ISSSource White Papers

Posts Tagged ‘social media’

Thursday, October 16, 2014 @ 05:10 PM gHale

While it is no surprise, but quite a few companies continue to struggle to keep their networks secure against rapidly evolving, and more sophisticated cyber threats.

Despite the rising complexity in the technological and regulatory landscapes, companies still typically rely on outdated methods to keep data secure, according to new research from Frost & Sullivan.

Security Training Means Less Incidents
Breach Alert: Critical Infrastructure at 70%
Data Breaches: Not Learning from History
Sounding Off on Internet of Things

There is no doubt complications abound with BYOD, social media, smartphones, virtualization, and cloud services. They have significantly complicated the process of securing networks and sensitive data. The problem is quite a few companies failed to adjust their security approaches accordingly.

A study conducted by Frost & Sullivan and (ISC)2 revealed out of 12,396 respondents, 42 percent ranked social media as a top security concern. On the same hand, 25 percent of organizations admitted they were not addressing this attack surface.

Cyber crime today is big business and bad guys remain motivated, skilled, coordinated, and well-funded than ever before. Yet companies continue to rely on outdated detection methods like antivirus that only protects against known threats or provide information about attacks after they happen.

Organizations also use discrete solutions to manage each new threat vector, emerging technology and regulatory requirement. However, by investing in several point products, businesses are finding the process to maintain these solutions to be unmanageable. In addition, those systems are often unable to share data with each other, which reduces their effectiveness.

Monday, June 9, 2014 @ 11:06 AM gHale

Attackers are exploiting commonly-used business applications to bypass security controls, a new report said.

Common sharing applications such as email, social media, and video remain the attack vehicles of choice for cybercriminals, but are often only the start of multi-phased attacks rather than the focus of threat activity, according to Palo Alto Networks’ Application Usage and Threat Report.

Ineffective Password Security Practices
Insider Threat Real; Protection Weak
Aware of Info Loss, Data Still Not Secured
Major Update to ICS Security Guide

In one part of the report, 34 percent of the 2100 applications observed use SSL encryption. As a result, network administrators are unaware of what applications on their networks use unpatched versions of OpenSSL, which can leave them exposed to vulnerabilities such as Heartbleed.

In addition, Palo Alto Networks found 99 percent of all malware logs ended up generated by a single threat using UDP; attackers also use applications like FTP, RDP, SSL, and NetBIOS to mask their activities.

It is one thing to point out weaknesses, but it is another to offer ways to correct them. Palo Alto Networks said areas enterprises could improve include:
• Deploy a balanced safe enablement policy for common sharing applications. The way to ensure success is documentation of the policies, education of users, and periodically updating the policy.
• Control unknown traffic. Every network has unknown traffic that is small, averaging 10 percent of bandwidth, researchers said. This high-risk traffic can end up controlled. Controlling unknown UDP/TCP will cut out a significant volume of malware.
• Determine and selectively decrypt applications that use SSL. Selective decryption, in conjunction with enablement policies, can help businesses uncover and eliminate potential hiding places for cyber threats.

The Application Usage report comes from raw data occurring from activity happening on enterprise networks, and not through a user-based survey. The data gathered for the reports comes from evaluation units of the company’s firewalls deployed at potential customer locations. This most recent report ended up based on analysis of traffic data collected from 5,500 network assessments and billions of threat logs over a 12-month span between March 2013 and March 2014, the company said.

Click here to view the report visualization.

Monday, October 28, 2013 @ 04:10 PM gHale

A new LinkedIn feature designed to familiarize users with their email partners could bring in security woes, researchers said.

The new feature, LinkedIn Intro, enables iPhone users to route their email through LinkedIn so they can get background on an email sender or receiver before they write. The feature helps the user become more familiar with their email partners, LinkedIn said.

Social Media Big Attack Target: IBM Report
Trojans Make Up 80% of Malware
New Revenue Stream for Ransomware
Malware Targets Java, Adobe Bugs

Researchers said, however, the feature is potentially dangerous to the user’s personal privacy and to any enterprise that allows employees to use LinkedIn via the corporate network. This is another example of how users should be wary of using social media for corporate endeavors.

“Intro reconfigures your iOS device (e.g. iPhone, iPad) so all of your emails go through LinkedIn’s servers. You read that right,” said the security consulting firm Bishop Fox in a blog. “Once you install the Intro app, all of your emails, both sent and received, are transmitted via LinkedIn’s servers. LinkedIn is forcing all your IMAP and SMTP data through their own servers and then analyzing and scraping your emails for data.

The blog continues: “‘But that sounds like a man-in-the-middle attack!’ I hear you cry. Yes. Yes it does. Because it is. That’s exactly what it is. And this is a bad thing. If your employees are checking their company email, it’s an especially bad thing.”

In fact, Intro could create problems for encrypted email, the Bishop Fox blog said. “Cryptographic signatures will break because LinkedIn is rewriting your outgoing emails by appending a signature on the end,” Bishop Fox said. “This means email signatures can no longer be verified. Encrypted emails are likely to break because of the same reason – extra data being appended to your messages.”

Friday, September 27, 2013 @ 06:09 PM gHale

Knowing compromised social media accounts can be highly valuable, cyber criminals are leveraging those accounts for reconnaissance and future attacks, a new report said.

That was just one of the findings in the IBM X-Force Research and Development team’s 2013 mid-year report on cyber security trends and risks. The results of the study are from the analysis of 4,100 new vulnerabilities, and 900 million new webpages and images.

Trojans Make Up 80% of Malware
New Revenue Stream for Ransomware
Malware Targets Java, Adobe Bugs
Password Length Could Cause DoS

“IBM X-Force expects to see these newer applications of social engineering become more sophisticated as attackers create complex internetworks of identities while refining the art of deceiving victims,” said Leslie Horacek, worldwide threat response manager for IBM X-Force and senior editor of the report on a blog.

“Users must adopt a mindset of guilty until proven innocent when it comes to social media and companies should engender suspicion to protect users and assets,” she added.

As far as vulnerabilities go, researchers found the number of new vulnerabilities reported in the first half of 2013 was similar to the number reported last year. However, the amount of web application vulnerabilities slightly decreased this year.

When it comes to web vulnerabilities, cross-site scripting (XSS) remains the most common type, accounting for over half of all security holes.

In 28 percent of the cases, successful exploitation of a vulnerability resulted in gaining access to a system or application.

The report names the United States as the country that hosts most malicious links at 42 percent. Germany (9.8 percent), China (5.9 percent) and Russia (4.5 percent) all follow the U.S.

The IBM X-Force report also covers mobile malware, watering hole attacks, Zero Day attacks, and distraction and diversion techniques.

Click here to download the complete report.

Friday, September 20, 2013 @ 06:09 PM gHale

Cyber threats are continuing to grow and get more sophisticated, a new report said.

Along those lines, there has been an increase in threats to the infrastructure through targeted attacks; mobile devices, and social media identity thefts carried out by cyber-criminals over Cloud services, according to the ENISA’s interim Threat Landscape 2013 report.

Mobile Security Education Feeble
Mobile Spam Risks on Rise
Threat Report: Mobile Attacks Taking Off
Hackers Hit Cloud for Android Attacks

Some key trends identified in the study:
• Cyber-criminals increasingly use advanced methods to implement attack vectors that are non-traceable and difficult to take down. Anonymization technologies and peer-to peer systems play an important role in this. It is clear cyber criminals are increasingly exploiting mobile technology. Threats of all kinds encountered in the more traditional arena of IT will affect mobile devices and the services available on these platforms.
• The wide spread usage of mobile devices leads to an amplification of abuse based on knowledge/attack methods targeting social media.
• The availability of malware and cyber hacking tools and services, together with digital currencies and anonymous payment services is opening up new avenues for cyber-fraud and criminal activity.

There is a real possibility of large impact events when attacks combining various threats successfully launch.

As reported by ENISA in its report on major cyber attacks, cyber attack is the sixth most important cause of outages in telecommunication infrastructures, and it has an impact upon a considerable number of users. Taking into account these incidents, and denial of service threat developments, there has been an increase in infrastructure threats in 2013, the report said.

The study identifies the following top threats with major impact since 2012:
Drive-by-exploits: Browser-based attacks still remain the most reported threats, and Java remains the most exploited software for this kind of threat.
Code Injection: Attacks are notably popular against web site Content Management Systems (CMSs). Due to their wide use, popular CMSs constitute a considerable attack surface that has drawn the attention of cyber criminals. Cloud service provider networks see use as host tools for automated attacks.

Botnets, Denial of Services, Rogueware/Scareware, Targeted Attack, Identity Theft and Search Engine Poisoning are the other trending threats.

A full ENISA Threat Landscape 2013 report is due by the end of the year.

This short, interim report informs security stakeholders as early as possible about developments in cyber threats, so that they are able to take countermeasures,” said Professor Udo Helmbrecht, the ENISA executive director.

Tuesday, August 20, 2013 @ 05:08 PM gHale

A California-based firm that two years ago used browser plugins to deliver ads by injecting them into Facebook and Google pages is working a similar program, researchers said.

At the time, the company, Sambreel, named the two plugins “PageRage” and “BuzzDock,” but today their names are “Easy YouTube Video Downloader” and “Best Video Downloader” which are part of a software browser tool suite provided by two subsidiaries of Sambreel, said the researchers from UK-based

Browser Extensions Steal Account Info
Mac Attack: Ransomware Targets Safari
Ransomware Forces Survey on Victim
Music App a Political Android Trojan

“When a user who has installed these plugins visits multiple display ad slots are injected across the YouTube homepage, channel pages, video pages and search results pages,” the researchers said. “These display ad slots are being bought today by premium advertisers like Amazon Local, American Airlines, AT&T, BlackBerry, Cadillac, Domino’s, Ford, Kellogg’s, Marriott, Norton, Toyota, Sprint, Walgreens and Western Union.”

In one example, the injected ad sports a fake alert saying the user should update their Java, but clicking on the “OK” button will take them to a third-party site, the researchers said.

“This sort of malvertising would be unlikely to impact YouTube users without Sambreel’s involvement. Google has strict ad-quality processes, and Sambreel’s plugins bypass these,” the researchers said. So, not only does the company hurt legitimate advertisers, but random users as well.

According to BBC News, one of the Sambreel subsidiaries said it discontinued one of the browser plugins, but that only occurred after the researchers made the company’s actions public.

A Google spokeswoman said the company is aware of the practice and banned all of them from using Google’s monetization and marketing tools.

According to, 3.5 million people installed one of Sambreel’s YouTube-focused adware plugins before this.

Monday, August 19, 2013 @ 04:08 PM gHale

Newer versions of the ZeuS malware are doing much more than just stealing sensitive information from computers.

One variant of the malware uses compromised systems to check for availability of Instagram usernames, said researchers at RSA.

Malware Shifts to New Port Range
Most of Citadel Botnet Down
Spam Botnet Dodges Detection
Customized Mobile Number Harvesting

Once it lands on a computer, the malware downloads several additional components. The hashes of the threat change often to avoid detection by antivirus solutions, but the size of the file is always the same.

After the additional malicious components end up downloaded and installed, ZeuS performs search engine queries, most likely in an effort to promote malicious websites in search engine results.

Then, it starts checking for the availability of Instagram usernames via the social media network’s mobile API.

“For servers and virtual machines running Windows operating systems, Instagram API calls are pushed into Instagram by spoofing User-Agent strings in an attempt to disguise the traffic as a Smartphone running an Android operating system,” said RSA senior researcher “Fielder.”

The threat checks usernames comprised of a dictionary word followed by a series of four or more random characters.

Experts believe the malware is checking the availability of Instagram usernames in an effort to create an army of fake Instagram users that can later end up sold as followers to individuals or organizations that want to boost their popularity.

In addition to checking for usernames, the malware is also capable of automatically liking photos posted on other Instagram accounts.

“The latest Zbot variant appears to be upping its game with new features and functionality. Search engine optimization abuse and Instagram account abuse could just be the beginning,” “Fielder” said.

Thursday, August 8, 2013 @ 07:08 PM gHale

In what has potential privacy issues written all over it, the U.S. Secret Service wants to improve the way it monitors social media and collects information from “open sources” on the Internet and elsewhere.

The Secret Service issued a solicitation July 29, completely for small business, for a software tool that can gather intelligence from a diverse group of publicly-available sources.

LinkedIn Token Flaw Thwarted
Browser Extensions Steal Account Info
LinkedIn Outage Caused by DDoS
Self-Propagating Trojan Lives On

“The Government is seeking licenses for software solutions involving, but not limited to, real-time open source intelligence monitoring,” said the agency’s solicitation document.

The Secret Service, which typically would post the “statement of work” for a required contract on the FedBizOpps Web site, in this case is being more reticent in sharing the complete description of the required effort by the selected contractor. “The full Statement of Work (SoW) is being made available only to contractors that respond to this notice/solicitation…,” the Secret Service request said.

The agency envisions a firm-fixed-price contract that will cover a one-year base period of performance (running from Sept. 1, 2013 through August 31, 2014), plus four separate one-year option periods.

Even though no commercial company is currently performing this work, the Secret Service indicated in its solicitation the technical requirement itself is not new.

“There is not an incumbent contractor associated with this work,” said the agency, in reply to a prospective vendor’s question, adding, “This is not a brand-new requirement, as indicated in the solicitation.”

Tuesday, June 11, 2013 @ 03:06 PM gHale

In the cyber world Trojans usually live a short life and then new ones quickly replace them, but Zeus/Zbot continues moving forward with its variants continuing to perfect man in the middle (MitM) attacks, log keystrokes and grab information entered in online forms.

This Trojan usually spreads in exploit kits via drive-by-downloads, phishing schemes, and social media, however, Trend Micro researchers just found a variant that uses removable drives as another attack vector.

BIND 9 DoS Hole Patched
P2P Botnets Keep Growing
Global Cybercrime Botnet Breached
Reworked Trojans a Major Threat

In this case, the malware variant delivers via a malicious PDF file disguised as a sales invoice document.

Potential victims that attempt to open the file with Adobe Reader get a notice saying it cannot open because “use of extended features is no longer available.”

But in the background, the malware has already silently dropped onto the system and run.

It first contacts its C&C center to download an updated copy of itself (if there is one available), but immediately after it checks whether there are any removable drives connected to the computer, and if there are, it drops a copy of itself in a hidden folder, then creates a shortcut to it.

Thursday, June 6, 2013 @ 03:06 PM gHale

Two-factor authentication is starting to become more commonplace as social media company, LinkedIn, joined a group of companies that offer the extra security measure.

Since the beginning of June, those who use the business networking platform have been able to turn on two-factor authentication (referred to by LinkedIn as “two-step verification”) in their settings.

Social Media: Twitter Boosts Security
Dorkbot Spreads via Facebook Chat
New TDL Malware Releases
Malware Costs Consumers $4B a Year

With LinkedIn becoming more popular throughout the manufacturing automation industry it remains vital users don’t let attackers in through this form of social media.

As with Facebook and other services, a password and a security code sent to the user’s registered mobile by SMS text message will be a must when someone tries to log in from a previously unregistered device or from a web browser they haven’t used before. While in the settings, it is also a good idea to enable HTTPS-encrypted connections via Settings/Account/Manage security settings, as, by default, LinkedIn continues to provide its web pages in plain text.

In summer 2012, LinkedIn dealt with a million-dollar class action lawsuit brought by a user after a password leak affected the network. In the class action complaint, the plaintiff accused LinkedIn of creating “significant risks to the integrity of users’ sensitive data” by using the “outdated” SHA1 hashing algorithm from 1995 to protect its users’ data.

In addition, the social network did not salt the hashed passwords beforehand. Another point in the complaint concerned the platform’s information policy. LinkedIn only admitted that a leak had occurred after third-party observers publicly announced the password theft. The lawsuit ended up dismissed in March.

While SHA1 is no longer an up-to-date password-hashing method, the more contemporary technique is Password-Based Key Derivation Function 2 (PBKDF2), which, according to current information, allows passwords to end up stored in an almost uncrackable way.

Archived Entries