ISSSource White Papers

Posts Tagged ‘impact’

Monday, April 1, 2013 @ 02:04 PM gHale

Most businesses need workers to have access to the Internet, but 80 percent of organizations that allow employees that availability are experiencing high rates of malware threats, including phishing attacks, spyware, keyloggers and hacked passwords, new research said.

Web-borne attacks are having an impact on businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities, according to the report from Webroot. To mitigate these significant business risks a properly layered defense with effective endpoint and Web security and monitoring needs to be in place.

Phishers Hide Real Links with Javascript
APT Attacks Shut Down
Cyber Attack Against S. Korea
China a Cyber Attack Victim

Top-level corporate study findings:
• 8 in 10 companies experienced one or more kinds of Web-borne attacks in 2012
• 88 percent of Web security administrators say Web browsing is a serious malware risk
• Phishing is the most prevalent Web-borne attack, affecting 55 percent of companies.

The study, which surveyed Web security decision-makers in the United States and United Kingdom, found 79 percent of companies experienced Web-borne attacks in 2012. These incidents continue to represent a significant threat to corporate brands.

Results show that almost all of the Web security administrators agreed that Web browsing is a serious malware risk to their companies. Despite the obvious awareness of the risks, only 56 percent of participants said they had implemented Web security protection and more than half of companies without Web security had Web sites compromised.

“Protecting against Web-borne malware should be a high priority for all organizations since once inside a network, the propagation of malware can take down the entire company, effectively disabling an organization,” said Sara Radicati, president and chief executive at Radicati Group. “Finding a balance between providing employees Web access and ensuring corporate information security requires a solid Web security solution and is an essential requirement for companies to avoid this costly liability.”

The major trends driving businesses and information technology today — mobility, social networking, BYOD and cloud computing — are also making organizations more susceptible to security attacks. More than ever, cybercriminals are taking advantage of these Web-based vulnerabilities, making the threat landscape more challenging. According to the results, phishing represents one of the fastest-growing causes of breaches and data loss as cybercriminals become progressively adept at luring users into divulging sensitive corporate data.

Click here to register for the complete report.

Tuesday, August 21, 2012 @ 03:08 PM gHale

Microsoft updated Windows where it can restrict the use of any certificates with RSA keys less than 1024 bits in length.

The reason for the change, Microsoft said, is it is possible to crack weak certificates with keys less than 1024 bits with few resources in a rather short amount of time and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

Security Firm Updates Key Leak
Rogue SSL Certificate Plan Proposed
NASA Investigates Compromise
U.S. Jams Taliban, Yemen Frequencies

A user can download the update through the Microsoft Download Center as well as the Microsoft Update Catalog, and is available for all currently supported releases of the Windows operating system.

Microsoft said it would release the update through Microsoft Update in October “after customers have a chance to assess the impact of this update and take necessary actions to use certificates with RSA keys greater than or equal to 1024 bits in length in their enterprise.”

Microsoft suggests customers download the update and assess the impact of blocking certificates with RSA keys less than 1024 bits in length before applying the update across their enterprise. The reason is there are several known issues associated with the update that could disrupt operations.

First, a users will need to restart the system after applying the update, so that is something to keep in mind when updating systems for which even minimal downtime could disrupt operations. Other issues include possible problems with Outlook being able encrypt email using weaker certificates, as well as Internet Explorer not being allowed to access websites secured using an RSA certificate with key length of less than 1024 bits.

The issues of weaknesses in certificates was highlighted during the investigation of the Flame attacks, when it was discovered that components of the complex malware were signed with a certificate that chained up to the Microsoft Enforced Licensing Intermediate PCA certificate authority, and ultimately, to the Microsoft Root Authority. Those certificates were subsequently used in combination with a man-in-the-middle attack to hijack the Windows Update mechanism and propagate the malware on a local network.

In June, Microsoft revoked trust in the certificate authorities at the center of the Flame attacks and updated the Windows Update mechanism to only trust files signed by the new certificate used exclusively to protect updates to the Windows Update client.

While Microsoft suffered a compromise in this case, enterprises should take note and realize their IT infrastructure could be at risk to similar style attacks.

Wednesday, March 21, 2012 @ 12:03 PM gHale

It has been almost two years since the April 20, 2010 explosion on the BP Deepwater Horizon drilling rig in the Gulf of Mexico and scientists are now getting a handle on the impact the disaster had on the environment.

For months, crude oil gushed into the water at a rate of 53,000 barrels per day before workers were able to cap the well July 15, 2010.

Gulf Spill: BP Loses Ruling
BP Report: Most Oil Never Reached Surface
Ocean Topography a Drilling Safety Concern
BP Sues Halliburton for Spill, Again

Oil from the Macondo well made it into the ocean’s food chain through the tiniest of organisms, zooplankton, a new study said.

Tiny drifting animals in the ocean, zooplankton are useful to track oil-derived pollution. They serve as food for baby fish and shrimp and act as conduits for the movement of oil contamination and pollutants into the food chain. The study confirms that not only did oil affect the ecosystem in the Gulf during the blowout, but it was still entering the food web after they capped the well.

Oil, which is a complex mixture of hydrocarbons and other chemicals, contains polycyclic aromatic hydrocarbons (PAHs), which can act as a fingerprint and determine its origin. Researchers were able to identify the signature unique to the Deepwater Horizon well in the Gulf of Mexico, where 11 workers perished in the April explosion.

“Our research helped to determine a ‘fingerprint’ of the Deepwater Horizon spill—something that other researchers interested the spill may be able to use,” said Dr. Siddhartha Mitra of East Carolina University. “Furthermore, our work demonstrated that zooplankton in the Northern Gulf of Mexico accumulated toxic compounds derived from the Macondo well.”

The team’s research indicates the fingerprint of the Deepwater Horizon oil spill was in some zooplankton in the Gulf of Mexico ecosystem at low levels, as much as a month after capping the leaking wellhead. In addition, the extent of the contamination seemed to be patchy. Some zooplankton at certain locations far removed from the spill showed evidence of contamination, whereas zooplankton in other locations, sometimes near the spill, showed lower indications of exposure to the oil-derived pollutants.

“Traces of oil in the zooplankton prove that they had contact with the oil and the likelihood that oil compounds may be working their way up the food chain,” said Dr. Michael Roman of the University of Maryland Center for Environmental Science.

The study was led by East Carolina University with researchers from the University of Maryland Center for Environmental Science, Oregon State University, Georgia Institute of Technology, and U.S. Geological Survey.

Archived Entries