Security: An absolute necessity

Many a shiver is also caused by the multiple threats to IT security that abound these days. More than 8,000 new vulnerabilities were documented in 2010, a 27 percent rise from 2009.

 

Calling for help when a cyber attack has been made could just be too late. In this all too brief article we are looking at some of the threats that users should be aware of. And be sure that you take appropriate steps, what we call....

 

Counter Insurgency Measures

 

  • Monitor unusual activities
  • Run regular security checks
  • Change passwords regularly
  • Encourage a security culture in your organisation
  • Use the services of a reputable supplier such as Support Tree, who have access to the latest security monitoring tools.

 

Hacker Types


According to CSO www.csoonline.com there are seven types of hacker to watch out for.

Malicious hacker No. 1: Cyber criminals
Professional criminals comprise the biggest group of malicious hackers, using malware and exploits to steal money. Manipulating your bank account, using your credit card numbers, faking antivirus programs, or stealing your identity or passwords.

 

Malicious hacker No. 2: Spammers and adware spreaders
Purveyors of spam and adware make their money through illegal advertising, either getting paid by a legitimate company for pushing business their way or by selling their own products.

 

Malicious hacker No. 3: Advanced persistent threat (APT) agents
Intruders engaging in APT-style attacks represent well-organized, well-funded groups - often located in a “safe harbour” country - and they’re out to steal a company’s intellectual property. They aren’t out for quick financial gain like cyber criminals; they’re in it for the long haul. Their dream assignment is to essentially duplicate their victim’s best ideas and products in their own homeland, or to sell the information they’ve purloined to the highest bidder.

 

Malicious hacker No. 4: Corporate spies
Corporate spies are usually interested in a particular piece of intellectual property or competitive information.

 

Malicious hacker No. 5: Hacktivists
Lots of hackers are motivated by political, religious, environmental, or other personal beliefs. They are usually content with embarrassing their opponents or defacing their websites.

 

Malicious hacker No. 6: Cyber warriors
Cyber warfare is a city-state against city-state exploitation with an endgame objective of disabling an opponent’s military capability. Participants may operate as APT or corporate spies at times, but everything they learn is geared toward a specific military objective.

 

Malicious hacker No. 7: Rogue hackers
There are hundreds of thousands of hackers who simply want to prove their skills, brag to friends, and are thrilled to engage in unauthorized activities. These are the petty criminals of the cyber world. They’re a nuisance, but they aren’t about to disrupt the Internet and business as we know it - unlike members of the other groups.

 

Gone Phishing!

 

The IBM InfoSphere Guardium eNewsletter of April 2011 gave a scary example of an APT attack.

Security threat

The attacker sent two different phishing emails over a two-day period. The two emails were sent to two small groups of employees; you wouldn’t consider these users particularly high profile or high value targets. The email subject line read “2011 Recruitment Plan.”

 

The email was crafted well enough to trick one of the employees to open the attached excel file. It was a spreadsheet titled “2011 Recruitment plan.xls." The spreadsheet contained a zero-day exploit that installs a backdoor through an Adobe Flash vulnerability (CVE-2011-0609).

 

The attackers used a sophisticated combination of methods - including phishing, zero-day vulnerabilities, back-doors and data exfiltration - to steal confidential data.

 

Fact Sheet: Cyber Crimes

 

According to the IBM X-Force® 2010 Trend and Risk Report:

 

  • Cyber crimes are far more costly than taking steps to protect an environment before the crime is committed.
  • Web App vulnerabilities continue to be the largest category of security breaches (49%).
  • Cyber crimes are pervasively intrusive and increasingly common occurrences.
  • The most costly cyber crimes are those caused by Web attacks and malicious insiders.
  • At onset, rapid resolution is the key to reducing costs.
  • Loss of information due to theft represents the highest external cost, followed by the costs associated with the disruption to business operations.
  • Detection of and recovery from incidents and breaches are the most costly internal activities.
  • All industries are susceptible to cyber crime.
  • Microsoft
  • Dell
  • Postini - Email Security