Posts Tagged ‘increase’
Friday, August 10, 2012 @ 06:08 PM gHale
China and the U.S. were the two largest sources of Internet-attack traffic in the first quarter of 2012, according to Akamai Technologies.
Attack traffic from China increased three points to 16 percent compared to the last quarter of 2011 and attacks from the U.S. increased one point to 11 percent in the same period, Akamai said in its First Quarter, 2012 State of the Internet report. Russia ranks third in the top ten and generated 7% of all attack traffic, a slight increase compared to last year’s results.
Over the past four years the ebb and flow of U.S. traffic has been at both ends of the pendulum as it has been responsible for as little as 6.9% of attack traffic and as much as 22.9%, Akamai said. The highest concentration of attack traffic generated form China came in the third quarter of 2008 when the country was responsible for 26.9% of attack traffic.
Akamai operates a global server network and maintains a distributed set of agents across the Internet that monitor traffic. Its quarterly report offers statistics not only on attack traffic but also on connection speeds.
On a regional basis, the Asia Pacific and Oceania regions combined were responsible for most attack traffic (42%) in the first quarter of this year, Akamai said. Just around 35% of all attack traffic originated in Europe, 21% in the Americas and under 1.5% in Africa.
Attacks from Indonesia decreased drastically. After spending the prior two quarters in the top three, Indonesia fell to the twentieth place this quarter and was responsible for one percent of observed traffic, according to the report. This decrease indicates the threats from the country have shifted elsewhere or mitigation efforts worked, Akamai added.
“As for attack traffic, we really don’t have visibility into why one country or another may be the source of a greater percentage of traffic from one quarter to the next,” said Akamai spokesman Rob Morton in an email, who added that in theory in any given period, one region may just be more active than others.
“We’re also looking at percentages, so there’s some fluidity there as well. For example, a couple of quarters ago Myanmar took one of the top spots on the list, now they’ve dropped off, that percentage of traffic needs to go somewhere,” he said.
Attacks on the top ten ports increased significantly and attacks targeting these ports were responsible for 77% of attacks, up 15% compared to the last quarterly results. The growth of these attacks comes from an increase in attacks targeting Port 445, which relates to the Conficker worm, Akamai said. More than 42% of observed attack traffic aimed at that port, an increase of 27 percentage points compared to the fourth quarter of 2011.
Conficker caused an uproar in 2009, and despite efforts by Microsoft and the Conficker Working Group, it appears the worm botnet is still actively infecting user systems, Akamai said.
Other popular attack ports were Port 23, used by the Telnet network protocol, Port 1433 (used for Microsoft SQL Server) and Port 80 (used for HTTP traffic), according to the report. Attacks aiming for Port 80 indicate attackers are searching for vulnerable Web applications they could exploit to gain control over a system or install malware, Akamai said. Attacks at Port 23 likely indicate attempts to exploit common and default passwords allowing attackers to take over a system, it added.
Akamai customers experienced denial-of-service (DoS) attacks during the first half of 2012, which signals a continuing and growing trend, according to the report. Attackers are increasingly using DoS tools that require lower traffic volumes such as Slowloris, a tool that holds connections open by sending partial HTTP requests, which causes a Web server to tie up.
Friday, June 29, 2012 @ 04:06 PM gHale
By Gregory Hale
In an environment where companies are averse to revealing details on whether or not they suffered a cyber incident, a small indicator showing the growth of attacks comes from ICS-CERT with nine reported incidents in 2009, to 41 in 2010 to 198 last year.
In ICS-CERT’s first year, the organization recorded nine cyber incidents, four of which were actual incidents. Two of those resulted in sending out onsite response teams, while two others ended up treated remotely. Reports came in from the energy, water, dams and a cross-sector.
“The ICS-CERT report represents an important metric for cyber security of control system,” said Kim Legelis, vice president at Industrial Defender. “By reporting a four-fold increase of incidents, the ICS-CERT shines the light on the need for control systems operators to be vigilant with respect to cyber security.
In 2010, there were 41 incident reports with eight resulting in onsite response teams, while an additional seven incidents involved remote analysis, according to a report issued by ICS-CERT.
The industries involved also grew with energy, water, dams, nuclear, chemical, government, critical infrastructure and cross-sector.
ICS-CERT received multiple reports of secure shell (SSH) brute force attacks attempting to access ICS and critical infrastructure companies who operate industrial control systems (ICS).
These incidents marked an increased awareness of the attack potential and attractiveness of targeting ICS’, according to the ICS-CERT report.
Multiple spear-phishing incidents also ended up reported that year. That is important to remember because spear phishing remains a big threat for most companies and organizations.
“One particularly interesting aspect of the report is the noted increase in spear phishing attacks,” Legelis said. “Spear phishing has long been used by attackers in other industries to provide an internal beachhead from which an organization can be infiltrated. Because social engineering attacks rely on the ability to mislead employees into unknowingly providing an entry point for attackers, they make attack prevention extremely difficult. ICS cyber security professionals are relying alternative methods to combat risks. Many have found logging and security monitoring technologies essential for detection, while advances in white listing can protect critical systems from malware infection and data exfiltration.”
Other threats from 2010 include:
Mariposa infections in Critical Infrastructure and Key Resources (CIKR). Defense Intelligence identified the Mariposa botnet in May 2009. Although the primary command and control (C2) infrastructure went down in December of that year, ICS-CERT continued to receive malware infection reports into early 2010, at least one of which resulted in an onsite incident response to determine whether the malware had breached the control system network. The operations executed by the botnet were diverse, in part because third parties could rent out parts of the botnet. Confirmed events include denial-of-service attacks, email spam, theft of personal information, and changing the search results a browser would display in order to show advertisements and pop-up ads.
Stuxnet. Stuxnet, the first ever malware specifically written to target ICS, was discovered in 2010. ICS- CERT analyzed the malware and its impacts to control systems in coordination with various government agencies, law enforcement, industry, and other organizations such as Symantec, Microsoft, CERT Bund, Siemens, and various sector ISACs (i.e., Energy, Chemical, Nuclear, Dams, Water, Transportation).
In 2011, ICS-CERT received 198 reports of incidents. Of those 198, seven resulted in the deployment of onsite incident response teams. An additional 21 incidents involved analysis efforts to identify malware and techniques used by attackers.
In addition, even more sectors were a part of the attack scenario in the year with energy, water, dams, nuclear, chemical, government, critical infrastructure, cross-sector, communications, transportation, information technology also joining in to name a few.
Quite a few of the Internet facing control systems employed a remote access platform from the same vendor, configured with an unsecure authentication mechanism. ICS-CERT coordinated with the vendor to mitigate the authentication vulnerability and also took on the task of identifying and notifying the affected asset owners.
In all cases, ICS-CERT will work with reporting organizations to help determine if the control network was compromised and provides mitigations to detect and mitigate the activity.
Some examples include:
• ICS-CERT worked with several companies that were part of the Night Dragon attacks, first reported in February 2010, targeting global oil, energy, and petrochemical companies. Hackers moved deliberately through networks, trolling for sensitive data and intellectual property.
• ICS-CERT worked with several organizations impacted by the Nitro attacks, where companies involved in research and development of chemical compounds and materials were the targets of sophisticated attacks. Reports indicated the attackers gathered data from across the victim networks and moved it to internal staging servers to make data exfiltration more efficient.
These incidents highlight the activity of sophisticated threat actors and their ability to gain access to system networks, avoid detection, use advanced techniques to maintain a presence, and exfiltrate data. ICS-CERT also collaborated with the international cyber security community working with over 30 different countries and, in most cases, interfacing directly with the international Computer Emergency Response Teams (CERTs) to coordinate responses and reach out to affected organizations and vendors.
Friday, May 25, 2012 @ 01:05 PM gHale
PC malware had its biggest increase in more than four years during the first quarter this year, a new report said.
The total number of samples taken was at 83 million, according to McAfee’s quarterly security report. Fake antivirus programs declined in popularity, but software with faked security signatures, rootkits and password-stealing Trojans rose.
McAfee counted 200,000 new examples of password-stealing Trojan horses.
Rootkits are stealth programs that enable privileged access to the user’s computer. The report calls rootkits “one of the nastiest classifications of malware.” The Koutodoor rootkit spread fastest last quarter.
Software is “signed” by the vendor to tell users it’s safe to install. A user is more likely to trust a well-regarded name like Microsoft, for example, than an unknown vendor. Scammers capitalize on that trust when they forge the digital signature of a trusted provider in order to boost the chances of having their malware successfully installed on the user’s computer.
Security felt forged security signatures would take off after the success of the proliferation of the Stuxnet and Duqu malware programs which used that same tactic.
Among botnets, Cutwail was most active during the quarter, recruiting more than a million new machines. Nearly half of all new botnet control servers were in the U.S.
The McAfee report also noted a dramatic increase in malware designed to attack mobile devices that run Android.
The total number of identified threats to Android devices more than quadrupled in the first quarter, reaching 8,000. However, part of the bump came from improved detection, according to the report. Most mobile malware aimed at Android did not come from apps offered through the Google Play app marketplace.
The report also found most mobile malware originated in and targeted China and Russia.
Malware targeting Apple computers also continued to rise steadily. New malware for the Mac exploded in the second quarter of 2011, but this last quarter saw the most new cases since then with about 250.
Tuesday, May 1, 2012 @ 05:05 PM gHale
Malicious and Web attacks increased 81 percent in 2011 over the previous year, a new report said.
In addition, mobile platforms such as Google’s Android operating system are becoming key targets of cyber criminals, according to security software vendor Symantec’s annual “Internet Security Threat Report.”
While Symantec did say there was a rise in malicious attacks, an 81 percent increase, the number of vulnerabilities fell by 20 percent.
In 2011, Symantec blocked more than 5.5 billion malicious attacks, and saw the number of unique malware variants jump to 403 million, company executives said. In addition, the number of Web attacks blocked per day increased 36 percent.
Targeted attacks, which had been associated primarily with attacks on larger organizations, are becoming more common among small and midsize businesses (SMBs), the Symantec report said. More than half of the targeted attacks — which use social engineering and customized malware to get unauthorized access to sensitive data — aimed at businesses with fewer than 2,500 employees, with 18 percent targeting companies with fewer than 250 workers.
Mobile vulnerabilities grew 93 percent in 2011 over the previous year, according to the report, and there was a jump in threats that targeted Android.
The relatively open nature of Android and its apps market is making the Google operating system an attractive target for cyber criminals, according to security firms.
The report also noted an increase in data breaches, with a rising concern over the issues of lost mobile devices. About 1.1 million identities ended up stolen during each data breach last year, a significant increase over previous years, the company said. While hacking incidents were a key threat — exposing more 187 million identities last year — data breaches were more likely caused by lost smartphones, tablets, USB keys or backup devices. Such lost or stolen devices exposed 18.5 million identities.
Tuesday, April 10, 2012 @ 04:04 PM gHale
Man-made causes — but not fracking – emanating from the oil and gas industry may explain a sharp increase in small earthquakes in the Midwest, a new study from the U.S. Geological Survey found.
The rate has jumped six-fold from the late 20th century through last year and the changes are “almost certainly man-made,” the study said.
Outside experts split on their opinions about the report, with the authors will present later this month.
The study said a relatively mild increase starting in 2001 comes from increased quake activity in a methane production area along the state line between Colorado and New Mexico. The increase began about the time that methane production began there, so there’s a “clear possibility” of a link, said lead author William Ellsworth of the USGS.
The increase over the nation’s midsection has gotten steeper since 2009, due to more quakes in a variety of oil and gas production areas, including some in Arkansas and Oklahoma, the researchers said.
It’s not clear how the earthquake rates do relate to oil and gas production, the study authors said. They note others linked earthquakes to injecting huge amounts of leftover wastewater deep into the earth.
There has been concern about potential earthquakes from a smaller-scale injection of fluids during a process known as hydraulic fracturing, or fracking, used to recover gas. Ellsworth said he is confident fracking is not responsible for the earthquake trends his study found, based on prior studies.
The study covers a swath of the United States that lies roughly west of Ohio and east of Utah. It counted earthquakes of magnitude 3 and above.
Magnitude 3 quakes are mild, and only a few people in the upper floors of buildings may feel them, or they may cause parked cars to rock slightly. The biggest counted in the study was a magnitude-5.6 quake that hit Oklahoma last Nov. 5, damaging dozens of homes. Experts said that quake was too strong to link to oil and gas production.
The researchers reported that from 1970 to 2000, the region they studied averaged about 21 quakes a year. That rose to about 29 a year for 2001 through 2008, they wrote, and the three following years produced totals of 50, 87 and 134, respectively.
The study results make sense and are likely due to man-made stress in the ground, said Rowena Lohman, a Cornell University geophysicist.
“The key thing to remember is magnitude 3s are really small,” Lohman said. “We’ve seen this sort of behavior in the western United States for a long time.”
Usually, it’s with geothermal energy, dams or prospecting. With magnitude 4 quakes, a person standing on top of them would at most feel like a sharp jolt, but mostly don’t last long enough to be a problem for buildings, she said.
The idea is to understand how the man-made activity triggers quakes, she said. One possibility is the injected fluids change the friction and stickiness of minerals on fault lines. Another concept is they change the below-surface pressure because the trapped fluid builds, and then “sets off something that’s about ready to go anyway,” Lohman said.
But another expert did not make the link to oil and gas operations.
Austin Holland, the Oklahoma state seismologist, said the new work presents an “interesting hypothesis” but the increase in earthquake rates could simply be the result of natural processes.
Holland said clusters of quakes can occur naturally, and scientists do not yet fully understand the natural cycles of seismic activity in the central United States. Comprehensive earthquake records for the region go back only a few decades, he said, while natural cycles stretch for tens of thousands of years. No one knows enough to rule out natural processes for causing the increase, he said.
Tuesday, August 2, 2011 @ 05:08 PM gHale
Expenses to deal with cyber crime are on the rise from last year, a new study found.
The median cost of cyber crime to the 50 organizations surveyed was $5.9 million per year, based on a range of $1.5 million to $36.5 million per year, according to the study conducted by the Ponemon Institute and funded by Hewlett-Packard.
That figure is up 56 percent from the $3.8 million median found in last year’s study, which ranged from $1 million to $53 million per year.
That large median dollar amount for dealing with threats includes detection and investigation, as well as follow-through actions such as containment and recovery.
In terms of dealing with threats, the study found the average time to address one is 18 days, resulting in an average price tag of $416,000. That’s up from an average 14-day period and $250,000 per attack last year.
Also up were the number of successful attacks; 72 were counted during the four-week test, marking a 45 percent bump from last year’s study.
“Instances of cyber crime have continued to increase in both frequency and sophistication, with the potential impact to an organization’s financial health becoming more substantial,” Tom Reilly, vice president and general manager of enterprise security at HP, said in a statement. “Organizations in the most targeted industries are reducing the impact by leveraging security and risk management technologies, which is grounds for optimism in what continues to be a fierce fight against cyber crime.”
In this year’s study, the Ponemon Institute said the most expensive and common cyber crimes were malicious code, denial-of-service attacks, “malicious insiders,” and devices compromised through theft or hijacking.
Cyber criminals laid their sights on large organizations this year, including high-profile hacks against tech companies such as Sony, Nintendo, and Sony Ericcson, alongside the Web properties of Fox, and PBS, and various government agencies.