Here’s Enough Digital Espionage to Scare James Bond [INFOGRAPHIC]

Like James Bond does in his new hit Skyfall, secret agents all over the world are now dealing with cyber-terrorists and digital threats as well as the usual bad guys petting cats on their laps as they hide out in their remote lairs.

Are these new digital threats giving those villains a digital license to kill? This infographic from F-Secure, a company that deals with malware threats, shows us some of the increasingly sophisticated viruses and malware that are insinuating themselves into digital devices across the world.

The scariest part is the fact that many of the good guys, including the U.S., are creating ultra-powerful digital weapons that could end up in the wrong hands. For example, Stuxnet, a sophisticated computer worm developed by the governments of the United States and Israel to target five Iranian organizations, has now been surpassed by even more sophisticated malware.

For instance, right when we were thinking last June that a new and especially nasty malware program called Flame was as bad as viruses could get, the Gauss virus appeared in August, which is said by security firm Kaspersky Lab to be infecting more computers than Flame.

Even though firms such as Kaspersky and F-Secure might sometimes exaggerate the threat of viruses and malware — simply because the more afraid we are those things the more antivirus software they sell — these digital weapons could still pose a threat, not only to individual users but to national security.

Take a look at this infographic outlining several of the current digital threats, and then let us know in the comments about your experiences with viruses and malware. Is the threat exaggerated, with the cure being worse than the disease? Or as U.S. Defense Secretary Leon Panetta has suggested, will viruses present us with a “digital Pearl Harbor” unless we sufficiently protect ourselves?

View Source

Top Five Threats to National Security in the Coming Decade

Defense technologists are most successful when they hone in on specific problems. The Pentagon’s research agencies and their contractors were asked in 2003 to come up with ways to foil roadside bombs in Iraq and Afghanistan, and although they did not defeat the threat entirely, they did produce a number of useful detectors, jammers and other counter-explosive systems. More recently, military researchers received marching orders to help tackle the so-called “anti-access area-denial” threats, which is Pentagon-speak for enemy weapons that could be used to shoot down U.S. fighters and attack Navy ships.

The next wave of national security threats, however, might be more than the technology community can handle. They are complex, multidimensional problems against which no degree of U.S. technical superiority in stealth, fifth-generation air warfare or night-vision is likely to suffice.

The latest intelligence forecasts by the Obama administration and other sources point to five big challenges to U.S. and global security in the coming decades.

Biological Weapons: The White House published in 2009 a National Strategy for Countering Biological Threats with an underlying theme that biological weapons eventually will be used in a terrorist attack. To prevent deadly viruses from being turned into mass-casualty weapons, officials say, one of the most difficult challenges is obtaining timely and accurate insight on potential attacks. The Defense Threat Reduction Agency has a team of researchers working these problems. But they worry that the pace of research is too slow to keep up with would-be terrorists.

Nukes: Large stockpiles of nuclear weapons are tempting targets for nation-states or groups set on attacking the United States and its allies, officials assert. Black-market trade in sensitive nuclear materials is a particular concern for U.S. security agencies. “The prospect that al-Qaida or another terrorist organization might acquire a nuclear device represents an immediate and extreme threat to global security,” says an administration report. No high-tech sensors exist to help break up black markets, detect and intercept nuclear materials in transit and there are no financial tools to disrupt this dangerous trade. A much-hyped Department of Homeland Security effort to detect radioactive materials at U.S. ports has been plagued by technical hiccups. Analysts believe that although a full-up nuclear weapon would be nearly impossible for an al-Qaida like group to build, a more likely scenario would be a low-yield “dirty bomb” that could be made with just a few grams of radioactive material.

Cyber-Attacks: The drumbeats of cyberwarfare have been sounding for years. Network intrusions are widely viewed as one of the most serious potential national security, public safety and economic challenges. Technology, in this case, becomes a double-edge sword. “The very technologies that empower us to lead and create also empower individual criminal hackers, organized criminal groups, terrorist networks and other advanced nations to disrupt the critical infrastructure that is vital to our economy, commerce, public safety, and military,” the White House says.

The cybersecurity marketplace is flooded with products that promise quick fixes but it is becoming clear that the increasing persistence and sophistication of attacks will require solutions beyond the traditional.

Climate Change: The national security ramifications of climate change are severe, according to Defense Secretary Leon Panetta. While the topic of climate change has been hugely politicized, Panetta casts the issue as a serious security crisis. “In the 21st century, we recognize that climate change can impact national security — ranging from rising sea levels, to severe droughts, to the melting of the polar caps, to more frequent and devastating natural disasters that raise demand for humanitarian assistance and disaster relief,” Panetta said. The administration projects that the change wrought by a warming planet will lead to new conflicts over refugees and resources and catastrophic natural disasters, all of which would require increased U.S. military support and resources. The scientific community, in this area, cannot agree on what it will take to reverse this trend. There is agreement, though, that there is no silver bullet.

Transnational Crime: U.S. defense and law-enforcement agencies see transnational criminal networks as national security challenges. These groups cause instability and subvert government institutions through corruption, the administration says. “Transnational criminal organizations have accumulated unprecedented wealth and power through the drug trade, arms smuggling, human trafficking, and other illicit activities. … They extend their reach by forming alliances with terrorist organizations, government officials, and some state security services.” Even the United States’ sophisticated surveillance technology is not nearly enough to counter this threat, officials say.

Read More

Cybercrime costs U.S. consumers $20.7 billion

U.S. consumers lost $20.7 billion to cybercrime over the past 12 months, with 71 million Americans falling victim to online perps, according to new research.

Meanwhile, worldwide losses resulting from cybercrime including malware attacks and phishing hit $110 billion between July 2011 and the end of July 2012, a report by security company Symantec (PDF) has found.

On average, each victim experienced $197 in direct financial loss. In the United States, the average loss was $290.

According to the report, an estimated 556 million adults across the world had first-hand experience of cybercrime over the period — more than the entire population of the European Union. The figure equates to nearly half of all adults online (46 percent), and is up from 45 percent a year ago.

There has been an increase in cybercrime that takes advantage of social networks and mobile technology, according to the report, with 21 percent of online adults reporting having fallen prey to social or mobile crime. The study also found that 15 percent of Web users have had their social-networking account infiltrated, and 1 in 10 have been victims of fake links or scams through a social network.

Seventy-five percent of those who participated in the study believed that cybercriminals are gearing more towardssocial networks.

Over 13,000 participants across 24 countries were interviewed for the report.

View Source

Yahoo confirms breach involving 450,000 email addresses and passwords

Some 450,000 Yahoo users’ email addresses and passwords have been leaked because of a security breach, the company confirmed Thursday, adding that just a small fraction of the stolen passwords were valid.

The company said in a statement that an “old file” from the Yahoo Contributor Network was compromised Wednesday. Among the stolen emails and passwords were many from Yahoo’s own email service along with those of other companies. The Yahoo Contributor Network is a content-sharing platform.

Yahoo said it is fixing the vulnerability that led to the disclosure, changing the passwords of affected Yahoo users, and notifying other companies whose users’ accounts may have been compromised.

“We apologize to all affected users,” the company statement said.

Technology news websites including CNET, Ars Technica, and Mashable identified the hackers behind the attack as a little-known outfit calling itself the D33D Company. The group was quoted as saying it had stolen the unencrypted passwords using an SQL injection – the name given to a commonly used attack in which hackers use rogue commands to extract data from vulnerable websites.

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call,” the group was quoted as saying.

Online security experts said Yahoo might have done more to protect the stored passwords, with Ohio-based TrustedSec describing the Internet giant’s decision not to encrypt them as “most alarming.”

Nevertheless, the haul does not appear as useful to hackers as they might have thought. Yahoo cautioned that only 5 per cent of passwords associated with its account holders were valid.

It was not immediately possible to contact the Ukraine-registered website associated with D33D Company. Its contact form was inoperable Thursday, while an email address and a phone number attributed to the site’s registrant appeared to be invalid.

Read more

What is the top target of cyber attacks?

Customer, student, employee and patient information is most at risk for cyber attacks today, and defending that data is a top concern for IT professionals this year, according to a survey published by CDW.

Concern about data loss is well founded: One in four organizations has experienced a data loss in the last two years. Many organizations report breaches jeopardizing their network, email or other sensitive information, CDW found in its poll, which examines data security concerns across industries, including medium and large businesses, financial services and healthcare organizations and higher education institutions.

One IT professional at a financial services company noted: “Security is harder every day due to the ease with which personal information is gained.”

Data loss comes at a cost: A Ponemon Institute study published in March found that organizations suffering a data loss in 2011 paid an average of $5.5 million per breach, which translates into an average of $194 per record lost.

“The damage resulting from data loss – to the bottom line and to an organization’s reputation – is very real,” said Christine Holloway, vice president of converged infrastructure solutions, CDW. “Perhaps it should come as no surprise that IT professionals view data loss as the greatest business risk to organizations this year. As telework and access to mobile computing grows, preventing data loss is increasingly important – and increasingly complex.”

CDW’s survey shows that the number of people accessing business networks increased by an average of 41 percent during the last two years. Inadequate security policies contribute to security challenges: While most organizations allow employees to access their networks with personal mobile devices, security policies for employee-owned devices are often less strict than for employer-owned devices.

Twenty-seven percent of IT professionals said they do not have security policies for employee-owned mobile devices.

Organizations that give their data security an “A” grade layer nearly all available data loss prevention measures, including encrypted storage, backup and email gateway; endpoint data loss prevention and security solutions; full-disk encryption; and Web security filters.

Organizations with “A” security are also more likely than others to require employee-owned mobile devices to comply with defined security procedures before they are granted network access.

Data loss prevention solutions help to protect personal, financial and research and development data, and they also flag any data being handled in a way that deviates from established security policies. CDW recently achieved Master Specialist designation in data loss prevention from Symantec. The designation recognizes investment and deep expertise in delivering advanced consulting and technical services in Symantec data loss prevention.

“No organization appears to be immune from data loss – blue-chip companies, small business, schools and governments have been affected,” said Rick Hanson, senior director of sales, Symantec. “Prevention is essential. Organizations that layer security solutions to address network endpoints, data at rest and data in motion are more aware of potential security threats, less susceptible to breaches and better able to respond when a breach occurs.”

Read more