cabir became the first mobile-based worm, infecting Symbian-based devices including old Samsung and Nokia models. Although it was developed as a proof-of-concept, within a year Cabir helped spawn mobile malware including the first mobile Trojan (Qdial) and mobile application hack (Skulls). Today, explosion of smartphones and tablets has spawned an entirely new hacking industry – one that has the potential to bypass your current cybersecurity strategies if you have not included mobile protection.
Search Engine Poison and the Federal Government
With the holidays in the rear view mirror we take a moment to look at what online scammers have been up to this season. It is that time of year where the perfect conditions exist for malicious programmers to run their seemingly annual Search Engine Poison (SEP) attacks. For those who aren’t aware: What is SEP?
Cybersecurity’s Black Hole
The internet’s biggest advantage and its greatest disadvantage is its ability to spread information quickly. Most of the time, the information shared is beneficial, however criminals use that same instant spread of information to pass hacking tools. The Blackhole exploit kit is such a resource, and it accounts for 28% of all web threats.
The Apple OS X Malware Myth
Over the last week or so, the internet has been awash in reports of the latest piece of malware targeting Apple OS X systems called MacDefender , MacSecurity or MacProtector. This is a piece of software that Symantec calls FakeAV, which is an entire family of “scareware.” A browser window pops up and says the machine is infected and to download a particular piece of software to remove the issue, when in fact the software you download is the payload that infects your machine.
This is not new to the Windows camp as FakeAV products have been around for many years. Everyday many bogus antivirus and security applications are released and pushed to unsuspecting users through various delivery channels. Many of these programs turn out to be clones of each other. They are often created from the same code base but presented with a different name and look - achieved through the use of a "skin". These programs attempt to convince the user to purchase software in order to remove non-existent malware or security risks from the computer. The user is continually prompted to pay for the software using a credit card. Some programs employ tactics designed to annoy or disrupt the activities of the user until the software is purchased.