Small Business Cyberattacks Getting More Creative

CREDIT: Cyber attack image via Shutterstock 

Small businesses, government organizations and even online gamers were targeted last month by cybercriminals, new data shows.

Conducted by GFI Software, the study examined the most prevalent threat detections encountered in January, which included phishing emailsaimed at small business owners. The emails posed as notices from the Better Business Bureau and claimed a customer had filed a complaint against the recipient, but the notes actually contained links to malware created with the Blackhole exploit kit.

A number of government organizations were targeted by spoofed messages from the United States Computer Emergency Readiness Team, while gamers looking to score pirated release games [TK – What are release games? Do we mean access to these games before they are released?] fell victim to several different attacks that offered bogus beta invites in return for filling out surveys and recommending links on Facebook and Google+.

Chris Boyd, senior threat researcher at GFI Software, said anyone on the Internet is a potential target for cybercriminals looking to infect systems and scam users.

"They purposefully cast a wide net when picking their methods of attack in order to reach as many targets as possible," Boyd said. "Whether you are a young gamer, a successful business owner or a government employee, you need to be wary when clicking on links that appear to pertain to your interests, especially when asked to submit personal information online."

Malware writers and Internet scammers also sought to attack a wider cross-section of the population by creatively piggybacking on hot news topics and highly trafficked websites. An example is the shutdown of the file-hosting website Megaupload, which led to a domain typo scam targeting both regular users of the website and visitors interested in seeing the FBI notice posted on the site. Once victims reached the misspelled URL, they were redirected to various sites promising fake prizes and seeking personal information.

"While cybercriminals may not be picky about their choice of victims, their choice of tactics is anything but haphazard," Boyd said. "Cybercrime campaigns are designed to cripple systems and steal personal information."

Reference & Courtesy: http://www.ittechnewsdaily.com/254-small-business-cyber-attacks.html

Cybersecurity Report: 84% Believe Risk is Higher than 1 Year Ago

With the annual Black Hat (Vegas) conference providing extra focus on cybersecurity this week, but also eclipsing most other news, I want to call attention to the EastWest Institute publication of their report on the Second Worldwide Cybersecurity Summit: Mobilizing for International Action.
The EWI summit, held in London at the beginning of June, attracted more than 450 government, industry and technical leaders from 43 countries to craft new cybersecurity solutions.
CSOs, CIOs, IT professionals, academics, and international policy-makers working to maintain a healthy Internet and guarding resources against cyber threats may went to take a look at the wide range of topics covered in the the EWI summit report. Fortunately, the report is readable from the web, with a solid table of contents and lots of quotes and graphics to help you navigate through the information and find areas of special interest.
EWI held their first Cybersecurity Summit in 2010, and EWI’s cybersecurity initiative has gained participation from the United States, Chinese, Russian and Indian governments, along with other members of the Cyber40 (an informal grouping of the world’s most digitally-advanced nations), academic leaders, and industry professionals.
“The largest roadblock to cyber solutions is a lack of trust,” says John Mroz, EWI President. “EWI’s trademark for three decades has been bringing the people who need to work together into the same room to craft solutions to particular issues of common concern. Nowhere is this needed more than in the cybersecurity arena.”
To highlight how participant’s see the cybersecurity challenge, the report shares (flip to page 7) some interesting survey data from the 2010 and 2011 summits:

• 84% think that the cybersecurity risk we face today is higher than one year ago
• 61% doubt that their country could defend against a sophisticated Cyber attack
• 54% doubt their <business, organization, agency> could defend against a sophisticated Cyber attack
• 70% believe that international policy and regulations lag far behind technology advances
• 81% agree that bold steps are needed immediately to address lack of trust in ICT development and supply chain integrity

That last point, which I sometimes refer to as “Trusted Supply Chain” issues, was also one of the key areas of focus for Microsoft participation at the summit and in the recent post by Eric T. Werner, Global Cyber Supply Chain Management a Principal Security Strategist with the Trustworthy Computing group here at Microsoft.
The 50-page report includes information from the keynote presentation on Supply Chain Risk Management delivered by Scott Charney, Corporate Vice President, Trustworthy Computing, including his observation that: “The Internet is different in the sense that you don’t have to put assets at risk to engage in espionage. Spies can sit in their home country and exfiltrate terabytes of data quickly.”