Solutionary identifies Top Security Risks and provides precautionary tips for Winter Olympic Games
Company encourages businesses, event advertisers, and corporate and individual attendees to remain vigilant and take information security precautions
Solutionary, has identified the top information and data security risks facing businesses, Olympic advertisers and attendees of the upcoming Winter Olympic Games in Vancouver from February 12th to 28th. In addition, the company has provided precautionary tips to help these people and organizations protect their data and assets.
Solutionary is a trusted security advisor to companies of all sizes around the world, processing more than 300 billion events annually through the company’s Security Operations Centers (SOC). Solutionary’s certified SOC analysts and technology offer 24/7 live and automated event monitoring to ensure the highest levels of protection.
“Hackers, spammers and scammers often take advantage of major events, like the Olympics, to steal confidential consumer and corporate data and information or to generally create chaos,” said Don Gray, Chief Security Strategist of Solutionary. “Since the 2008 Games, new and more malicious threats have surfaced and attacks are more prevalent, from the Google email hacks to Twitter and Facebook denial of service (DDOS) attacks. In the age of Web 2.0 and constant connectivity, it’s more important than ever for businesses and individuals alike to remain vigilant about information security – especially around an event of such international significance.”
Solutionary’s information and cyber security experts have identified the following as the top five information security risks around the Olympics:
Social Networks & Instant Messaging (IM) – In recent months, sites and services like Facebook, Twitter and MSN Messenger have been repeatedly targeted by hackers. Keep your guard up, even during the excitement of the Games. Who you are connecting to? How you are connecting to them? Are you sharing information that could be used for social engineering? Never share files thru IM services and connect only to branded, trusted information sources.
Masquerading Wireless Networks - Always know what network you are connecting to and avoid unsecured wireless networks. Only connect to networks associated with trusted brands/providers and be sure to verify names and credentials of the access points.
Malvertising – Website ads containing malicious exploit code may be hosted by unsuspecting websites in an attempt to maximize online ad revenue around the Games.
Hacktivism – Nationalistic pride can be a powerful motivator in driving hackers to initiate attacks. In the recent Google hacking incident there was evidence of retaliatory hacking affecting Baidu.com.
Whaling – Corporate executives and guests should be trained to recognize attempts to target them, their laptops, and phones for exploit. Promotional items can easily be faked. Emails, devices, CDs, and memory sticks can all convey malicious software.
Solutionary’s experts recommend Olympic attendees, advertisers and Vancouver-area businesses take the below security precautions, at a minimum, leading up to and during the Games:
Awareness – Make sure everyone in your network – whether it’s your kids or your employees – is aware of potential threats. If they are aware of heightened risk, they will be more vigilant and likely to flag suspicious activity or items.
Protect Endpoints - Attendees must protect mobile computers and phones as these devices often are targeted for the data they contain as well
as an exploit path for stealing account credentials, credit card information, etc.
If you can, leave them at home. Consider limiting yourself to one pocket-able device that’s easy to keep track of.
If you must have a laptop, ensure that it is up to date with the latest patches, anti-X (virus, spyware, malware) software.
Remove all non-essential data from laptop before traveling – especially if it’s confidential or sensitive.
If you must travel with sensitive or confidential data, employ strong whole disk encryption.
Check, Double-Check and Re-Check Security Processes – Local businesses and advertisers should review their information security countermeasures, validate that patches are up-to-date, that web applications are not vulnerable, and that wireless networks are secured using WPA/WPA2 authentication and TKIP/AES encryption.
Log Monitoring – Local businesses involved with the Games and advertisers must recognize that their participation brings about the possibility of increased motivated attackers targeting them for nationalistic or political reasons. Ensure security log monitoring is adequate to handle the increased threat level and volume.
Check ATM’s – Attendees and local financial institutions should be vigilant about checking for ATM pin-pad skimmers. Most pin-pad skimmers can be detected by careful examination and physical checking as they are often taped on top of the real card-entry mechanism on the ATM. If there is any doubt, find another ATM to be safe.
RSA Global Survey reveals confidence in social networking security shaken as online crime rises
More than 4,500 people divulge concerns with safety of personal information on the Internet and a desire for better identity protection, in survey from EMC’s security division
Two in three people reluctant to share on social networks
Three in ten people fall prey to phishing attacks; a six-fold increase in just two years
RSA, The Security Division of EMC, announced the results of its 2010 Global Online Consumer Security Survey that polled more than 4,500 consumers regarding their awareness of online threats, concerns with the safety of their personal information online and their willingness to share it, and desire for better identity protection.
Of the more significant survey findings, consumer awareness of phishing attacks has doubled between 2007 and 2009 and the number of consumers who reported falling prey to this attack increased six times during that same period of time. In addition, while hundreds of thousands of people join social networking websites each day, the survey exposed that nearly two in three (65 percent) people who belong to these online communities indicated they are less likely(1) to interact or share information due to their growing security concerns.
Social networking websites have become a hotbed for online criminals because of their global reach and the participation by hundreds of millions of active users from all walks of life. This makes these communities prime targets for exploitation by criminals who seek to steal personal information through socially engineered attacks. Reflective of this trend, the survey exposed that four out of five (81 percent) people using social networking websites displayed concern(2) with the safety of their personal information online.
“Fraudsters continue to fine-tune their array of tactics that result in millions of computers becoming infected with Trojans and other malware,” said Christopher Young, Senior Vice President at RSA. “These online criminals are adept at social engineering with at-the-ready phishing attacks that are launched within moments of breaking news about popular celebrities, professional athletes or serious global events. In these cases, people are lured to legitimate websites infected with malware as well as complete fakes designed to look like well-known news sources. Within these websites, Trojans can easily be masked as ‘required’ updates to a media player which can result in countless computers becoming infected with malware. While it’s difficult to prevent consumers from visiting these websites, we can do a better job of protecting those who do.”
Consumers more aware of phishing threats, but new attack methods dupe six times as many in just two years
In a similar RSA survey in 2007, one in three (38 percent) consumers reported they were aware of the threat of a phishing attack – and this figure doubled in two years(3) where three in four (76 percent) consumers have become aware. Additionally, in RSA’s 2010 survey, nine in ten consumers (89 percent) reported concerns caused by the threat of phishing.
Despite increased awareness, there have been a growing number of online users that have fallen victim to a phishing attack. In the 2007 RSA survey, only one in twenty (5 percent) consumers cited they had fallen victim to a phishing scam – and this rate increased six-times in 2009 to represent three in ten (29 percent) consumers. This increase can be attributed to more advanced communications tactics and greater sophistication such as improved writing and web design skills on the part of the fraudsters. Phishing attacks have also evolved in an attempt to exploit users in different ways and through a broader variety of methods including offshoots known as “vishing”, “smishing” and “spear phishing.”
The sheer volume of phishing attacks launched in recent months is also contributing to these trends. The RSA® Anti-Fraud Command Center recently reported(4) the highest-yet detected rates of phishing attacks between August and October 2009, as well as a 17 percent increase in the total number of attacks between 2008 and 2009.
An increase in consumer knowledge of online threats is further evident from the growth in the number of respondents that expressed awareness of Trojans. In 2007, 63 percent of consumers stated that they were aware of Trojans and in 2009 that figure climbed to 81 percent.
Consumers’ safety concerns translate to significant eagerness for better identity protection
Online banking continues to provide significant levels of convenience for consumers, with quick access to checking and savings accounts, the ability to pay bills automatically, transfer funds and perform other financial transactions. There is dramatic adoption of the use of social networks in which people use to form and nurture personal and professional relationships with each other. Finally, healthcare organizations as well as local, state and federal government agencies are bringing the power and convenience of online services to the consumer – offering access to personal healthcare records, driver’s license renewals and payment of tax bills.
The RSA survey revealed that consumers using online banking (86 percent) websites shared more concern with the theft of their personal information than those using healthcare portals (64 percent) and government websites (68 percent). As a result of these concerns, more than half of all consumers reported that they are less likely to share information and interact on these websites.
Consumers agreed that their identities should be better protected than a simple username and password on social networking (59 percent), healthcare (64 percent), government (70 percent) and online banking (80 percent) websites. Nine in ten consumers are willing to use a stronger form of security if offered.
Young continued, “Consumer education and awareness is one of the first lines of defense in the ongoing battle against online crime. Organizations will continue to take advantage of the many benefits offered by the Internet and consumers will seek the convenience offered online – all despite the inherent risks. In order to maximize the full value of what the online world can offer, organizations need to take a layered approach to Internet security in order to best protect their customers’ information.”
Survey Methodology
– Respondents totaled 4,539 consumers between the ages of 18 and 65
– Conducted in October 2009 by market research firm InfoSurv, Inc.
– Represented 22 countries across North America, South America, Europe and Asia Pacific
– All respondents actively use the Internet
Addendum
(1) “Less likely” = “somewhat less likely” + “much less likely”
(2) “Concerned” = “somewhat concerned” + “very concerned”
(3) The 2010 Global Online Consumer Security Survey was conducted in October 2009
(4) Source: RSA Monthly Online Fraud Report, November 2009
Source: EMC Corporation
Panda Security recognized with more than 20 prestigious awards in 2009
Company has received awards from governments, organizations and trade press for outstanding achievement in technology innovation, sales strategies and communications
As 2009 draws to a close, Panda Security, the Cloud Security Company, can look back on a series of awards and recognition from government institutions, organizations and the specialist press. Much of this acclaim recognizes the corporate strategy adopted by the company since 2008, the effort of the management team, and the innovative cloud-based security solutions launched by the company this year.
“In 2008, we made a commitment to change the direction of Panda Security’s strategy by growing the business and making a strong investment in international consolidation and expansion,” said Juan Santana, CEO of Panda Security. “Our success can be attributed to expanding our workforce by 10 percent this year while developing our technology using the talent within our company. We have also radically shifted the way in which we communicate with and relate to the market and our clients by being more transparent.”
Included below are some of the awards that the company and its solutions have received throughout 2009:
1. Juan Santana, Panda Security CEO, among the 25 Most Innovative Executives of 2009. CRN, USA
2. Panda Managed Office Protection: 20 Hot Security Products for SMBs. CRN, USA
3. Best PR Campaign in the USA: Sabre Excellence Award (Honorable Mention): Panda Security Emerges as a Resource during a Challenging Economy, USA
4. Panda Cloud Antivirus Beta: Best Tech of the Year, LAPTOP Ultimate Mobility, USA
5. Panda Cloud Antivirus: Editors’ Choice Award. PCMag.com, USA
6. Panda Cloud Antivirus: Excellent, 5/5 stars. Rosoft Download, USA
7. Panda Cloud Antivirus 5 Stars. Donwloads Cafe, USA
8. Panda GateDefender Integra: Recommended Product Seal. CRN, USA
9. Panda Security: Innovation Award. Revista Dirigentes. Spain
10. Panda Global Protection 2009: Best Software Solution. Byte, Spain
11. Panda GateDefender: Best IT Security Hardware. Comunicaciones Hoy, Spain
12. Retail range: Best Security Software Award. Muy Computer, Spain
13. Panda Global Protection 2010: Total Security. TCN, Spain
14. Panda Managed Office Protection: 5 Stars. PC World, Spain
15. Panda Cloud Antivirus: Editor’s Pick. Up to Down, Spain
16. Panda Internet Security 2010: Recommended Product Seal. IT Espresso, Spain
17. Panda Cloud Antivirus: 5-Star Rating. Soft Tester, UK
18. Panda Global Protection 2010: Editor’s Choice. Computer Magazine, Italy
19. Panda Antivirus for Netbooks: Gold Seal. PC Guia, Portugal
20. Panda Global Protection: Editor’s Choice. MikroPC, Finland
21. Panda Internet Security 2010: 5 Stars and Seal of Excellence. PC Security Labs, China
22. Panda Internet Security 2009: 5 Stars and Seal of Excellence. PC Security Labs, China
“The entire leadership team is truly proud of knowing that we have the right strategy in all areas and this is being recognized worldwide by the industry. I would like to thank all of them,” said Santana. “2010 presents itself as a welcome challenge for us to consolidate our position in the market as one of the primary global forces in the IT security sector.”
CA report: Fake security software, search engines and social networks 2009′s Top Internet Threats
CA “State of the Internet 2009″ Report Analyzes Top Internet Threats; Researchers Predict Online Threats for 2010
The latest State of the Internet 2009 report issued today by CA, Inc. states that the most notable 2009 online threats were rogue/fake security software, major search engines, social networks and Web 2.0 threats. The report, based on data compiled by CA’s Global Security Advisor researchers, compiles trends from the first half of 2009. CA security researchers also offer predictions for the top Internet threats for 2010, including an increase in “malvertising” and the potential for another big computer worm outbreak like Conficker.
“Cybercriminals have made a business out of conducting attacks on the most popular online destinations because they promise the highest payoff,” said Don DeBolt, director of threat research for CA’s Internet Security Business Unit. “Cybercriminals keep up with trends, major events, holidays, and the like, and focus on where they’ll get the biggest returns. Search engines, like Google and Yahoo, or social networking sites, like Twitter or Facebook, have the mass appeal to attract these criminals. In addition to Internet security software, the best weapon against today’s threats is education, so that consumers know what to look for when they are conducting activities online.”
CA researchers tracked the following trends in 2009:
– Rogue or Fake Security Software: Software that poses as legitimate Internet security software but is actually malware has experienced a significant surge in popularity. In the first half of 2009, CA added detection for 1,186 new variants of Rogue security software, which is a 40% increase compared to the last half of 2008.
– Search Index Poisoning: Google is a frequent target of online threats. Attackers employ sophisticated search engine optimizations to manipulate search engine rankings and poison users’ search results, which direct them to compromised Web sites that can cause malware infections.
– Social Networks/Web 2.0: Popular online communities, blogs and social media sites, such as YouTube, MySpace, Facebook and Twitter, are highly targeted. Financially motivated organized groups are among the aggressive attackers, creating hundreds of bogus profiles to perform various tasks, including distributing malware, spamming and stealing users’ online identities to perpetrate further cybercrime. Win32/Koobface is an example of a worm propagating through social networking sites. It uses the affected user’s login credentials to send messages to the user’s list of connected friends and family. In 2009, CA ISBU discovered more than 100 components and mutated strains belonging to the Win32/Koobface family.
– Identity Theft: Attacks targeting online credentials allowed attackers to distribute further cybercriminal activities, such as email address harvesting for Spam bots, sweeping FTP accounts for web infection and attributing to social network worm propagation, like Win32/Koobface. Stealing Trojans accounted for 23% of the most prevalent malware infections in 2009.
– Cybersquatting and typosquatting: Malicious Web sites that masquerade as legitimate, reputable sites deceive users into undertaking transactions or activities in which they divulge sensitive data.
– Mac OS X Threats: Security threats have come to the Mac. In 2009, CA ISBU has added 15 intelligent signatures detecting Mac OS X threats. The most prevalent being OSX/Jahlav.
“Malware doubled in 2009 and the ability to purchase bots and other malicious programs online is becoming more prevalent,” DeBolt continued. “It is a cat and mouse game. Cybercriminals are evolving along with the malware community and are constantly looking for new vulnerabilities to exploit, from online banking to search index poisoning.”
While spam and phishing scams are still on the rise, the breakdown for how malware was distributed in 2009 was dominated by the Internet at 78 percent, followed by email (via attachments or phishing) at 17 percent, and finally removable media (such as USB drives, digital photo frames, etc.) with 5 percent.
CA forward looking online security predictions for 2010:
1. Search engine optimization exploits and malicious advertising (Malvertising) will increase as a means to distribute Malware.
2. Another big computer worm like Conficker is likely. The increasing popularity of web-based applications and discovery of critical zero-day vulnerabilities, especially for new operating systems such as Windows 7 and Google Chrome, present good opportunities for a new worm outbreak.
3. Threats to Web 2.0 technologies such as social networks will continue to grow.
4. Denial-of-Service attacks will increase in popularity as a means to make a political statement. Popular websites like Twitter and Facebook are likely to fall victim once again.
5. Banking Trojans: These Trojans manifest as banking-related threats orchestrated to steal users’ identities for financial gain.
6. Malware actors will focus on the 64 bit and Apple platform.
The CA 2009 State of Internet Security report is intended to inform consumers and businesses of the newest and most dangerous Internet threats, forecast trends and provide practical advice for protection. The analysis provided is based on incident information from the CA Global Security Advisor team, submitted by CA customers and consumers from January to June 2009, as well as publicly available information. For the full CA 2009 State of Internet Security report, please visit www.ca.com/securityadvisor.
The CA Global Security Advisor Team delivers the around-the-clock, dependable security expertise, offering trusted security advice to the world for more than 16 years. Providing a complete threat management resource, CA’s Security Advisor Team is staffed by industry-leading researchers and skilled support professionals. CA Global Security Advisor is available at www.ca.com/securityadvisor. It offers free security alerts, RSS feeds, PC scans and a regular blog updated by the worldwide team of researchers. CA’s entire portfolio of threat-related products for home, small and medium businesses, and enterprises are updated and protected by the CA Global Security Advisor team.
Source: CA
McAfee and Phoenix Technologies to deliver a secured computing cloud for PC Notebook & Netbook users
Viruses, malicious attacks, malware and spyware meet new gatekeeper with combined technologies delivering unrivaled online and platform protection for consumers
McAfee, Inc., the world’s largest dedicated security technology company, and Phoenix Technologies Ltd., the leader in PC 3.0(TM) products, services and embedded technologies, announced their partnership to develop a product for HyperSpace(TM) — Phoenix’s groundbreaking instant-on computing environment for notebooks and netbooks. By combining technologies, McAfee and Phoenix plan to provide computer users revolutionary new levels of protection from viruses and targeted attacks as well as online malware and spyware intrusions.
HyperSpace, a Moblin-compliant, instant-on computing environment features applications that are certified by Phoenix to ensure the integrity of the computing environment. Contents of the hard drive remain walled off from the internet and are therefore protected. By teaming with McAfee, HyperSpace is achieving new levels of consumer internet security protection.
The explosion in Web 2.0 applications, including social networking sites with cloud-based applications and functionality, has created new vehicles for launching malicious attacks, according to McAfee’s “2009 Threat Predictions.” Including McAfee’s technology into HyperSpace means computer users will have additional protection from online threats.
“McAfee’s superior technology complements the device-level protection provided by HyperSpace by blocking attacks targeting the browser or network access,” said Brent Remai, vice president of consumer marketing at McAfee. “With the online threatscape constantly shifting, and computer users moving more and more of their activities and documents onto cloud-based systems, the combination of HyperSpace and McAfee represents a powerful security option available for computer users.”
“Security plays a key role in our PC 3.0(TM) strategy of providing software and services that make computing devices more user-friendly,” said Woody Hobbs, President and CEO of Phoenix Technologies. “Protection from malicious software and other forms of attack enhances the user experience. By itself, HyperSpace provides a secure computing environment for users to surf the Web, access applications and sensitive data and conduct financial and other transactions. Layering in McAfee’s best-in-class security technology provides additional tiers of vault-like protection for computer users that are unmatched in the industry.”
HyperSpace is designed to deliver significantly faster boot times, continuous, smart internet connectivity, extended battery life and new levels of security protection while online. With HyperSpace, users can begin searching the Web, send and receive email, use other Web-based applications and work in important productivity applications within seconds of turning on their computing device. Users also enjoy the benefits of up to two hours of extra battery life on their HyperSpace-enabled laptops and all-day computing on their netbooks and smartbooks. The HyperSpace platform also provides a unique computing environment that PC designers, software developers and content providers can utilize to create always-available, instant-on applications that bring new convenience, connectivity, uptime and security to users.
Source: Phoenix Technologies Ltd.