Sponsor

2013/12/03

| 12.03.13 | Cybercriminals use compromised digital certificates to hide malware

If you are unable to see the message below, click here to view.

Editor's Corner:
US firms and the continuing battle against Chinese cyberespionage

What's New:
1. Cybercriminals increasingly using compromised digital certificates to camouflage malware
2. D-Link plugs backdoor hole in routers
3. Passwords aren't so bad, say security practitioners
4. BYOD, IoT among security risks to enterprises next year, says ISF
5. Felix Natal uses website redirection to steal financial data, warns McAfee

Spotlight:
Akamai inks deal to buy Prolexic for $370M

Also Noted:
Atrax crimeware kit; Facebook's red team; Much more...

News From The Fierce Network:
1. Using hackathons to harvest enterprise apps
2. Mobile fuels record online sales for Cyber Monday
3. BlackBerry could benefit from NSA snooping

FierceITSecurity

December 3, 2013

Subscribe | Website
Refer FierceITSecurity to a Colleague

Follow @fierceitsec on Twitter


Editor's Corner

US firms and the continuing battle against Chinese cyberespionage

By Fred Donovan Comment | Forward | Twitter | Facebook | LinkedIn

In this Editor's Corner, I want to take a deeper dive into the 2013 annual report from the U.S.-China Economic and Security Review Commission, particularly the threat posed by Chinese cyberespionage to U.S. firms.

The report warns that Chinese cyberespionage poses a "serious threat to U.S. business interests and competitiveness in key industries."

The commission cited a Mandiant study, which found that a unit of the Chinese army known as Unit 61398 has hacked into the networks of at least 141 organizations, 81 percent of which are either located in the United States or have U.S.-based headquarters.

The Chinese army unit, which is part of the Chinese General Staff Department's Third Department, has been able to steal technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, emails and content lists.

In addition to the work of Unit 61398, the Third Department has another 11 operational bureaus, three research institutes, 4 operations centers and 16 technical reconnaissance bureaus.

A study by the IP Commission cited in the annual report estimated that U.S. intellectual property theft totals around $300 billion per year, with 50 percent to 80 percent of that theft originating in China.

Chinese cloud computing risk

In a study conducted by the Defense Group Inc. on behalf of the U.S.-China commission, DGI warned about security risks from using cloud computing located in China, particularly the Chongqing Special Cloud Computing Zone, which has ties with China's Ministry of State Security.

"The agency's connection to this cloud computing zone represents a potential espionage threat to foreign companies that might use cloud computing services provided from the zone or base operations there," the report notes.

In addition, Microsoft licensed Chinese data center services provider 21Vianet to provide cloud-based Office 365 and Windows Azure to Chinese customers. Redmond plans to link 21Vianet's data centers in China to its data centers around the world, and to allow Windows Azure users outside China to store their data in the Chinese data centers.

Chinese law authorizes the government to "inspect" electronic communication equipment and installations of enterprises operating in China. "Chinese government accesses 21Vianet's data centers, it might then potentially connect to foreign data centers through the network Microsoft is planning. DGI states, 'This risk can be mitigated by designing the network with appropriate data segregation and limits on network administrator privileges'," the report cautions.

In addition, telecom equipment providers Huawei and ZTE continue to be a concern of U.S. security experts. The House Intelligence Committee warned in a 2012 report that there was evidence the two firms provided assistance to the Chinese government in conducting industrial espionage, a charge the firms and the government vehemently deny.

In July of this year, retired General Michael Hayden, former director of the Central Intelligence Agency and the National Security Agency, told the Australian Financial Review that "at a minimum, Huawei would have shared with the Chinese state intimate and extensive knowledge of the foreign telecommunications systems it is involved with. I think that goes without saying.''

In September, U.S. Customs and Border Protection concluded that a videoconferencing system made by ZTE and Prescient, a division of U.S.-based CyberPoint, should be considered a Chinese product, because ''the Chinese-origin Video Board and the Filter Board impart the essential character to the video teleconferencing server.'' As a result, the General Services Administration took the system off the list of products U.S. agencies can purchase.

The commission report concludes that the Chinese government is "directing and executing a large-scale cyber espionage campaign against the United States and to data has successfully targeted the networks of U.S. government and private organizations, including those of DoD [Department of Defense] and private firms."

The report warns that China's efforts in this campaign have not abated, despite recent public exposure of the campaign by a number of private and government studies. Based on these findings, IT security professionals should consider carefully the risks of signing deals with Chinese telecom or cloud service providers. - Fred

Read more about: cloud computing

Marketplace

> IT Made Easy with ManageEngine ServiceDesk Plus
> Whitepaper: Embracing Trends and Technologies: Change is in Your Hands
> eBook: Using Data Visualizations to Drive Business Decisions

What's New

1. Cybercriminals increasingly using compromised digital certificates to camouflage malware

By Fred Donovan Comment | Forward | Twitter | Facebook | LinkedIn

Cybercriminals are increasingly employing compromised digital certificates to camouflage malware, warns McAfee Labs' third quarter security report.

"Security industry leaders have long predicted that it would only be a matter of time before cybercriminals would use compromised certificates at scale to camouflage large numbers of malware. McAfee Labs' third quarter report suggests that we could, in fact, be approaching that state of 'at scale' signed malware," warns Mike Fey, McAfee's worldwide chief technology officer, in a blog.

The commoditization of the certificate authority market has provided the environment for CAs that are not as concerned about the legitimacy of their customers and have not taken adequate steps to safeguard the reputation of their certificates. In addition, retailer relationships make verification and validation of top root CAs difficult, explains Fey.

"If we cannot rely on digital signatures, IT executives need to become more reliant on an ability to detect known malware and evaluate what unknown code is capable of accomplishing if it executes," says Fey. "If we cannot rely upon digital signatures, security-responsible business executives will need to become even more savvy about what their organizations need to protect," he adds.

In a move to combat compromised certificates, Google announced that it would limit the term of digital certificates to five years beginning in the first quarter of 2014.

A survey earlier this year of 2,300 enterprises found that more than half of them did not know how many encryption keys and digital certificates they had in use in their organization. Large enterprises are projected to lose $35 million over the next 24 months due to compromised keys and certificates, based on a total possible cost exposure of $398 million per enterprise, according to the survey conducted by the Ponemon Institute on behalf of security firm Venafi.

For more:
- read Fey's blog
- check out the Ponemon-Venafi survey

Related Articles:
Google to limit digital certificates to 5 years
Emergency Alert System vulnerable to hijacking, warns IOActive

Read more about: malware
back to top


2. D-Link plugs backdoor hole in routers

By Fred Donovan Comment | Forward | Twitter | Facebook | LinkedIn

D-Link has released updates to plug backdoor holes in older versions of its router, security researcher Brian Krebs is reporting.

As reported by FierceITSecurity in October, security researcher Craig Heffner identified the security hole in firmware used by D-Link's routers. The vulnerability could enable an attacker to alter device settings and gain control of the router remotely.

Heffner worked with D-Link to come up with a fix for the problem. Some security updates were released in October, while others were released at the end of last month.

According to Krebs, security updates were issued on Nov. 28 for the following routers: DI-524, DI-524UP, DIR-100, DIR-120, DI-604UP, DI-604+, DI-624S  and TM-G5240.

"Updating an Internet router can be tricky, and doing so demands careful attention; an errant click or failure to follow closely the installation/updating instructions can turn a router into an oversized paperweight in no time. Normally when it comes to upgrading router firmware, I tend to steer people away from the manufacturer's firmware toward alternative, open source alternatives, such as DD-WRT or Tomato," cautions Krebs.

Unfortunately, the D-Link routers listed are not compatible with DD-WRT or Tomato, and do not support more secure wireless encryption protocols. Krebs recommends owners of the affected D-Link routers update to a new device.

For more:
- read Krebs' blog
- check out the D-Link security advisory

Related Articles:
D-Link routers have backdoor
Multiple security holes found in yet another D-Link router

Read more about: Brian Krebs
back to top


3. Passwords aren't so bad, say security practitioners

By Fred Donovan Comment | Forward | Twitter | Facebook | LinkedIn

Despite being much maligned, passwords can be a useful security tool if bolstered by two-factor authentication, according to a survey of 428 security practitioners conducted by security firm Authentify.

Close to three-fourths of respondents said they thought passwords would continue to be used for security, while only 2 percent said they favored doing away with passwords.

Around 41 percent said they favored implementing two-factor authentication to strengthen the security of passwords. Close to two-thirds favored a voice call or secure message to the user's mobile device instead of challenge questions as the second authentication factor.

Authentify surveyed security professionals in the financial services, corporate information security and health insurance industries. "I was surprised that there was very little difference between the security professionals in financial services and those in corporate information security. I expected more of an anticipated shift away from passwords in financial services," says John Zurawski, vice president of marketing for Authentify.

The survey found that security professionals from smaller financial firms were more likely to favor continued use of passwords than those from larger financial institutions.

"I suspect that the tendency to continue to rely on passwords as a primary authentication technique is driven by the user community.  At smaller, less urban institutions, the customers may be less technically savvy, and the banking staff may know the customers and their habits much better than at a larger multi-national," adds Zurawski.

For more:
- see Authentify's release

Related Articles:
Computer geeks are better at passwords than business types
Smartphone security concerns prompt makers to turn to biometrics

Read more about: password
back to top


4. BYOD, IoT among security risks to enterprises next year, says ISF

By Fred Donovan Comment | Forward | Twitter | Facebook | LinkedIn

The top six information security threats in 2014 are BYOD, data privacy in the cloud, brand reputational damage, privacy and regulation, cybercrime and the Internet of Things, according to the non-profit Information Security Forum.

The forum warned that the individual threats are not "mutually exclusive" and could combine to create greater threat profiles.

"As we move into 2014, attacks will continue to become more innovative and sophisticated. Unfortunately, while organizations are developing new security mechanisms, cybercriminals are cultivating new techniques to circumvent them. Businesses of all sizes must prepare for the unknown so they have the flexibility to withstand unexpected, high impact security events," says Steve Durbin, global vice president of the ISF.

Two threats in particular should be of concern to enterprises: BYOD and the Internet of Things.

BYOD risks come from both internal and external sources, such as device mismanagement, external attacks on software holes and use of insecure business apps. "Keep in mind that if implemented poorly, a personal device strategy in the workplace could face accidental disclosures due to loss of boundary between work and personal data and more business information being held in unprotected manner on consumer devices," ISF observes.

In addition, the explosion in the number of connected machines--the Internet of Things--is opening up enterprises to security risks.

"The security threats of the IoT are broad and potentially devastating and organizations must ensure that technology for both consumers and companies adhere to high standards of safety and security," ISF notes.

Durbin concludes: "By adopting a realistic, broad-based, collaborative approach to cyber security and resilience, government departments, regulators, senior business managers and information security professionals will be better able to understand the true nature of cyber threats and respond quickly, and appropriately."

For more:
- read the ISF release

Related Articles:
Proactive security will be watchword for enterprises next year
A majority of IT pros are frustrated with their current BYOD security product, survey says

Read more about: cybercrime
back to top


5. Felix Natal uses website redirection to steal financial data, warns McAfee

By Fred Donovan Comment | Forward | Twitter | Facebook | LinkedIn

Malicious proxy automatic configuration files are being used by cybercriminals to redirect web traffic destined for financial firms to malicious proxy servers, warns Martin Lee, technical lead for threat intelligence at Cisco's Security Intelligence Operations, in a blog.

IT departments use PAC files to update browser settings to enable web traffic to pass thorough corporate gateways. But cybercriminals are exploiting PAC files "to intercept and modify traffic to and from websites for financial gain," writes Lee.

The latest example is the happily named Feliz Natal, which means Merry Christmas in Portuguese. The phrase is used to encode the IP address of the malicious proxy server. The targets appear to be individuals attempting to visit websites of financial firms, explains Lee.

"When downloaded the PAC file modifies the browser settings to redirect any request to one of the listed domains to the specified proxy server, 199.188.72.87," Lee writes. The listed domains include hotmail.com, americanexpress.com, banconordests.gov.br and paypal.com.br.

"The proxy may act to impersonate the requested website, or may conduct a man-in-the-middle attack to intercept communications between the victim and the intended website. Given that the majority of the domains listed in the file are those of financial organisations, it's likely that the individuals behind this attack are seeking to gain access to financial details," Lee surmises.

"Network filtering solutions such as the WSA [Web Security Appliance] appliance based or the cloud based CWS [Cisco Web Security] can block web connections to malicious proxy servers to prevent information loss of information and the facilitation of unauthorised access to financial services," Lee concludes.

For more:
- see Lee's blog

Related Articles:
Security researchers slam LinkedIn's Intro messaging app
Botnet of mobile devices used for first time to distribute Trojan

Read more about: cisco
back to top


Also Noted

TODAY'S SPOTLIGHT... Akamai inks deal to buy Prolexic for $370M

Akamai has agreed to buy Prolexic, a Hollywood, Fla.-based provider of distributed denial of service attack mitigation, for $370 million. Prolexic offers a cloud-based security product to protect data centers and enterprise IP applications from DDoS attacks. "By joining forces with Prolexic, we intend to combine Akamai's leading security and performance platform with Prolexic's highly regarded DDoS mitigation solutions for data center and enterprise applications protection. We believe that Prolexic's solutions and team will help us achieve our goal of making the Internet fast, reliable, and secure," explains Tom Leighton, CEO of Akamai. Read more

> New Atrax crimeware kit taps Tor for stealth. Article (Infosecurity Magazine)
> Incident response lessons from Facebook's red team exercises. Article (TechTarget)
> Scientist-developed malware covertly jumps air gaps using inaudible sound. Article (Ars Technica)
> Big data faces big challenges with encryption. Article (Security Week)
> Simple but effective point-of-sale skimmer. Blog (KrebsonSecurity)

And Finally… The trouble with Apple's fingerprint reader. Article (Wired)

Marketplace

> IT Made Easy with ManageEngine ServiceDesk Plus

ManageEngine ServiceDesk Plus is an ITIL-Ready Help Desk Software with integrated asset and project management. True to our tagline, "IT Made Easy", ServiceDesk Plus wins hands down when it comes to ease of use, out of the box settings and integration. Visit http://www.servicedeskplus.com/ to check out the list of features that come at just $995 and to download a 30-Day Free Trial!

> Whitepaper: Embracing Trends and Technologies: Change is in Your Hands

In this whitepaper learn about these three key trends and technologies, how to be successful in the introduction of new IT services and how to embrace best practices for change adoption to facilitate simplified, reliable and cost-effective implementations. Learn More

> eBook: Using Data Visualizations to Drive Business Decisions

Big data visualizations are undeniably valuable. They can quickly relay important information for decision making, surpassing the capabilities of their traditional counterparts. Find out how key decision makers are using this information. Download this eBook today.


©2013 FierceMarkets This email was sent to ignoble.experiment@arconati.us as part of the FierceITSecurity email list which is administered by FierceMarkets, 1900 L Street NW, Suite 400, Washington, DC 20036, (202) 628-8778.
Refer FierceITSecurity to a Colleague

Contact Us

Editor: Fred Donovan. VP sales and business development: Jack Fordi. Publisher: Ron Lichtinger.

Advertise

General advertising: Jack Fordi. Press releases: Fred Donovan. Request a media kit.

Email Management

Manage your subscription

Change your email address

Unsubscribe from FierceITSecurity

No comments:

Post a Comment

Keep a civil tongue.

Label Cloud

Technology (1464) News (793) Military (646) Microsoft (542) Business (487) Software (394) Developer (382) Music (360) Books (357) Audio (316) Government (308) Security (300) Love (262) Apple (242) Storage (236) Dungeons and Dragons (228) Funny (209) Google (194) Cooking (187) Yahoo (186) Mobile (179) Adobe (177) Wishlist (159) AMD (155) Education (151) Drugs (145) Astrology (139) Local (137) Art (134) Investing (127) Shopping (124) Hardware (120) Movies (119) Sports (109) Neatorama (94) Blogger (93) Christian (67) Mozilla (61) Dictionary (59) Science (59) Entertainment (50) Jewelry (50) Pharmacy (50) Weather (48) Video Games (44) Television (36) VoIP (25) meta (23) Holidays (14)

Popular Posts (Last 7 Days)