Cybercriminal Tactics Are Changing: Symantec

Symantec yesterday released their latest Internet Security Threats Report with something that caught me off guard. There was a 58 percent increase in mobile threats occurred last year, with a third of those threats designed to steal information. These are threats that are aimed at smartphones and tablets. Not only that, social networks are becoming more of the launching pad for attacks, not to mention that targeted attacks, hacktivism, and data breaches are on the rise. Not good if you ask me. I strongly suggest that you give this a read if you have a business or support users in a business from a IT security perspective.

Now on the mobile front, I’ll mention this: Symantec announced an update to their Mobile Management Suite that provides some protection from the mobile related threats. Updates include:

• a secure email client for both iOS and Android platforms
• single sign-on across wrapped apps to improve authentication process and security
• SSL policing and URL whitelisting for secure app connections

More details can be found in this blog post. Businesses who have mobile devices deployed, should take a look at this.

 

 

Symantec Has Further Analysis On South Korean Cyberattacks

You might remember a story that I posted about Symantec’s analysis of recent cyber-attacks on South Korea. Here’s an update for you. Symantec previously identified a particular backdoor (Backdoor.Prioxer) that surfaced during another major attack against South Korea in 2011.  A modified version of this backdoor was also discovered during the attacks taking place this year. There are indications that the same individuals are responsible for the 2011 and 2013 versions, pointing towards a possible connection between the two attacks.

Further analysis indicates these threats are the work of only one group. It seems unlikely that an independent hacktivist is behind these attacks. There are implications that someone has either paid or been ordered to perform these attacks, either as a contractor or as an employee of some sort.

Further details can be found here. It’s a very interesting read.

Symantec Analysis On Malware Affecting South Korea

You might have heard the news that South Korea was hacked with banks and TV broadcasters being the targets. Symantec has done an analysis of the marware being used in these attacks and here’s what they came up with:

• Symantec detects the malware as Trojan.Jokra.
• The malware wipes the hard disks of infected computers and send them into a reboot, rendering them unusable.
• The malware attempts to perform the same wiping actions on any drives attached or mapped to the compromised computer.
• While there are currently no indications of the source of this attack or the motivations behind it, it may be part of either a clandestine attack or the work of nationalistic hacktivists taking issues into their own hands.

Now North Korea is thought to be the source of these attacks, but who knows if that’s the case or not. If you want to read the details, check out the full article here.

E-mail Marware Down. V-Day Spam Up…. Symantec

This month’s Symantec Intelligence Report has a few interesting things.

First they find that the email malware rate has dropped significantly since December, where only one in 400 emails containing a virus in January. This is the lowest virus rate they’ve seen since 2009. It could indicate that email virus distributors took a break after the holiday season, or that they have continued to migrate away from email as a choice for malicious payload delivery.

Second, Valentine’s Day spam is in full swing. Such spam generally arrives as an ecard during this time of year, preying upon a potential victim’s curiosity about a potential secret admirer—a situation where a legitimate email would likely arrive unsolicited in the first place. Unfortunately many such emails around this time of year do not lead to unexpected romance, but rather fake bargains, phishing attempts, or malicious code.More details on these scams can be found here [Warning: PDF].

Finally, Symantec and Microsoft partnered to take down a notorious botnet: Bamital. The primary purpose of this botnet has been to generate ad revenue by hijacking search engine results, redirecting them to a C&C server hosting ads of the attacker’s choosing. Symantec has been tracking this botnet since 2009, and has successfully shut down the all known components of used to operate the botnet. Security Response has released a whitepaper, providing a detailed overview of the botnet, which is available for download here [Warning: PDF].

The Symantec Intelligence Report [Warning: PDF] is now online for your viewing pleasure.

The US Dominates Spam, Phishing, And Virus Attacks: Symantec

Symantec has released its December 2012 Intelligence Report. The report finds that in December, the United States claimed the dubious honor of being the largest source of spam at 12.7%, phishing scams at 24.2%, and virus attachments at 40.9% globally. That’s a shock to me and I’m sure it’s a shock to you as well.

Speaking of spam, the Sex/Dating category dominated global spam traffic, making up a whopping 82.6% of all spam traffic. This category often takes the top spot, beating out pharmaceutical spam, but the margin rarely is this large.

You can find the report here (Warning: PDF) and it is truly worth a read.

Symantec Details What Types Of Information Is Stolen During A Data Breach

One of the reasons I post the Symantec Intelligence Report is that it contains information that individuals and businesses need to know about securing their IT environments. This month is no different. The topic is data breaches and rather than look at the data breach trends (the nature of the breaches) the report focuses on the types of data stolen during a breach. And as it turns out the most commonly stolen information is often much more personal that people might first expect.

The report also examines the inevitable increase in holiday-related spam, both the frequency and size of spam messages.

Take a look at the report here [Warning: PDF] for more details.

Symantec Has Tips To Keep Your Website Safe

We’ve seen plenty of tips targeting consumers to help them shop safely online this holiday season, but Symantec believes businesses of all sizes need to consider their part in ensuring their website is safe for customers. Transferring malware or handing over a customer’s financial data to a cyber criminal gang is no way to build repeat business. In fact, 61% of malicious sites are just regular websites that have been compromised in some way. Below is some great advice from Symantec on how to prevent the bad guys from ruining the holidays:

Norton releases latest version of Norton Mobile Security

The next frontier in computer security happens to be smartphones. These devices can be stolen which can put you at risk because of the information that people often have on their phone. Norton can help you with that with their latest version of Norton Mobile Security. The key features are:

• Multi-Device, Multi-Platform Support – Now protects a consumer’s multiple devices, including Android smartphones and tablets, as well as iPhones and iPads

• Contacts Backup & Restore – Saves contacts from a user’s Android or iOS device so that they can be easily restored if lost or deleted. Contacts can also be restored across devices

• Web-Based Management – Lets consumers control the security of their devices with simplicity and ease, from one convenient place on the Web

• “Scream” Alarm – Sets off an audible alarm so consumers can quickly find their missing Android mobile device

• Remote Locate – Pinpoints a lost or stolen device on a map so users can find it fast

Norton Mobile Security has an MSRP of $29.99 and is available for purchase via various retailers, the Norton online store or Google Play. In addition, Norton 360 Multi-Device and Norton One will be updated with the features in the latest release of Norton Mobile Security. Norton customers with a valid product subscription are eligible to receive the latest product updates via the subscription service model. For more information, visit the Norton Update center at http://updatecenter.norton.com. Consumers can visit mobilesecurity.norton.com to learn more and try Norton Mobile Security Lite for free.

 

Spam Is Down, But New Threats Exist: Symantec

One of the things that I love bringing to you is the Symantec Intelligence Report as it gives you a heads up on what you have to look out for when you surf the Internet.

The the first thing that the report mentions is that there has been a more than 10% drop in the global spam rate (down from 75% of email traffic in September, down to 64.8% in October), and it examines some of the possible reasons for the sudden drop. I have to admit that if spam is down, I haven’t seen that drop in my spam filter.

The next thing it looks at is a new social networking scam that leverages Instagram to gather personal details and get users to sign up for premium-rate mobile services, among other things. This is something that can cost you a pile of cash so this is something that you need to be aware of. Finally it looks at the evolution of Ransomware. Again, something you need to be aware of.

The full report is here [Warning: PDF] for your review.

Threat To Android Users Combined With Hacker Controlled Websites Equals Trouble: Symantec

Reading the Symantec Intelligence Reports every month really opens my eyes. The September report (Warning: PDF) is no different. It highlights a PHP-based tool in particular that is often used to control and manipulate the configuration of these Web servers. The tool can run arbitrary PHP code, brute force file transfer and database accounts, and even allows quick access to Web server configuration files so that the attacker can edit them in order to suit their malicious needs. That’s trouble for anyone who surfs to that website. It also highlights a threat to Android users in the form of an app that attempts to trick the user into thinking that they can charge their device with nothing but the rays of the sun. The only problem is, Android devices do not contain solar panels. Again, that’s trouble as this app steals sensitive information from the user.

Bottom line. You should read and be aware of what’s lurking out there and protect yourself accordingly.