Cyber's the name of the game . . .

In recent years businesses the world over have experienced the definitive influx of cybercrime – everything from malicious network attacks to data theft.  Not only does the Internet provide a new backdrop for a new breed of criminal, but it also simplifies the process of these criminals finding one another and converging their interests and skills.  According to John Lynch, deputy chief for the Department of Justice Computer Crime and Intellectual Property Section, there is an ever growing online market for malicious specialties. Analogous to the way one could find a legitimate job on a site like Craigslist or LinkedIn, cybercriminals are founding their own social networking sites and getting connected with other likeminded individuals.  

And these new coalitions of cybercriminals have a lot to work with . . .

Last year, the IBM Internet Security System X-Force research and development team discovered a total of 7,247 Internet security vulnerabilities, that 88.4% of said vulnerabilities could be exploited remotely through a common web browser, and an even scarier 50.6% would grant a hacker the ability to gain control over the host. The most common vulnerability exploitations are spamming and phishing attacks, and according to IBM, U.S. businesses are the most targeted organizations of phishing emails, accounting for 71.4% of all cases.       

Fortunately, Internet security leaders have been investigating the malicious dealings of these new cybercriminals, and thanks to their diligent work we now know who they are, what they're after, how they operate, and how to best protect our networks from attack.       

Who they are 

As addressed in last month’s “Beware the Scareware,” cybercriminals are no longer thrill seeking  hackers but rather experts in their field. They are highly skilled developers and engineers meeting each other online in chat rooms devoted to cybercrime.

The cybercriminals of 2010 are now also “organized,” although IBM program manager Peter Allor would say that they are more like confederations of cybercriminals, moving around from project to project as opposed to permanently organized forces. These confederations have well rehearsed methods that tend to wreak less initial havoc than the work of an anarchist hacker. As they are professionals in their field, they understand the importance of anonymity, and their undetected entrance grants them additional time to cause far more long term damage to your system.

What makes it all the harder to detect these confederations is the fact that their servers and websites are all underground. Often the servers are in other countries where laws are more lax and the websites are protected via passwords or accessed through encrypted channels. What's more, cybercriminals use nicknames which allow them to maneuver online with anonymity, so when one of their sites are detected and shut down they can simply create a new one as their identities are never caught and reprimanded only their sites. According to Allor, a malicious site can move over 40 times in the course of six weeks.  

Even more confounding is the fact that these confederations continue to shift about; no group of cybercriminals ever seems to stay together for more than one project. Only a handful of constants sit at the top of each crime confederation; they recruit others, set up and control the malicious websites, and control or lease the botnets.  The rest of the players are small time mules, performing a lot of the dirty work of the masterminds for a small cut. Confederations are hard to shut down due to this structure.  With the masterminds on top recruiting mules to do the bulk of the dangerous work, mules are the ones typically getting busted. When mules are caught, they are completely cut loose from the confederation; the higher ups allow them to become scapegoats and the mules have no idea who the higher ups even are so they can't offer up names when caught.

What they're after

As with any other mode of organized crime, cybercriminals are after money. Below are 8 specifics cybercriminals are after for profit.  

1.       Authentication credentials - so as to access your system without malware

2.       Money laundering - from illegal and semi-legal activities such as drugs and prostitution

3.       Extortion schemes -  breaching the defenses of a particular site to then blackmail the proprietors with the threat of denial of service attacks

4.       Business information – to accumulate and sell online

5.       Personal information – anything from social security numbers to credit card information

6.       Bandwidth – tapping into your bandwidth for their own personal use, affecting your network’s performance

7.       Exploit codes, backdoor data, and other entry material – any way to hack into your network

8.       Selling their own tools to other would be cybercriminals   

Their strategy

The higher ups typically follow a 10 step plan that has been addressed by Tracy Mayor of Pragmatix.  

1.       The cybercriminal launches multiple, high-volume spam and phishing emails, directing recipients to phony websites

2.       The malicious site installs a downloader onto the user’s PC via browser vulnerabilities

3.       The downloader installs keystroke loggers, backdoor root kits, botnet agents, and other malicious software all designed to capture valuable personal data

4.       The malware installed on the user’s PC then turns the PC into a botnet or the cybercriminal uses a “work from home” spam scam to recruit mules.  

5.       The stolen data is used to access bank accounts and transfer funds into mule accounts

6.       Mules convert the remainder of funds into electronic checks

7.       The checks are deposited into overseas holding accounts

8.       The money is used to buy vast quantities of hard to trace easy to use gift cards

9.       A different set of mules purchase goods with the gift cards at one large retailer

10.   These goods are returned for cash at another branch  

How to protect yourself

The only way to go about protecting your network and valuable data is to adopt a holistic approach to security: harden your network, defend your perimeter from all possible external threats, layer your internal security, continue with your email and web content filtering, and adopt data encryption.

The best thing to do is to hire a professional managed service provider for their expert analysis of your specific needs and threats, their opinions and their products and services. Bryley Systems has been in the business for over 23 years. If you have any questions or concerns regarding cybercriminal confederations or the safety of your network please feel free to contact us today.

Want to learn more?

Contact Bryley today!

Call 888.280.5799

Email Sales@Bryley.com

Visit www.Bryley.com  

Resources

Pragmatix – www.pragmatix.com “Cyber: Criminals get organized” written by Tracy Mayor

IBM ISS X-Force Report, Executive Brief – www.iss.net/documents/whitepapers/X_Force_Exec_Brief.pdf

U.S. Department of Justice Computer Crime & Intellectual Property Section – www.cybercrime.gov

ChannelWeb came out with a list of the 10 most dangerous legitimate websites to date. As discussed in the previous articles of this month’s newsletter, legitimate sites are now the preferred targets of today’s hackers as they are far more lucrative than the commonly acknowledged dubious sites.

So, without further adieu, here are the 10 sites to be weary of:

1.       Facebook             

With almost 500 million users, Facebook is the ultimate target for cybercriminals. Ever since the Koobface of 2008 (an anagram for Facebook and a virus that is very much alive and thriving today), Facebook has experienced an escalation of attacks. Beware of fraudulent profiles and Facebook log-in pages as they are phishing Malware attacks.

2.       Twitter

Coming in behind Facebook in social networking popularity, Twitter is another favored target for hackers. The most common of Twitter attacks is an infected URL which will download Malware onto the unsuspecting user’s computer. And just like Facebook, Twitter has also been the victim of phishing attacks, prompting users to sign in on a counterfeit log-in page or to click a malicious link in a phony profile.  

3.       Google

As the most popular site on the Internet, Google is constantly under attack. The most popular of these assaults are search engine poisoning techniques to get malicious sites to appear at the top of the search rankings as traditionally users will trust and click on those sites listed first. Gmail is also a victim of phishing scams.

4.       URL Shortening Sites

Thanks to Twitter and its 140 character limit per Tweet URL shortening sites such as TinyURL and Bit.ly have been increasing in popularity, both with legitimate users and hackers. Not only are these sites being targeted by Malware attackers, but the shortened URLs are also a new vehicle for infection as well.

5.       YouTube

For a long time now hackers have been enticing users of YouTube to download malicious content. The most popular way to do this is to hijack an email or social networking account and to then send the infected video codec to all of the victim’s contacts, creating a sense of legitimacy.

Tune in next month for Part 2 of this list!

Today businesses small and large alike rely heavily upon the Internet to conduct, well, business. It is very important for the productivity and security of your organization that you safeguard yourself while surfing the net. Malware is a real threat today, designed to steal your personal information and use your machine to spread spam and malware without your knowledge.  You might think you know how to do this, that web safety is nothing but commonsense but the truth is malware is a lot more sophisticated today and harder to detect. Here are 5 tips to help you safely surf the net for business.

(non) FACT # 1: My business is safe because we have never been infected by malware

The problem with malware is that you could be infected and be completely unaware. Today’s more sophisticated malware may now be downloaded onto your computer through the web without your consent: either by simply downloading without any required user action or by disguising itself as something else.  

(non) FACT # 2: I have complete control over business web usage

If you do not have a web filtering device for your business, then you cannot possibly have any idea what your employees are doing on the internet.  More than 40% of business internet use is unchecked and focused upon inappropriate sites, 1 to 2 hours per day per user. You might think you have blocked inappropriate sites at work, but the truth is anonymous proxies make it very easy for employees to bypass policy; in fact there are over 1.8 million ways to do this.

(non) FACT # 3: Only inexperienced users are at risk  

You might be a very experienced computer and Internet user. You are aware of what sites are harmful and should be avoided. You are aware not to download anything. You are safe. Wrong. Unfortunately more than 83% of malware hosting sites are in fact legitimate and trusted sites that have been hijacked. Not only that by “drive-by downloads” (see above article) occur simply by visiting an infected site: no user action is required.

(non)FACT # 4: Firefox is more secure than Explorer

You might have heard about the Internet Explorer vulnerability Microsoft addressed in December of 2009.  You might now believe that Explorer is not as safe as other browser options. The truth, however, is that since all browsers are an execution environment for JavaScript, the programming language of the web, all cybercriminals use them for malware execution and therefore they are all equally at risk. Malware engineers also utilize plug-ins such as Adobe Acrobat reader that run across all browsers. Regarding Firefox in particular, 2008 study findings from security research firm Secunia discovered the number of browser exploits for Firefox to be 115: Explorer came in last with only 31 and Safari with 32.   

(non)FACT # 5: A lock icon ensures site security

Many are familiar with the lock icon located in the left corner of the URL bar of the browser. This icon indicates that there is an SSL encrypted connection between the browser and the server to protect the interception of sensitive business data. It does not protect one from malware. In fact it is actually the perfect opportunity for malware to infect a computer as a data security device like SSL renders a machine completely blind to all encrypted connections.  Malware also has the ability to parade as an SSL certificate by exploiting a vulnerability in the site, making users feel secure while visiting an infected or phishing site.    

Conclusion

Now that you know all of the hidden risks lurking about on the web, how do you go about protecting yourself and your company? That is simple. Visit www.Bryley.com/Solutions to see all of our options for securing your entire business network, end-to-end, gateway to endpoints, from malware attacks.

Want to learn more?

Contact Bryley Systems today.

Call 888.280.5799 or email Sales@Bryley.com 

Last year, the proliferation of Malware attacks increased a whopping 508%. Short for malicious software, Malware includes worms, Trojans, spyware, and viruses, all designed to infiltrate one’s system and perform actions without a user’s informed consent. So why, in 2010, are these threats on the rise? The epidemiology behind this tremendous jump pinpoints two simultaneous positive correlations: the continuous sophistication of the Malware and the rise in social media sites.

Don't let Malware get you down! Read on to discover the latest changes to Malware and how to protect yourself.   

The new cybercriminal

The cybercriminal of 2010 is no longer your amateur anarchist hacker; they are now highly skilled developers and engineers hired by criminal organizations to steal data or engage in spamming operations for profit. This means that more and more businesses are being targeted for and attacked by Malware as the aim is no longer chaos but capital gain.

The new Malware

Not only are the new cybercriminals professional engineers, targeting more and more businesses for profit, but now their latest worms, viruses, and Trojans are matured - able to outsmart traditional defense tools, embedded within websites as opposed to traditional email embeddings that one could easily avoid via spam filtering, and are now designed to infiltrate without informed consent in one of three ways: “drive-by downloads,” “social engineering,” and “iframes.”

• In a drive-by download, a user simply visits an infected site and the Malware is downloaded without one’s consent or even one’s knowledge.
• With social engineering, a user is tricked into performing an action, such as downloading a file or accepting a prompt, and instead downloads the malicious software. A specific type of social engineering is “scareware,” where the prompt (typically a pop-up) is extremely alarming. A perfect example is a pop-up designed to look like an actual antivirus alert, typically reading, “A virus has been detected on your system.” The scareware then encourages you to download a cleanup utility which in actuality is the Malware, typically a Trojan horse.     
• A site may be hosting Malware as is the case with drive-by downloads or scareware, or it could link to the malicious content via an iframe (think ads or web banners begging for your click-through).         

Legitimate sites under attack

We have all been familiar with Malware for quite some time, and common knowledge holds that if we steer clear of suspect sites (illegal downloading sites or adult content sites) we will keep ourselves safe from attack.  Although this was a very safe assumption in years past, the same does not hold true today as more and more legitimate websites now host or link to Malware, especially the new and popular social networking sites that make it all the easier for cybercriminals to spread Malware through their data sharing channels. The result: network gateways can no longer rely upon blacklists of dangerous sites nor can a user rely on their better judgement to avoid attacks.  

What makes the situation even worse is the fact that most site owners are completely unaware that their site is infected as it is happening in ways imperceptible. Exploitation of 0-day vulnerabilities in the software running the site or vulnerabilities in the application-specific code, uploadings on Web 2.0 user-driven sites, internal attacks from disgruntled employees, or third-party web content such as unvetted banners and ads using Flash applications: all of these furtive methods of attack may go unnoticed for quite some time.       

What can you do?

Here are the cold hard facts:

• Malware has grown significantly in sophistication  
• Traditional prevention tools are no longer enough
• Legitimate sites are now being targeted
• Site owners are often unaware of infection, leaving you to fend for yourself

In the face of all these changes to Malware, you must safeguard your entire system, end-to-end, gateway to endpoints. Fortunately, this can be done and done effectively. As traditional methods are no longer enough, it is best to consult a seasoned managed service provider on all the potential defense mechanisms currently on the market.  

Conclusion

Malware is very harmful and nothing to be considered lightly. One must take every precaution available to protect one’s system. We at Bryley have been in the computer network business for 23 years, and are fully prepared as a managed service provider to secure your network, end-to-end, against all potential attacks. We have several solutions to choose from:

• Bryley's Secure Network (SN) solution provides managed protection against all external threats and includes such features as intrusion prevention, malware blocking, web-content filtering, and spam filtering
• Bryley's Kaseya Endpoint Security (KES) is an antivirus/antispyware solution centrally managed and maintained by Bryley
• Bryley's Comprehensive Support Program (CSP), by far our most popular and most all inclusive managed solution, provides you with proactive, end-to-end network security and maintenance
• Bryley's Multi-Point Security Hardening solution provides you with workstation, server, and network verification as well as the implementation of improved security settings
• Bryley's unmanaged projects, including the deployment of firewalls, antivirus tools, and antispyware tools

Contact us today with any questions or concerns you may have regarding Malware or for a free network security consultation. 

Want to learn more?

Contact Bryley Systems today. Call 888.280.5799 or email Sales@Bryley.com

Learn more about the managed services we offer on our website. Visit http://www.bryley.com/solutions.html

How to Defend Your Organization against Botnet Attacks

The botnet: perhaps the most epidemiological of threats facing organizations today. A botnet takes over the resources of millions of computers, launches targeted attacks, steals information, and all around wreaks havoc on individual desktops as well as on entire networks.    

What is a botnet?

A botnet is a collection of software agents or robots that run autonomously and automatically. When discussing a botnet of the malicious variety, it is typically a collection of compromised computers called zombie computers running malicious software.  Your computer could either become another bot in the botnet -a zombie computer- or it could simply be attacked by the botnet.   

A computer becomes part of a botnet when the user installs the software created by the bot herder (the bot creator) which turns your computer into a bot or zombie. If your computer becomes part of the botnet, it is typically first instructed by the bot herder to search for and recruit other vulnerable hosts which spells disaster for your company’s network.

What are the biggest botnet threats?

Distributed Denial of Service (DDoS) Attacks

A botnet may launch what is called a distributed denial of service (DDoS) attack which is a grand-scale, coordinated attack with the aim of bringing down a high-profile site or service (think Google or a bank site) by flooding the connection bandwidth or resources of the targeted system.  

A very famous and recent example of a DDoS attack is Operation Aurora. This DDoS attack targeted Google and at least 20 other companies through a vulnerability in Microsoft Internet Explorer and was detected by McAfee on January 14, 2010. Microsoft has since issued a security bulletin and patch.

Spyware and Malware

Bots monitor and report one’s Internet activity for profit, without the knowledge or consent of the user. They may also install additional software to gather keystroke data and harvest system vulnerability information for sale to third parties.

Identity Theft

Botnets are often deployed to steal personal information such as financial data or passwords.

Adware

Bots can automatically download, install, and display popup ads based on previous surfing habits, or they can force the user's browser to periodically visit particular sites.

E-Mail Spam

Most spam is sent by bots; roughly 80 percent of all spam comes from zombies.

Phishing

Botnets hijack vulnerable servers to host phishing sites, sites that impersonate legitimate sites such as PayPal or a banking site in a ploy to steal passwords and personal information

How do I protect myself?

Traditional packet filtering, port-based and signature-based techniques will not actually alleviate your organization from botnet attacks, as botnets all too quickly can change the exploit code and control channel, port-hop, or shift over to a new zombie host.

There are many tools on the market today for botnet detection. Many of these tools analyze traffic flow data reported by routers such as the NetFlow by Cisco. Others use behavioral techniques or anomaly monitoring techniques where they build a baseline of a network under "normal" conditions and use it to flag abnormal traffic patterns that might indicate a botnet. DNS log analysis is another technique used to detect botnets, as botnets often rely on free DNS hosting services and botnet code often contains hard-coded references to a DNS server. These DNS log analysis tools can spot this code and alert you and the DNS server administrator to the presence of a botnet. One final tool to use in the fight against botnet attacks is the honeypot, a trap that imitates a legitimate network or service so as to lure in and detect malicious attacks and intrusions.     

Conclusion

Your organization needs to protect its network from these targeted botnet attacks; that means everything from server to endpoint.  Botnets try to locate vulnerable servers to turn them into malware servers and vulnerable desktops to turn them into zombie computers. What you really want to do is take preventative measures to avoid infection.   Firewalls, intrusion prevention systems (IPSes), intrusion detection systems (IDSes), and threat detection technologies are all recommended. Another preventative measure is to ensure that no unauthorized changes can be made to applications on desktops or servers in your network.  Also, be on the watch for any suspicious device behavior. Track network user behavior as well.   If your network does indeed become infected, you must isolate and clean infected machines so as to avoid the spread of the botnet.

Another thing to truly lock down is all of your personal information. Bot herders are looking to steal data that will aid them in identity theft. If you need any help with protecting your electronic files, give Bryley a call today. Our Three-Part Program guarantees the complete safety of your online data. Remember that to truly protect your organization from botnet attacks you must develop and deploy a solution consisting of a suite of appropriate products and services geared towards protecting both the servers and endpoints of your business network.  No single solution will secure your organization from the threat of botnet attacks as botnets use multiple attack vectors.    

Want to Learn More?

Contact Bryley today for a complete understanding of the products and services we offer that will help your organization treat and prevent botnet attacks.

Call us at 888.280.5799

Email us at Sales@Bryley.com  

 References

1.      Cisco – www.cisco.com

2.      Symantec – www.symantec.com

Now that you have attended our seminar or viewed our webinar on 201 CMR 17.00 . . .

March 1, 2010 is quickly approaching. What exactly is your organization's compliance plan?  How are you going to protect the personal information of your clients and employees? According to Jackie Noblett, a writer for Mass High Tech: The Journal of New England Technology - www.masshightech.com - data breaches affecting Massachusetts residents occur at an alarmingly frequent rate.  According to the Massachusetts Office of Consumer Affairs and Business Regulation, the state office in charge of monitoring and enforcing state data breach regulations, more than 1 million Massachusetts residents were affected by 807 instances of data breaching between the dates of November 1, 2007 and October 31, 2009. 

How can you begin to comply without hurting your wallet?

Some say we are at the end of the recession and others say the recession is still in progress, but either way finances are tight.  The perceived high cost of the technical aspects of data safety make the March deadline for 201 CMR 17.00 compliance seem difficult, especially for small and medium sized businesses with matching budgets.  So what can your company do to start complying now on minimal spending?  According to the Massachusetts Office of Consumer Affairs and Business Regulation, a staggering amount of the data breaches occuring stem from human error; of the 807 breaches aforementioned, roughly 300 of them were caused by employees misdirecting personal data, either intentionally or accidentally.  Start by stepping up your employee training on the new state regulation.  If you haven't already, watch the Bryley recording of our 201 CMR 17.00 compliance seminar for ideas. 

Contact Bryley for the rest

As a small business ourselves, we understand that small and medium sized businesses have other things on their plate that they need to focus their time and money on.  However, complying with 201 CMR 17.00 in full is very important to your organization.  If you fail to do so, and there is a data breach it is going to tarnish your image and that is bad for business.  There are also costly penalties in place.  There is a $5,000 penalty plus an additional fine for delaying or failing to notify state authorities and residents affected by a security breach.  There is a $5,000 penalty plus fine for failing to maintain a Written Information Security Plan or W.I.S.P. (to learn more about W.I.S.P.s watch our recorded seminar on 201 CMR 17.00). There are also $100 fines per individual (that can be racked up to $50,000 per incident) for failing to obtain written certification of data safety from third party vendors and the same fines apply for the improper disposal of personal information.  It could actually wind up costing you more in the shorterm as well as in the longterm if your reputation is called into question if you fail to comply and a data breach unfortunately does happen.

Bryley is here to help you with the technical aspects of your W.I.S.P. whether it be data encryption of all personal files or installing a firewall or system security software such as anti-virus, anti-Spyware, anti-Malware, or anti-spam,  or ongoing managed services including automatic patches, updates and scheduled scans 

Contact us for a free consultation. 

Call: 888.280.5799

Email: Sales@Bryley.com

Want to learn more? 

Read a full article on Massachusetts data breaches by Jackie Noblett for Mass High Tech.

http://www.masshightech.com/stories/2009/12/07/daily48-Businesses-still-plagued-by-data-breaches.html

Watch our recorded seminar on 201 CMR 17.00

http://www.bryley.com/201_CMR_17.html