Excellent overview of recent landmark phishing case along with joint NAFCU-Cyveillance podcast: http://blog.nafcuservices.com/2011/08/23/landmark-legal-case-if-your-members-have-been-phished-your-credit-union-may-have-to-pay/
A targeted scam or “Spear Phishing” attack making the rounds today invokes the National Security Agency and takes advantage of recent news about a hack of RSA’s two-factor security tokens. Cyveillance has now captured examples and reports of several variants of this email, most sent under the subject lines “Token Code Update” or “Security Token Update”. Read the rest of this entry »
If there’s any message you should take away about utilizing social media in a secure manner, it can be summarized in one word: education. Read the rest of this entry »
Here’s a true story I like to tell to explain how wide the social media “generation gap” is. And, no, I’m not making this up:
Two Australian girls, ages 10 and 12, got stuck in a storm drain. To get help, they whipped out their smartphones and posted Facebook status updates to say they were lost in a local drain, and someone needed to call 000 (Australian 911). Read the rest of this entry »
In a previous blog, our CTO, Manoj Srivastava, discussed how the methodology of modern cyber crooks has evolved, how adept they are today at exploiting the human instinct to trust. Read the rest of this entry »
As the CTO of a leading cyber-intelligence company, I’m often asked about the biggest game-changer in IT security today: What’s the latest technique that hackers are deploying to compromise networks with advanced persistent threats (APTs)? Read the rest of this entry »
In recent years, cyber criminals have made a point of hijacking popular websites. Their goal is usually to spread malware to end users’ computers or to trick search engines into driving web traffic to their own websites. Neither outcome is good for corporate webmasters, as the malware they unwittingly spread is designed to do very unpleasant things to site visitors’ computers, and the sites that they promote by hacking your corporate site are very seedy destinations.
It’s not just small sites that are victims of such attacks. The European Space Agency was recently targeted, large e-commerce sites are regularly defending themselves from electronic break ins, and universities are especially juicy targets for black hat search engine optimization experts.
If the unthinkable occurs and your corporate site is hacked, it may not be immediately obvious to visitors that anything is awry. The last thing most profit-motivated web hackers wish to do is to alert anyone of their work.
Fortunately both Google and Bing offer a way to learn if your site has been hacked. Any webmaster can sign up for Google Webmaster Tools and Bing Webmaster Tools (both are free) for insight on how their sites are perceived by these major search engines when they visit to index your content. They can often detect infected or hacked websites when they visit. If they do, you can see exactly where it was found on your site. (Google will even email you!)
In Bing Webmaster Center Tools, the information would be found under the Crawl Details section.
In Google Webmaster Tools, information about malware found on your site would be shown under Diagnostics.
Of course, preventing your website from being hacked in the first place is best case scenario. Staying current with all the applications you have installed on your website and applying patches as soon as they are available are some of the best ways to prevent your site from being compromised by cyber criminals in the first place. Applications that are designed in-house deserve extra scrutiny for potential security holes. Don’t let your corporate website become a part of the Internet criminal ecosystem. If you don’t have one already, put a plan in place to regularly scan your web servers for malicious software and make sure all software is always up to date.
The content management system WordPress is a fantastic tool. Its ease of use has has helped it become the most popular blogging tool out there. Its most recent version has been downloaded more than 5.7 million times as of this writing.
The popularity of WordPress has made it a very attractive target for cyber attackers. Like most software, eventually security holes are found that allow hackers inside. Once a site is breached, it can be used for many illegal purposes like distributing malware, hosting phishing attacks, and marketing counterfeit pharmaceuticals. Blog owners need to be ever vigilant to ensure there software is current with all updates including blog software to plug security holes.
WordPress developers have been great about patching those holes quickly. Despite being on top of vulnerabilities, there are still some steps that should not be tough to implement but should make the web a safer place.
In recent years, WordPress began notifying site admins in the tool’s dashboard view with a message saying that a new version of WordPress was available, and offered a link to upgrade immediately. This is very helpful.
But often blogs are abandoned out there and site admins never see this message. Why wait until a webmaster returns? Like a beeping car when your seat belt is unbuckled, WordPress could email the admin on a regular basis to remind them that they have to upgrade, reducing the number of vulnerable websites out there online. WordPress already emails site owners when blog comments are awaiting approval, so this should be pretty easy to implement.
Note that out of date WordPress installs are not the only pieces of software contributing to web server infections. Shopping cart software, forum software, and photo gallery software all tend to be targeted. WordPress installs are likely more common than all of those, so it would make sense to make its security a priority.
Make no mistake, we love WordPress. We use it on this very site. But there are a couple of steps that would appear to be low-hanging-fruit that Matt Mullenweg and the WordPress development crew could take to make an impact on hacked sites on the web.
If you run WordPress and suspect your site’s been hacked, please see this official FAQ from the WordPress team!
As reported in the upcoming release of the Cyveillance Intelligence Report, overall phishing attack volume declined during the second half of 2010 compared to the first half of the year, averaging over 19,000 confirmed, unique attacks per month. However, the level of sophistication and emphasis on targeted attacks continues to rise. As a result, despite the number of attacks going down, the ability of phishers to be successful has risen significantly as evidenced by the growing number of spear phishing attacks and Advanced Persistent Threats (APTs) reported during the half.
The amount of attacks seen monthly is down compared to the first half of the year and could be related to the recent decline in spam, but the overall volume confirms that the problem of phishing is still easily one of the top threats on the Internet. Specifically, the use of more sophisticated and targeted attacks result in greater success and lucrative opportunities for online criminals. A recent story regarding socially-engineered attacks against High Value Targets (HVTs) in the Canadian government provides a great example of the danger this new breed of attack poses to organizations.
Organizations should continue to monitor for suspicious activity related to the attack described in the article above as well as educate their users on the latest threats that plague the Internet. Users can minimize the potential for falling victim to email and Web-based attacks by never clicking on links within emails and only accessing their online applications through known Web sites and pages.
Recent law enforcement activity against a couple of high profile Russian cyber criminals reminds us that while some major cyber criminals continue to act with impunity, it appears that progress is being made on some fronts.
Cyveillance recently asked the United States Embassy in Moscow to comment on cooperation between our countries in the fight on cybercrime for publication on CyveillanceBlog.com. Below, the responses to our inquires from the U.S. Embassy in Moscow:
Cyveillance: Is there regular dialogue between the American and Russian governments at the diplomatic level on the topic of international cybercrime? If so, how often does such engagement occur?
U.S., Embassy in Moscow: Yes, on more than one level. For example, there is ongoing dialogue between U.S. and Russian diplomats concerning matters of Internet governance, of which law enforcement efforts against cyber crime are an integral part. These discussions typically occur in a multi-national setting such as the United Nations. Additionally there is ongoing dialogue and cooperation between our respective investigators on particular cyber crime cases. This dialogue occurs in several ways, including through periodic face-to-face meetings several times per year. In some instances, these discussions focus on a particular area of cyber crime. For example, there is a bilateral United States – Russia IPR Working Group which meets regularly to discuss issues related to intellectual property protection, including in cyber space, with special focus on enforcement.
Cyveillance: With the shutdown Russia-based Spamit this fall and the investigation into the activities of alleged spammer Igor Gusev, it appears Russian authorities may be taking steps to curtail cybercrime. From the U.S. Embassy in Moscow’s perspective, are these isolated incidents or does it appear that there may be a shift in the climate for cybercriminals in Russia?
U.S., Embassy in Moscow: We are hopeful that these examples mark the beginning of the creation of a much more difficult environment for cyber criminals, not only in Russia, but worldwide. As you know, cyber crime transcends national boundaries not only in the perpetrator-victim sense, but also in the sense that members of the same cyber-driven criminal organization are often based in several countries. It is more important than ever that each nation take steps to clamp down on cyber crime.
Cyveillance: Russia traditionally enjoys a population that is well educated in math and engineering. Some authors suggest that the lack of opportunities in traditional business environments may tempt talented programmers into criminal activity. Is the State Department aware of any formal efforts that will help encourage Russian technologists to pursue legal opportunities using their skills, as opposed to those offered by cybercrime?
U.S., Embassy in Moscow: President Medvedev has made technological development a very high priority in his administration’s vision for the future of Russia. One example of this is the plan to develop a cyber industry, along the lines of Silicon Valley, based in the town of Skolkovo near Moscow. The prioritization of economic development in the tech sector, provided it is coupled with a strong law enforcement response to cyber crime, should incentivize individuals with technical skills to seek legitimate career paths.
Cyveillance: While there have been some recent notable exceptions, Western cybercrime researchers and even some in law enforcement sometimes feel that Russian cybercriminals are out of reach and enjoy a de facto immunity from prosecution. What is the State Department’s position on the amount and quality of cooperation received from Russian officials in international cybercrime investigations?
U.S., Embassy in Moscow: There has been some cooperation on cyber crime matters, but there is a need for far more. That is an overarching goal of the ongoing dialogue between our countries on these issues. Certainly, enhanced cooperation in this area would support the goals announced by President Medvedev for technological development in Russia, as those who consider investing in that development will expect a consistently strong law enforcement response to cyber and other crimes to protect their investments.
Cyveillance: From the State Department’s perspective, how much of American success in combating cybercrime of Russian origin is amenable to American law enforcement’s efforts? Are there inroads that remain to be made at the diplomatic level first?
U.S., Embassy in Moscow: The United States plays a leadership role in combating cyber crime, but no one nation can tackle this multi-national problem. The United States has law enforcement partnerships around the world with dedicated and highly professional counterparts in the area of cyber crime. We are striving to strengthen our partnership with our Russian counterparts in this area, which is certainly in our mutual interest.
Cyveillance: Is there anything else the State Department thinks cybercrime researchers or the general public should know about efforts to combat cybercrime in Russia?
U.S., Embassy in Moscow: Cyber crime presents complex problems that require a complex, multi-faceted response. This includes coordinated efforts not only by the governments of the United States, Russia and other countries, but also by those in industry and academia. We appreciate the opportunity to participate in this important dialogue.
Many thanks to U.S. Embassy staff for taking the time to answer our questions.
