McAfee: Cybercrooks Target Corporate Trade Secrets

Cybercriminals are increasingly moving from stealing just personal data to capturing trade secrets and other corporate intellectual capital that they can easily sell through the underground market, according to a new report from McAfee and the SAIC.

In today's release of a new study, "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency" (PDF), McAfee and the Science Applications International Corporate find that the theft of trade secrets, marketing plans, R&D data, and even source code is on the rise, especially as such information is often unprotected.

Based on a global survey of IT professionals, the report uncovered a number of findings.

A quarter of the companies surveyed said a data breach or just the threat of one has put a halt on plans for a merger or new product launch. Among those that actually suffered a data breach, only half of them took the necessary steps to prevent it from happening again.

Among companies that have been hit by cyberattacks, only about 3 in 10 have reported all such breaches, while 6 in 10 picked and chose which ones they reported. Along those lines, many organizations specifically look to store their data in countries where the laws are more lax over reporting data breaches to customers.

Hit by the recent economy downturn, many companies have been looking at cheaper ways of processing and storing their information abroad despite the potential risks, the report said. Across the world, China, Russia, and Pakistan are thought to be the least secure areas for storing critical data, while the U.S., U.K., and Germany are perceived to the safest. Currently, companies in the U.S., China, and India spend about $1 million a week to secure their sensitive data outside their own countries, the report said.

The information technology industry itself continues to be challenged trying to secure the wave of iPhones, iPads, and Android devices that employees are increasingly using on the job for sharing data, the report found.

"Cybercriminals have shifted their focus from physical assets to data-driven properties, such as trade secrets or product planning documents," said Simon Hunt, vice president and chief technology officer for endpoint security at McAfee. "We've seen significant attacks targeting this type of information. Sophisticated attacks such as Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the of the largest, and seemingly most protected corporations in the world. Criminals are targeting corporate intellectual capital and they are often succeeding."

To generate the report, McAfee and the SAIC worked with Vanson Bourne to survey more than 1,000 senior IT decision makers across the U.S., U.K, Japan, China, India, Brazil, and the Middle East during November and December of last year. This latest report is a follow-up to a 2008 report entitled "Unsecured Economies," which at the time found that cybercrime was costing companies more than $1 trillion globally.

Source: http://news.cnet.com/8301-1009_3-20047876-83.html#ixzz1HvdyapDY

Sony: PS3 Hacker GeoHot Fled To South America

date, 7:01 p.m. PT:with Hotz saying he is on a long-planned vacation.

If you've been following the drama between Sony and hacker GeoHot (aka George Hotz) then you're in for a fun twist today: Sony is accusing Hotz of fleeing the country, but Hotz says he's just enjoying spring break.

Sony makes the allegation in a court filing (PDF, see page 2, line 24) dated Friday.

After news stories began appearing today, Hotz wrote a blog post to set the record straight.

"Actually, it's true I'm in South America, on a vacation I've had planned and paid for since November. I mean, it is spring break; hacking isn't my life," he writes. "Rest assured that not a dime of legal defense money would ever go toward something like this. And of course [Sony-employed law firm Kilpatrick Townsend & Stockton] loves the idea of painting me as an international fugitive. I have been in contact with my lawyers almost every day; I would not let the case suffer."

George Hotz telling Sony how he feels.

(Credit: YouTube)

Hotz is well known for reverse-engineering the multi-digit code that allows the installation and execution of non-Sony-recognized code onPlayStation 3s, essentially allowing anyone with a PS3 to run homebrew software, or even pirated games.

A federal magistrate a couple weeks ago OK'd Sony's request for Hotz to hand over his hacking gear--his PS3 consoles, computers, and other equipment--untouched. It seems that before turning the stuff in, he allegedly made edits, deleting key evidence that Sony likely planned to use against him.

What's more, Hotz was allegedly caught lying about having a PlayStation Network (PSN) account. But Sony says it was able to prove that in February of last year, Hotz allegedly purchased a new PS3 and, tracing the serial number, Sony says it concluded that he had set up a PSN account under the screen name "blickmanic," which is also a name Hotz used on previous Web forums oniPhone jailbreaking.

Besides jailbreaking PS3s for non-sanctioned use on PSN, Hotz was a very vocal and active member of the iPhone/iOS jailbreaking community, bringing several key userland jailbreaks to the devices, including blackra1n and limera1n. While Apple consistently moved to patch the exploits Hotz used in its software, it never went overtly litigious as Sony has.

It's unclear what will happen in this case next. It's not publicly known where in South America Hotz is staying, what gear he has with him, and what assets he has access to. Recently, a court granted Sony access to Hotz's donation-based PayPal account, so that cash source may well be totally unavailable.

Whatever the case, we expect this to be far from over. There are egos, weird and obscure copyright laws, and potentially millions of dollars still at stake. If you're like me, you might want to make some metaphorical popcorn as well.

Source: http://news.cnet.com/8301-17938_105-20046386-1.html#ixzz1HdF1RaLX

Microsoft And Feds Bring Down Spam Giant Rustock

Rustock, purveyor of more e-mail spam than any other network in the world, was felled last week by Microsoft and federal law enforcement agents.

A lawsuit by Microsoft that was unsealed at the company's request late today triggered several coordinated raids last Wednesday that took down Rustock, a botnet that infected millions of computers with malicious code in order to turn them into a massive spam-sending network.

"This botnet is estimated to have approximately a million infected computers operating under its control and has been known to be capable of sending billions of spam mails every day," Richard Boscovich, senior attorney in the Microsoft Digital Crimes Unit, wrote in a blog post today.

The Wall Street Journal first reported that it was Microsoft's digital crimes unit, working in concert with U.S. marshals, that raided seven hosting facilities across the country and seized the command-and-control machines that ran the network. Those are the servers that send instructions to the fleet of infected computers to dish out spam messages hawking such items as phony lottery scams and fake and potentially dangerous prescription drugs.The takedown was known internally as Operation b107.

Hard drives seized yesterday at a hosting facility in Kansas City, Mo.(Credit: Microsoft)

Shutting down Rustock could put a huge dent in spam worldwide. Tech security giant Symantec estimated last year that Rustock was responsible for 39 percent of the world's spam. Global spam levels dropped 12 percent after Dutch authorities took down a Trojan horse named Bredolab last November.

Rustock's demise surprised the cybersecurity community last week, which often works in unison to corral spammers. According to an earlier Journal blog post, spam monitors didn't know why the botnet's activity halted. It was clear at the time that the effort was coordinated and complete.

Microsoft's digital crimes unit has long worked with law enforcement to track down and eliminate spammers, botnets, and other malicious code creators. Government authorities rarely have the resources to spend on the investigations, something Microsoft willingly finances since it has a vested interest in keeping people e-mailing.

Source: http://news.cnet.com/8301-10805_3-20044480-75.html#ixzz1HG6VXOoH

Critical Flash Flaw Won't Be Fixed Until Next Week

Adobe Systems has discovered a "critical vulnerability" in its Flash Player that might cause all kinds of trouble for users.

The company said yesterday that the flaw could cause a user's computer or mobile device to crash--and, more concerning, that the vulnerability could "potentially allow an attacker to take control of the affected system." So far, the company has discovered that the vulnerability is being exploited in Flash files, as well as through Microsoft Excel. Adobe said that the issue hasn't affected Reader or Acrobat.

The flaw affects Adobe Flash Player 10.2.152.33 and earlier versions of the platform running on every major operating system, including Windows, Macintosh, Linux, and Solaris. It's also an issue on Android devices running Flash 10.1 and earlier.

That last point is destined to spark some controversy.

Unlike Android, Apple's iOS mobile operating system has never supported Flash. Instead, iOS supports HTML5, a standard that Apple believes will eventually overtake Flash. But it goes beyond just getting behind an alternative to Flash. Apple's big issue with Adobe's offering stems from the potential security headaches.

Writing last year in an open letter on his company's Web site, Apple CEO Steve Jobs said that "Flash is the No. 1 reason Macs crash." He also cited a report from security firm Symantec, saying that it "highlighted Flash for having one of the worst security records in 2009."

"We don't want to reduce the reliability and security of our iPhones, iPods, and iPads by adding Flash," Jobs wrote.

Adobe plans to release a fix for the vulnerability sometime next week. Until then, the company warned users to "follow security best practices by keeping their anti-malware software and definitions up to date."

Source: http://news.cnet.com/8301-13506_3-20043248-17.html#ixzz1GyQYzbnp

Microsoft Fixes Critical Windows Hole, Others

Microsoft today released three bulletins fixing four vulnerabilities in Windows and Microsoft Office, including one that is rated "critical" for Windows XP, Vista, and Windows 7.

The bulletin MS11-015 resolves one critical vulnerability in DirectShow and one in Windows Media Player and Media Center, according to the security advisory. The more severe of the flaws could allow remote code execution, and thus complete control of a computer, if a malicious Digital Video Recording file were opened. The one vulnerability rated "important" affects certain media files in all versions of Microsoft Windows, the company said in a blog post.

"Microsoft normally rates this type of file format vulnerabilities as only 'important' because user interaction is required," said Wolfgang Kandek, chief technology officer of Qualys. "However this particular flaw has a component that allows for an attack through a browser link and allows its exploitation in automated 'drive-by' fashion" by merely visiting a Web site.

The other two bulletins both address a preloading issue with DLL (Dynamic Link Library) and are rated "important." The bulletins were released as part of Patch Tuesday, the company's monthly security update roundup.

MS11-016 affects Microsoft Groove 2007 Service Pack 2 used in Office. The vulnerability could allow remote code execution if a user opened a legitimate Groove-related file that is located in the same network directory as a malicious library file.

Meanwhile, MS11-017 affects Windows Remote Client Desktop. The vulnerability could allow remote code execution if a user opened a legitimate Remote Desktop configuration file located in the same network folder as a malicious library file.

Microsoft also said it is working to provide a solution through its monthly security update process to address a Mime HTML-related hole in all supported versions of Windows which became public last month.

Source: http://news.cnet.com/8301-27080_3-20040672-245.html#ixzz1G9KIsihU

France Hit By Cyberattack With G20 Focus

The French finance ministry revealed today that it has been the victim of a major and sustained cyberattack.

The attack, which has been ongoing since December, seems to be the work of hackers looking for documents related to the G20 political group, which brings together 20 major nations tasked with stablizing the global economy and which is being led by France this year, according to AFP News.

With over 150 computers in the ministry reported to have been compromised, the ministry has so far been forced to shut down 10,000 computers, said a report in Paris Match magazine (Google Translate English version). And though the specific source of the attack hasn't yet been narrowed, down, an official told Paris Match that some of the hacked information was redirected to sites in China.

The finance ministry has filed an official complaint with the French courts, while the French secret service has started investigating the case, added AFP.

Holding their most recent summit in Paris last month, the G20 nations set an array of goals and compromises designed to stave off future financial crises. But China proved difficult in negotations over exchange rates, currency reserves, and surpluses, according to the BBC, which said that the U.S. and other nations have accused the country of purposely keeping down the value of its yuan as a way to hang onto a competitive edge in its exports.

The attack on France follows a cyberattack against the Canadian government in January that also was reportedly traced back to China. Last summer, Canada hosted the G-20 summit in Toronto.

Source: http://news.cnet.com/8301-1009_3-20040050-83.html#ixzz1FxHgW220

Beware Enticing Bieber Links, Free Offers On Facebook

Old scams hiding under new headlines were circulating on Facebook this week, including promises of video involving obsessed Justin Bieber fans.

"I can't believe a GIRL did this because of Justin Bieber," says the post that has been appearing on Facebook walls and status updates.

Clicking the link leads to a fake YouTube-looking page that says "Please Watch this video only if you are 16 years or older," according to an M86 blog post. Hidden behind the video window is an iframe linked to Facebook so that clicking anywhere in the window will submit a "like" click to the page and spread the post on the victim's Facebook page. This is a standard clickjacking attack that is taking advantage of a current hot topic--the teen singer.

The scam doesn't stop there. A fake Facebook dialog box also pops up that asks the victim to verify his or her age by completing a survey with links to sites relating to auto insurance, according to M86.

Facebook was able to stop this scam fairly quickly, but not before it had garnered more than 20,000 likes. Other variants of the scam were spreading, M86 said.

Separately, scammers had rehashed some scams involving offers of free iPads, free Southwest Airlines tickets, and a Miley Cyrus-related video link via posts on the site and e-mail messages. It's unclear exactly how those scams worked and if they involved clickjacking.

Clickjacking prompts a victim to click something while a different action is taken behind the scenes. It takes advantage of a vulnerability in a Web browser and is not specific to Facebook.

If you see a potential or obvious scam on Facebook report it to the person whose account is spreading it, M86 said. The NoScript Firefox plug-in protects against clickjacking attacks such as this, it added.

Because clickjacking exploits a browser weakness, Facebook can't technically prevent it completely, a Facebook spokesman said. "We continue to build additional protections to mitigate its impact," he said in an e-mail. "We're also involved in discussions with others in the industry on how to fix the underlying issue on the browser side."

Facebook users should be suspicious of anything that looks or feels strange, even if it has been posted by a friend. Facebook offers tips for how to recognize and avoid clickjacking on the "Threats" tab of the Facebook Security Page here.

The company also has developed automated systems to detect and flag Facebook accounts that are likely to be compromised based on suspicious activity like lots of messages sent in a short period of time or messages with links that are known to be bad. Once Facebook detects a phony post it is deleted across the site. The company blocks malicious links from being shared and works with third parties to get phishing and malware sites added to browser blacklists or taken down. And Facebook displays warnings when people click on a link that has been identified as malicious from an e-mail notification.

Here are some basic safety tips for using Facebook or any site on the Web:

• Use an up-to-date browser that features an antiphishing blacklist.

• Choose unique log-ins and passwords for each of the Web sites you use.

• Check to see that you're logging in from a legitimate Facebook page with the facebook.com domain.

• Be cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional log-in.

Source: http://news.cnet.com/8301-27080_3-20037827-245.html#ixzz1FTZ7hTob