Digital Marketing Consultant

Operation Aurora is a cyber attack which began in mid-2009 and continued through December 2009.  The attack was first publicly disclosed by Google on January 12, 2010, in a blog post. In the blog post, Google said the attack originated in China.  The attack has been aimed at dozens of other organizations, of which Adobe Systems, Juniper Networks and Rackspace have publicly confirmed that they were targeted. According to media reports, Yahoo, Symantec, Northrop Grumman, Morgan Stanley and Dow Chemical were also among the targets."

From McAfree Labs:

"The news in January of the Operation Aurora/Google incident gave birth to the new category of Advanced Persistent Threat (APT), which has been a hot topic of discussion in the industry and press for much of the year.  However, there is much confusion about the true nature of these attacks.

"The generally accepted definition of an APT is one that describes a targeted cyber-espionage or cyber-sabotage attack that is carried out under the sponsorship or direction of a nation-state for something other than a pure financial or criminal reason or political protest.  Not all APT attacks are highly advanced and sophisticated, just as not every highly complex and well-executed targeted attack is an APT.  The motive of the adversary, not the level of sophistication or impact, is the primary differentiator of an APT attack from a cyber-criminal or hacktivist one."

So now you are quite well informed (for five minutes) until things change again.

"We expect that social networks will be used more often to bring hacktivism into play next year.  Just as cyber-crime has moved from isolated individuals (able to create a piece of malware) to unstructured groups (able to launch a DDoS), we expect to see much more and stronger organization and structure with hacktivist groups in 2011."

Now to something VERY interesting.  Did the lab forecast the future or what?  This was written BEFORE the Tunisian and Egyptian demonstrations.

"Hacktivism will become the new way to demonstrate your political position in 2011 and beyond.  Transitioning from the streets, political organizers will move to the Internet to launch attacks and send messages in broad daylight or Internet time.  And as in the physical world, we expect that hacktivist attacks will inspire and foment riots and other real-world demonstrations."

McAfee could not guess that this would all happen in 2010.  What the McAfee Labs did not say is that in countries where computers are not commonplace, the cell phone has been used.  So all that is said above applies to the phone as well.

I wanted to make an April Fools joke, but the subject is too serious. 

I wanted to continue commenting on what coming dangers are expected according to the annual report by McAfee.  I have to assume that you know what a "botnet" is, but, in case you don't, you can go to http://en.wikipedia.org/wiki/Botnet. 

What McAfee says is "...botnets continue to be one of the greatest and most sophisticated threats McAfee Labs faces.  In the coming years, we expect to see more data exfiltration capabilities.  Through this year we have seen cybercriminals engage in a growing number of targeted attacks.  We anticipate a greater focus on botnets removing data from targeted machines and compaines, rather than the common use of sending spam.  Botnets will also engage in advanced data gathering functionality as well as focus more on targeting and abusing social networking."

And the good news, bad news story?

"Botnets are suffering losses, too.  Global law enforcement has recently taken down Maripose, Bredolab, and some Zeus botnets.  However, botnets continue to evolve.  We predect that the recent merger of Zeus with SpyEye will produce more sophisticated bots because of improvements in bypassing security mechanisms and law enforcement monitoring.  Mergers and acquisitions have finally made their way into the malware world."

There is only one thing you can do...MAKE SURE TO UPDATE YOUR ANTIVIRUS SOFTWARE.  But you also need to be aware that the crooks are working their way into the social networks of Facebook, Twitter, etc. and into cell phones.

McAfee’s Annual Malware report stresses some extra unnerving information:

“This year we saw an increase in the sophistication of some threats.  ‘Signed’ malware that imitates legitimate files will become more prevalent in 2011.  This will cause an increase in stolen keys as well as the techniques and tools to forge fake keys to use in these types of attacks.

“’Friendly fire’ in which threats appear to come from friends via social media such as Koobface and VBMania will continue to grow.  This will go hand-in-hand with the increased abuse of social networks, which will eventually overtake email as a leading attach vector.

“We also expect to see an increase in “smart bomb” attacks, those designed to trigger under certain conditions but not others.  These threats require victims to follow the designated attack path, i.e. thwarting honeypots, crawlers, and security researcher, while greatly impacting designated and vulnerable targets.  Such threats will create an even greater need for Global Threat Intelligence to defend against attacks observed under specific circumstances.

“Personalized attacks are about to get a whole lot more personal.”

We have a client (of whom we cannot rid ourselves, as much as we try) who refuses to understand anything about how his computer system can become a danger to everyone else.  So until some malware actually jams up his system to the point of not running at all, he merrily continues to spew out bots and malware to each and every customer and friend.  This would not even be a problem if he were not so cheap as to spend money on an anti-virus system and then KEEP IT UP TO DATE!

Almost all of the anti-malware systems today are quite good.  The competition is huge.  I use a professional version of AVG, but I have no preferrence.  Everything I read about the competing systems seems positive.

As hopefully you know, most protective systems today are downright automatic if you are willing to pay a small fee.  In the meantime, if you don’t, you are hurting everyone to whom you are connected. 

I quote McAfee again: "Threats to mobile devices have been a hot topic within the security community for several years.  We expect attacks to erupt at any time, yet they never quite seem to happen. 

"Nonetheless, McAfee Labs predicts that 2011 will be a turning point for threats to mobile devices.  This year we saw many new, but low-prevalence, threats to mobile devices...rootkits for the Android platform, remote jailbreaking exploits for the iPhone, and the arrival of Zeus (a well-known banking Trojan/botnet). 

"The widespread adoption of mobile devices into business environments combined with these and other attacks is likely to bring about the explosion that we have long anticipated.  Given our historically fragile cellular infratstructure and slow strides toward encryption, user and corporate data may face serious risks."

It would not surprise me to learn that most of your company staff have quite advanced mobile phones, including the top executive.  And it would not surprise me if no policy is established for the use of these phones. 

The number one policy is to establish what programs and apps can an employee have?  But then, how can you control that?  Any comments?

I hate to say this, but if you are not careful, you will get yourself into trouble with Social Media.  McAfee Labs puts out a report each year which tries to forecast what is coming up in the way of trouble...and it ain't pretty.  It concerns both the Internet and the cell phone.  It concerns the hardware and the software.  It concerns Facebook and Twitter.

I will take some of the sections about which you should inform yourself starting with this quote:

“Social media connections will
eventually replace email as the
primary vector for distributing
malicious code and links.”

Further the report says, "The threats landscape has changed considerably in the past year. McAfee Labs has seen marked increases in malware sophistication and targeting as well as a continued increase in the overall volume of daily malware threats. We have also begun to see some very significant changes in the types of threats that aim at Apple iPhones and other mobile devices. But there is good news, too, primarily a significant decrease in the daily amounts of email spam we combat. These ups and downs lead us to wonder how threats are evolving."

Please make sure your family is aware.  Follow along.  I will report more on this tomorrow.