Consumerization of IT has already become a reality for many organizations

Your employees increasingly use their own mobile devices for business– a trend known as the consumerization of IT. Symantec recently conducted a short survey to learn more about end users’ experiences and perspectives on this trend. What it found is the consumerization of IT has already become a reality for many organizations.

The vast majority of respondents said their company allows employees to use the smartphones of their choice for work-related activities. And nearly identical percentages of respondents said their employer provided them with their smartphone (44 percent) as those who said they purchased their own (43 percent).

The survey also found that while end users realize the productivity and satisfaction benefits of allowing employees to use the smartphones of their choice for work, they don’t fully comprehend the extent of the security challenges this creates. In fact, 78 percent think that allowing employees to use the smartphones of their choice either has no impact on or only somewhat decreases the overall security of their company’s networks and information.

So what can small businesses really learn from this survey? Small businesses need to educate employees on the potential security risks these devices create and how to best keep them and the data on and accessible through them protected. Below are tips for small businesses to share with employees to help keep your information safe:

• Encrypt the data on mobile devices – The business-related and even personal information stored on mobile devices is often sensitive. Encrypting this data is a must. If a device is lost and the SIM card stolen, the thief will not be able to access the data if the proper encryption technology is loaded on the device.
• Make sure all software is up-to-date – Mobile devices must be treated just like PCs in that all software on the devices needs to be kept up-to-date, especially the security software. This will protect the device from new variants of malware and viruses that threaten a company’s critical information.
• Develop and enforce strong security policies for using mobile devices – In addition to encryption and security updates, it is important to enforce password management and application download policies for managers and employees. Maintaining strong passwords will help protect the data stored in the phone if a device is lost or hacked.
• Avoid opening unexpected text messages from unknown senders – Just like emails, attackers can use text messages to spread malware, phishing scams and other threats among mobile device users. The same caution should be applied to opening unsolicited text messages that users have become accustomed to with email.
• Click with caution – Just like on stationary PCs, social networking on mobile devices and laptops needs to be conducted with care and caution. Users shouldn’t open unidentified links, chat with unknown people or visit unfamiliar sites. It doesn’t take much for a user to be tricked into compromising a device and the information on it.
• Users should be aware of their surroundings when accessing sensitive information – Whether entering passwords or viewing sensitive or confidential data, users should be cautious of who might be looking over their shoulder.
• Know what to do if a device is lost or stolen – In the case of a loss or theft, employees and management should all know what to do next. Processes to deactivate the device and protect its information from intrusion should all be in place. Products are also available for the automation of such processes, allowing small businesses to breathe easier after such incidents.

Spammers join the Gold rush

On April 20, for the first time ever, gold rose above $1,500 an ounce as worries over the U.S. economic outlook boosted demand for the metal as a haven. Within hours, Symantec observed this spammer’s response: a hit-and-run spam attack with the Subject line “Subject: Is Gold Your Ticket To A Golden Future?”

Hit-and-run spam (or snow-shoe spam) is a threat known for its large volumes of spam messages in short bursts, where domains are quickly rotating and the sending IP hops within a certain /24 IP range.

Key characteristics include:

• The message is in HTML
• There is some type of word salad or word obfuscation injected between various tags and/or in the URL by means of multiple directories
• The message is typically sent within the same /24 IP range
• Domains are rotated quickly

The call to action for this particular attack is a URL in the message body which directs the recipient to a Web site where the recipient can request a “free” investor kit. In order to receive the investor kit, personal contact information is requested. Certain personalities are used in the image for this spam campaign including Glenn Beck. A Google search reveals an interesting angle about Glenn Beck promoting gold investments. It seems that the spammer did some research in order to know about the association before propagating this spam campaign.

It has been known for some time now that spammers stay on top of current events and adapt their economically focused pitches towards the news headlines. In the midst of the economic gloom, for example October 2007, Symantec reported several spam emails with subject lines such as “Looking to sell your house fast?” and “Get the dough out of your house.” This gold-rush spam attack of April 2011 adds more credence to the argument discussed in a blog post published April 2010, which was written to explore whether the focus of spam email could be used as an economic indicator.

Symantec personalizes spam protection

Symantec has released its Symantec Messaging Gateway 9.5, powered by Brightmail. Formerly called “Symantec Brightmail Gateway,” this latest release in messaging security extends antispam capabilities with personalized protection against unwanted email. Organizations can now customize their definition of unwanted email to personalize the protection they receive, meeting the varied demands of their individual environments. In addition, Symantec Messaging Gateway allows for tight integration with data loss prevention and encryption solutions to protect outbound communications. Virtual deployment of Symantec Messaging Gateway is fully supported to offer customers flexible, cost-effective options for fighting spam.

With Symantec Messaging Gateway, organizations can now block more unwanted email with new controls to better define acceptable inbound communications. Symantec Messaging Gateway includes new handling for marketing email and newsletters as well as emails containing suspicious URLs, such as shortened URLs where the target has been obfuscated. In addition, Symantec continues to improve its antispam engine to increase effectiveness. According to Virus Bulletin’s VBSpam comparative antispam testing, Symantec blocked 99.87 percent of spam in the most recent March 2011 assessment and consistently scores more than 99.5 percent effectiveness in these tests. With the support of Symantec’s world-leading malware research team, Symantec Messaging Gateway draws on intelligence gathered from more than 120 million devices and more than 800 million users worldwide, the largest network of its type.

Symantec Messaging Gateway extends its integration capabilities with Symantec Data Loss Prevention. In addition to the existing on-box integration, Symantec Messaging Gateway gives customers a simple add-on option for Symantec Data Loss Prevention, to provide a robust messaging security and data loss prevention solution from one vendor. Also, Symantec Messaging Gateway integrates with Symantec Messaging Encryption Gateway Edition, to give customers the choice of deploying on-premise email encryption or Symantec Content Encryption, a hosted encryption service powered by Symantec.cloud.

According to the 2010 Ponemon Cost of a Data Breach report sponsored by Symantec, the average annual cost of compromised data for companies was $7.2 million, up from $6.8 million in 2009. In light of this escalation, Symantec Messaging Gateway is designed to help organizations save money by reducing the risk of losing confidential information while simultaneously detecting email borne threats.

Symantec Messaging Gateway integrates seamlessly into Symantec Protection Center, a single sign-on Web console that provides administrators full access to configuration management, report generation and dashboard views of multiple protection technologies. By bringing together global trends from the Symantec Global Intelligence Network with local threat feeds from integrated security products, Symantec Protection Center provides actionable intelligence to reduce risks and simplify management.

Symantec is helping to drive the adoption of virtualization technology for messaging security with Symantec Messaging Gateway. Symantec offered one of the first virtual appliance offerings in this market, and Symantec’s VMware Ready virtual appliance has grown to represent more than 45 percent of production deployments in the three years since its launch. Symantec Messaging Gateway Virtual Edition, which shares the same entitlement as the physical appliance, can be deployed in hybrid physical and virtual configurations to provide organizations with flexible deployment options and the ability to dynamically scale messaging security resources against rapidly fluctuating email volumes cost effectively.

New tax year for UK brings new scams

Symantec has reported a new phishing scam that is taking advantage of the new tax year beginning for people in the UK on April 6, 2011.

The message in question was being sent in the name of the HMRC, Her Majesty’s Revenue and Customs, in an attempt to lure users into divulging bank account information with the lure of unclaimed tax overpayment money.

Symantec Security Researcher, Dylan Morss explains, “The path of the message had an international flavor, beginning at what looks like a computer at a hotel business center based in the US, then going through servers in New Zealand, then back to the US through the mail servers of a large free email service, and then presumably into the inbox of a user based in the UK.”

The URLs in the message also contributed to this internationalized scam by utilizing a domain based in Serbia which would redirect users when they unsuspectingly clicked on the HMRC link.

Example: somehijackedwebsite.in.rs/admin/files/hmrc/hmrc/xxxx.htm

“When clicking on the link, a user is given a new page and provided a list of several banks to select from. This presumably would be the bank that their accounts are registered with so that the HMRC can deposit money quickly,” Morss said.

Here is a sample of the original email asking HMRC users to click through to the hidden phishing link to update their information. This information will then be used by the phishers to extract money from bank accounts and participate in identity theft.

It is important to note that according to the HMRC website, users would never be contacted through email regarding a rebate.

“As a matter of policy, HMRC will only ever contact customers who are due a tax refund in writing by post. If anyone receives an email offering a tax rebate claiming to be from HMRC, we recommend they send it to phishing@hmrc.gsi.gov.uk before deleting it permanently.”

The HMRC also provides online security advice for users from their web site at:http://www.hmrc.gov.uk/security/index.htm

Cyber Threats Skyrocket in Volume and Sophistication

>

Targeted attacks, social networking threats, mobile device security and the proliferation of attack toolkits are top growing trends to watch in today’s threat landscape

Symantec has announced the findings of its Internet Security Threat Report, Volume 16, which shows a massive threat volume of more than 286 million new threats last year, accompanied by several new megatrends in the threat landscape.

The report highlights dramatic increases in both the frequency and sophistication of targeted attacks on enterprises; the continued growth of social networking sites as an attack distribution platform; and a change in attackers’ infection tactics, increasingly targeting vulnerabilities in Java to break into traditional computer systems. In addition, the report explores how attackers are exhibiting a notable shift in focus toward mobile devices.

Targeted attacks such as Hydraq and Stuxnet posed a growing threat to enterprises in 2010. To increase the likelihood of successful, undetected infiltration into the enterprise, an increasing number of these targeted attacks leveraged zero-day vulnerabilities to break into computer systems. As one example, Stuxnet alone exploited four different zero-day vulnerabilities to attack its targets.

In 2010, attackers launched targeted attacks against a diverse collection of publicly traded, multinational corporations and government agencies, as well as a surprising number of smaller companies. In many cases, the attackers researched key victims within each corporation and then used tailored social engineering attacks to gain entry into the victims’ networks. Due to their targeted nature, many of these attacks succeeded even when victim organizations had basic security measures in place.

While the high-profile targeted attacks of 2010 attempted to steal intellectual property or cause physical damage, many targeted attacks preyed on individuals for their personal information. For example, the report found that data breaches caused by hacking resulted in an average of more than 260,000 identities exposed per breach in 2010, nearly quadruple that of any other cause.

Social network platforms continue to grow in popularity and this popularity has not surprisingly attracted a large volume of malware. One of the primary attack techniques used on social networking sites involved the use of shortened URLs. Under typical, legitimate, circumstances, these abbreviated URLs are used to efficiently share a link in an email or on a web page to an otherwise complicated web address. Last year, attackers posted millions of these shortened links on social networking sites to trick victims into both phishing and malware attacks, dramatically increasing the rate of successful infection.

The report found that attackers overwhelmingly leveraged the news-feed capabilities provided by popular social networking sites to mass-distribute attacks. In a typical scenario, the attacker logs into a compromised social networking account and posts a shortened link to a malicious website in the victim’s status area. The social networking site then automatically distributes the link to news feeds of the victim’s friends, spreading the link to potentially hundreds or thousands of victims in minutes. In 2010, 65 percent of malicious links in news feeds observed by Symantec used shortened URLs. Of these, 73 percent were clicked 11 times or more, with 33 percent receiving between 11 and 50 clicks.

In 2010, attack toolkits, software programs that can be used by novices and experts alike to facilitate the launch of widespread attacks on networked computers, continued to see widespread use. These kits increasingly target vulnerabilities in the popular Java system, which accounted for 17 percent of all vulnerabilities affecting browser plug-ins in 2010. As a popular cross-browser, multi-platform technology, Java is an appealing target for attackers.

The Phoenix toolkit was responsible for the most Web-based attack activity in 2010. This kit, as well as many others, incorporates exploits against Java vulnerabilities. The sixth highest ranked Web-based attack during the reporting period was also an attempt to exploit Java technologies.

The number of measured Web-based attacks per day increased by 93 percent in 2010 compared to 2009. Since two-thirds of all Web-based threat activity observed by Symantec is directly attributed to attack kits, these kits are likely responsible for a large part of this increase.

The major mobile platforms are finally becoming ubiquitous enough to garner the attention of attackers, and as such, Symantec expects attacks on these platforms to increase. In 2010, most malware attacks against mobile devices took the form of Trojan Horse programs that pose as legitimate applications. While attackers generated some of this malware from scratch, in many cases, they infected users by inserting malicious logic into existing legitimate applications. The attacker then distributed these tainted applications via public app stores. For example, the authors of the recent Pjapps Trojan employed this approach.

While the new security architectures employed in today’s mobile devices are at least as effective as their desktop and server predecessors, attackers can often bypass these protections by attacking inherent vulnerabilities in the mobile platforms’ implementations. Unfortunately, such flaws are relatively commonplace – Symantec documented 163 vulnerabilities during 2010 that could be used by attackers to gain partial or complete control over devices running popular mobile platforms. In the first few months of 2011 attackers have already leveraged these flaws to infect hundreds of thousands of unique devices. According to findings from Mocana, it is no surprise that 47% of organizations do not believe they can adequately manage the risks introduced by mobile devices. And, that more than 45% of organizations say security concerns are one of the biggest obstacles to rolling out more smart devices.

“Stuxnet and Hydraq, two of the most visible cyber-events of 2010, represented true incidents of cyberwarfare and have fundamentally changed the threat landscape,” said Stephen Trilling, senior vice president, Symantec Security Technology and Response. “The nature of the threats has expanded from targeting individual bank accounts to targeting the information and physical infrastructure of nation states.”

Threat Landscape Key Facts and Figures:

• 286 million new threats – Polymorphism and new delivery mechanisms such as Web attack toolkits continued to drive up the number of distinct malware programs. In 2010, Symantec encountered more than 286 million unique malicious programs.
• 93 percent increase in Web-based attacks – Web attack toolkits drove the 93 percent increase in the volume of Web-based attacks in 2010. The use of shortened URLs also impacted this increase.
• 260,000 identities exposed per breach – This is the average number of identities exposed per breach in data breaches caused by hacking during 2010.
• 14 new zero-day vulnerabilities – Zero-day vulnerabilities played a key role in targeted attacks including Hydraq and Stuxnet. Stuxnet alone used four different zero-day vulnerabilities.
• 6,253 new vulnerabilities – Symantec documented more vulnerabilities in 2010 than in any previous reporting period.
• 42 percent more mobile vulnerabilities – In a sign that cybercriminals are starting to focus their efforts on the mobile space, the number of reported new mobile operating system vulnerabilities increased, from 115 in 2009 to 163 in 2010.
• One botnet with more than a million spambots – Rustock, the largest botnet observed in 2010, had more than one million bots under its control at one point during the year. Other botnets such as Grum and Cutwail followed with many hundreds of thousands of bots each.
• 74 percent of spam related to pharmaceuticals – Nearly three quarters of all spam in 2010 was related to pharmaceutical products—a great deal of which was related to pharmaceutical websites and related brands.
• $15 per 10,000 bots – Symantec observed an advertisement that listed the price for 10,000 bot-infected computers as $15 on an underground forum in 2010. Bots are typically used for spam or rogueware campaigns, but are increasingly also used for DDoS attacks.
• $0.07 to $100 per credit card – The price for credit card data on underground forums ranged widely in 2010. Factors dictating prices include the rarity of the card and discounts offered for bulk purchases.

2010 Threat Landscape Infographics