Malware in the Office, in the Sky and on the Phone
Oct 11, 2011 5:00 AM PT
October is National Cybersecurity Awareness Month, according to the U.S. Department of Homeland Security, and it's being rung in for federal agencies with a couple of slaps to the head and a kick or two to the shins.
First, the Government Accountability Office (GAO) issued a report that stated 24 major federal agencies have inadequate IT security. It also pointed out that security incidents from federal agencies have increased more than 650 percent over the past five years.
Then, President Barack Obama issued an executive order directing federal government agencies to implement structural reforms to, in essence, improve cybersecurity.
This past week, it's been learned that a computer virus has infected the cockpits of American military drones, Wired reports. The virus apparently couldn't be eradicated.
On the consumer cybersecurity front, two new variants of malware have been discovered. One leverages Google Adwords, and the other tricks victims to reset their phone numbers, letting them fall under the control of cybercriminals.
The Big Sleep
The GAO's latest report on information security pointed out that 24 major federal agencies haven't fully implemented their information security programs.
Translation: Agency bureaucrats have repeatedly ignored cybersecurity shortcomings pointed out by the GAO over the last years.
In fact, GAO inspectors general have made hundreds of recommendations in fiscal years 2010 and 2011, the report states.
The GAO listed another set of recommendations in its latest report.
GAO IT team spokesperson Gregory Wilshusen, whose name was listed on the report, did not respond to requests for comment by press time.
Drones Get the 'Flu'
A computer virus with a keylogger payload that registers every keystroke pilots make as they remotely fly missions has infected America's Predator and Reaper drones, Wired states.
That virus was detected about three weeks ago by the military's Host-Based Security System.
This is a flexible, commercial, off-the-shelf application that monitors, detects and counters known cyberthreats to Department of Defense enterprises, according to the DoD.
It doesn't seem to be working against this particular virus, which has apparently resisted multiple attempts at eradication. The virus is suspected to have hit both classified and unclassified computers at Creech Air Force Base in Nevada.
Guidelines From the White House
Perhaps the GAO report led the president to issue his executive order instructing federal agencies to implement structural reforms to improve cybersecurity.
The directive makes heads of agencies that operate or access classified computer networks responsible for appropriately sharing and safeguarding classified information. In other words, the buck should stop at their desks.
Among other things, the executive order spells out what heads of agencies should do to fulfill their cybersecurity responsibilities. This includes designating a senior official to oversee the sharing and safeguarding of classified information, implementing an insider threat detection and prevention program, and performing self-assessments of compliance and reporting the results annually to a committee.
New Malware Surfaces
A Google AdWords spam campaign has been spotted in the wild by M86 Security Labs.
Apparently the attackers notify victims they have a new alert, either from Google AdWords or the Google Team. Those who click on the embedded link are taken to a page that captures their username and password for the Google Adwords account.
"This particular campaign was responsible for about 0.6 percent of all spam," Bradley Anstis, vice president of technical strategy at M86, told TechNewsWorld.
That doesn't seem like much, but it's "a pretty high share for a single campaign," Anstis stated.
Meanwhile, cybersecurity firm Trusteer has discovered a new variant of the SpyEye banking Trojan.
This launches a two-phase attack. First, it steals the victim's online banking login details. Second, this malware changes the victim's phone number of record in the online banking application to one that's controlled by the cybercriminal and tricks the victim into sending the online authorization code for his or her account to the crooks.
"This is the first time we've seen a scheme that lures users into resetting the phone number they use to receive SMS verification codes," Amit Klein, chief technology officer of Trusteer told TechNewsWorld.
This attack is carried out against desktop computers, Klein said.