Breaches, attacks continue to scale up

Thursday, May 8th, 2008

And the beat goes on:

- Insider data theft continues unabated. During April, several universities—Miami, Colorado at Boulder, Virginia, Toledo, Southern Connecticut State, Massachusetts, Buffalo State, and Northwest Missouri State—reported data breaches with records for more than 2 million people stolen, according to Ted Julian, VP at Application Security, Inc. The Miami heist was the biggie: thieves targeted a delivery truck carrying backup tapes carrying records for everyone who visited the university’s medical facilities since 1999, 2 million records.

- Low level crooks are stock piling data swiped from top-tier global businesses. Finjan CTO Yuval Ben-Itzhak recently located a rogue server, dubbed “Crimeserver,” parked in Malaysia. It contained 1.4 gigabytes of pilfered data, including medical records, bank accounts and business email. Crimeserver contained 571 log files from the USA, 621 from Germany, 322 from France, 308 from India, 232 from Great Britain, 150 from Spain, 86 from Canada, 58 from Italy, 46 from the Netherlands and 1,037 from Turkey.

Finjan notified over 40 major international financial institutions about their data turning up in Crimeserver. The fact that Crimeserver’s controllers took no steps to encrypt or otherwise restrict access to their cache of stolen data suggests they are probably mere script kiddies. Pros would never be so sloppy. “You don’t have to be computer savvy to do this,” say Ben-Itzhak. “You just have to buy a tool kit which is what this hacker did.”

- Elite cyber gangs are stealthily roaming inside corporate networks. Mi5 Networks has discovered trojans and botnets in every organization where it has deployed Web security systems. “One common thread we’ve seen is that these new forms of malware are extremely sophisticated at staying under the radar,” says Mi5’s CEO Doug Camplejohn. For example, out of 9,000 botted machines, the controller generally used no more than 15 active bots, while keeping 149 in a dormant-but-ready for re-activation state.

“Only 5% to 15% of Trojans and botnets we discover are active at any given point in time. However, when they do become active they are very efficient,” says Camplejohn. “In one particular site we saw over 100 botnets perform over 14 million scans in one month period - trying to identify other vulnerable machines they could infect.”

ZDT authors shed light on cybercrime explosion

Thursday, April 17th, 2008

Click here to listen to part one of our recent interview with RSA’s Paul Joyal, host of Speaking on Security, a podcast aimed at tech security professionals, in which we illuminate in plain English the rising hazard of cybercrime. Click here to listen to part two of the interview, in which we describe how and why Zero Day Threat, the book, came to be.

Tech security stories earns journalism award

Tuesday, April 15th, 2008

Our 2007 tech security stories published in USA TODAY has earned an Excellence in Financial Journalism Award from the New York State Society of Certified Public Accounts. Good to know our stories, which are echoed and expanded upon in Zero Day Threat, resonated with New York’s finest bean counters. Thanks goes out to all our tech security contacts who have so graciously helped us with guidance and expertise. We couldn’t have done it without you.