Wednesday, September 24, 2014

The size of cyber security does matter

“I was a little surprised to see that there were no significant signs of improvement." Marc Rogers, principal security researcher at mobile security firm Lookout, said that in an interview by Information Security Media Group, just after unveiling the new company's success.

We talk about it yesterday: Biometric systems have complex security problems to be solved. The biggest one is the possibility that an attacker gains the unlock pattern and prints an object with it to unlock any device. At the time, it happened with the iPhone 5S fingerprint reader, and has again occurred with iPhone 6 TouchID. The worst part is that in this new version it not only allows to unlock the device, but also to make purchases with Apple Pay and access personal health data.

Hazards affecting a significant percentage of society, such as visitors of JQuery official website, which is one of the technologies present in 30% of the current web pages. On September 18, such site was a victim of malware intended to collect user’s information, and could have infected anyone who visited it by taking advantage of some IE, Adobe Flash and Silverlight’s vulnerabilities. This technology is used by most webmasters, so the attack’s reach could indirectly affect many other pages, and even institutions and renowned companies.

Data theft and infection techniques can be used for different purposes. For instance, to exploit a vulnerability in default browser of all Android devices below its 4.4 version. such flaw allows any attacker to easily take control of several critical elements of the device, and may even install a suite of management tools for JavaScript botnets by only changing one byte to zero in a call to one of the many scripts from any corrupted web.

Malicious campaigns such as the one experienced by JQuery, or the potential infection through a vulnerability in the default browser of a mobile OS with 75% market share bring out the risk involved for a company’s information leakage. At Net-Security, they responded to this issue with a list of tips to minimize the risk of workers’ misuse (or victims infected by some type of malware) of confidential information.

However the enemy is not always intended to collect your data, but to block your services. BlackEnergy, one of the best known DDoS Trojans in the cybercrime world is back again. This time it is attacking government infrastructure and private companies in Poland, Ukraine and Belgium. The European Parliament and the European Commission are clear targets according to the researchers at ESET and F-Secure in charge of the investigation. As many others, it arrives through hyper segmented phishing campaigns, and infects victims with the objective to steal credentials to access the compromised network. Once inside, it wreaks havoc.

We’ll end up with a thought proposed by Ramón Pinuaga of Aeropago21. Does size matter in cyber war? This security consultant thinks it does but we must not look at the size of the organization, but at its digital potential. Hence we sometimes witness how alleged groups with few resources are capable of putting down international Goliaths that might have left security parked in their business strategy.

Whether we are on one side (users) or another (companies), to be informed of the latest news about the industry allows us to reduce the risk these days. So, thank you in advance for the social support you are showing here every day. Thank you very much. Stay tuned.

0 comments:

Post a Comment