Cybercriminals behind the Waledac botnet have begun using a New Year’s-themed campaign to capture more victims, security experts warned Thursday.
The botnet is spreading spam messages that contain the subject line “Happy New Year 2010” and provide a link for what the email claims to be a New Year’s greeting card, Mikko Hyppönen, chief research officer at anti-virus provider F-Secure, told SCMagazineUS.com on Thursday. The campaign began early Thursday.
Check out this article – [SC Magazine]
Did anyone else notice this in the article posted by SC Magazine yesterday regarding Gonzalez pleads guilty to Heartland, Hannaford, 7-ll hack?
Gonzalez faces up to 25 years in prison for these charges, and was expected to be sentenced earlier this month. Federal court Judge Patti Saris agreed to delay sentencing until March 18 after a psychiatrist determined that Gonzalez has a developmental disorder called Asperger’s syndrome and may not have known he was committing a crime.
Are you kidding me that he didn’t know he was stealing credit card information and then using them? What, did he believe he had millions of different names and was female on some days when he was using these credit cards?
Cybercriminals love to use social engineering techniques to trick users into installing their malware. One of the latest fake-alert variants attempts to trick users into believing the software is related to or hosted by McAfee: mcafeevirusremover.com.
Check out the article - [McAfee Labs Blog]
Since I took the time to provide security predictions for 2010 yesterday, today I decided to provide some information on IT Compliance in 2010. As always, I welcome your comments thats what makes blogs interesting to read and I like to hear your thoughts as well.
Image is from Help Net Security
In 2010 regulatory mandates and standards such as PCI DSS, HIPAA/HITECH and many others will set the tone for security activities. In fact, I bet more organizations will base their security programs on PCI DSS, which is good and bad. Good because its better than nothing, bad because its simply a baseline. I also think that PCI DSS will continue to require more to comply with & organizations will continue to criticize the standards because of requirements.
2010 will also bring a new version of the PCI DSS standard which will also bring more controversy and questions for the council to answer or justify. There are also some 2010 deadlines mandated by Visa that we all need to remember and they are:
Microsoft has dismissed reports that there’s an unpatched critical flaw in the latest version of its webserver software.
The software giant accepts there is an “inconsistency” in how IIS 6 handles semicolons in URLs . But it denies that this lends itself to hacking attacks, contrary to claims by security researchers shortly before Xmas. Redmond said fears that the bug allows hackers to circumvent content filtering software in order to upload and execute code on an IIS server are misplaced.
Check out the article - [The Register]
Compared to the first half of 2009, the amount of phishing messages has remained relatively unchanged, although phishers have switched their focus to institutions that could bring them the most profit in the shortest timeframe. This is one of the results of BitDefender’s malware and spam survey.
Check out the article – [Help Net Security]
As 2009 draws to an end, I look back and think… if we thought the malware, spyware, bots and data breaches that the security industry was faced with in 2009 was bad. Just wait for 2010. The security industry will still be faced with these same threats; however they will be more sophisticated as cyber criminals learn from the mistakes of 2009. Below are some threats, and by no means all of them that I think will be more sophisticated and used more.
Please share your thoughts on 2010 security threats & comment below.
Social Networking – as users and companies continue to use sites such as Facebook, MySpace and Twitter they will face more complicated threats as the number of users continue to grow.
With social networking tools like the applications that facebook offers and the social engineering tactics used by cyber criminals. The cyber criminals will take advantage of the social networking users. So it’s up to us as Security Professionals to provide the security awareness needed.
Social Engineering – This is already one of the top attack vectors used today and in 2010 cyber criminals will increase the user of social engineering and continue to directly target the user to trick them into downloading malware or sharing sensitive information under the impression that they are doing something perfectly in innocents.
Cloud Services – As a result of cloud computing and SaaS taking off in 2009, more corporate data is being stored outside of the corporate network. This is making it very difficult for IT administrators to have direct control over the data. Cyber criminals will increase the attacks on the cloud-based providers in 2010.
Mobile Security – today mobile phones have not been much of a target for hackers. However with the mobile devices today containing more personal information than desktops, they are looking more attractive to the cyber criminals.
There are a number of iPhone users jail-breaking their phones to install third-party applications, however most of these users are not aware that when they jail-break their iPhone they are activating the SSH service with a default password and root access, which is well known and easily found on the internet, and puts them at risk for their data on the iPhone to be compromised.
URL-Shortening Services – Phishers will be adding URL Shortening Services to their tackle box of lures to hook user that have no clue where a shortened URL is actually taking them.
Users need to know that cyber criminals are focused on stealing your data while not getting caught. So always expect the un-expected, you could be the next target.