The week in security: Breaches growing, DDoS fiercer, mobile malware “negligible” as battlefronts shift
- 20 April, 2015 09:44
As if it wasn't enough that security staff were playing a continuous game of catch-up – investigating an average of 1.5 security breaches per week even as research reveals institutional investors don't believe company boards have the security threat under control – it turns out Australians' world-leading love of social media has made us world-leading targets for ransomware purveyors and malware criminals that are using extremely complex techniques against us.
An analysis of DDoS attacks shows that Australian attacks are shorter but fiercer than those against other countries in the region, yet cyber-criminals are also getting stealthier – using tricks to avoid detection of banking malware, for example, finding new ways to escape detection by exploiting HTTPS security. Yet there are other threats within, according to a survey that found companies' biggest source of smartphone security compromises come from males under age 35 who are paid over $US60,000 ($A77,000) per year.
If there's any good news from that, it's that Verizon's analysis concluded that there is in fact a “negligible” amount of mobile malware out there – although mobile adware is in fact a real nuisance, if not a direct threat. Less reassuringly, it also found that security teams have less time than ever to respond to new attacks.
VMware is doing its part to help, leveraging its ubiquitous virtualisation technology to help companies securely deliver apps to mobile users. BT launched a next-generation security platform with a range of custom tools, while Akamai bolstered its managed security service offerings with anti-DDoS and Web-app protection tools.
Joining the trend to run online bug bounties, Dropbox began a bug bounty program designed to improve its ability to quickly find and repair bugs. By contrast, word emerged that a Windows vulnerability identified more than 15 years ago can still be used to steal login credentials.
There were small steps in fighting the ransomware scourge: a free tool, jointly developed by Kaspersky Lab and the Dutch police, may provide fresh hope for victims of the CoinVault ransomware. Yet even as Russian authorities arrested the leader of a gang pushing Android malware at English-speaking targets, a Chinese hacker group was reportedly targeting airgapped networks disconnected from the Internet.
A Verizon survey found that the average security breach now costs $US0.58 per record, but there were questions about how that might change as security executives began to fear the data-loss implications of the new Apple Watch. Yet it was Web application attacks, point-of-sale intrusions and cyberespionage that were the leading causes of data breaches, research found. new POS malware called Punkey emerged.
New threats are also emerging all the time, with a so-called Internet of Evil Things raising alarm bells for some researchers and new attack vectors opening as venerable ATMs get set for a cloud makeover.
Little wonder that authorities are trying to improve sharing of threat-related information – something that IBM did with the opening of its security-intelligence database – with new US cyberthreat-sharing legislation said to be potentially more friendly to privacy than previous efforts. However, the legislation held little promise for customers of failed US retailer RadioShack, which is pushing ahead with plans to sell its customer data despite opposition from several US states. Yet even that may pale in significance against WikiLeaks' publication of a trove of hacked Sony Pictures emails that is already embarrassing executives and actors alike.
This article is brought to you by Enex TestLab, content directors for CSO Australia.