Iran Still Stuck With Stuxnet
Stuxnet, the computer malware that's wreaked havoc with Iran's nuclear program for nearly two years, may be curable, if an antivirus program the country claims to have developed is effective. "If the Iranian software can do that, I would love to see it," said Tofino's Eric Byres. "But I would not hold my breath on that. This may strictly be a morale-building announcement inside Iran."
Mar 26, 2012 6:00 AM PT
Iran apparently has developed an antivirus program to neutralize the notorious Stuxnet virus that put a kink in the country's nuclear development program in June 2010.
Iran has vowed to distribute the antivirus program for free in about a month, according to Trend, a publication that describes itself as a private media outlet in Azerbaijan.
The announcement may be intended to buck up the spirits of Iranians, according to Jeffrey Carr, CEO of Taia Global and author of Inside Cyber Warfare: Mapping the Cyber Underworld.
"They'd been struck with what is now one of the most famous viruses in the world, probably still have residual fallout from it, and may now have a way to demonstrate to the public that they aren't victims," he told TechNewsWorld.
Stuxnet Is Old Hat
The world has moved beyond Stuxnet, maintained Eric Byres, CTO and vice president for engineering for Tofino Security Products.
"Stuxnet is definitely a quaint artifact in most of the world, but it might still have some life inside Natanz," he told TechNewsWorld.
Natanz is where Iran's uranium enrichment facility is located.
An antivirus program that countered Stuxnet would be less interesting than one that could also neutralize Stuxnet's successors, like Duqu.
"If the Iranian software can do that, I would love to see it," Byres said. "But I would not hold my breath on that. This may strictly be a morale-building announcement inside Iran."
Verizon, Symantec Breach Studies
2011 was a near-record year for cybersecurity breaches, but the cost of the breakins appears to be going down.
Those were two of the key findings in breach studies released last week by Verizon and Symantec.
More than 174.5 million records were compromised in 855 companies studied for Verizon's 2012 Data Breach Investigations Report.
Last year's breach number is the first rise seen by Verizon researchers in two years and more than half (58 percent) of it is tied to hacktivist activity.
Hacktivists Make Their Mark
The most significant change Verizon researchers saw in 2011 was the rise of "hacktivism" against larger organizations worldwide, the report noted.
It added that the frequency and regularity of cases tied to activist groups that came through its doors in 2011 exceeded the number worked in all previous years combined .
"We were kind of expecting that based on all the news that took place this last year," Chris Porter a principal on Verizon's RISK Team, which prepares the report, told TechNewsWorld.
The report also showed a continued drop in the role insider threats play in the breaches studied by Verizon. Since reaching a high of 48 percent in 2009, the role of insiders as threat agents has rapidly declined, reaching just 4 percent last year.
"We have never had insiders above external agents in our caseload," Porter said.
"It's something we chat about every year, especially given the 80-percent-threat-is-always-due-to-insiders myth we've seen in the information security industry since the early 2000s," he added.
Drop In Breach Costs
While 2011 may have been a banner year for stolen records, the cost of losing those records went down, according to Symantec's 2011 Cost of Data Breach Study, performed by the Ponemon Institute.
For the first time in seven years, the report stated, the average cost to organizations for a data breach dropped, year-over-year, by 23.6 percent, to US$5.5 million from $7.2 million.
What's more, the cost per lost record also dropped to $194 from $214.
While Verizon discounted the role of insiders in the cases it studied, that wasn't the case with the organizations in the Symantec sample. Thirty-nine percent of them pegged their data breaches to negligent insiders.
However, the researchers also noted that, for the first time, nearly a third of the breaches reported in the study were attributed to malicious or criminal attacks.
- March 16: NaturEnergy, of Romania, was breached and phone numbers and email addresses of more than 200 users were posted to the Internet.
- March 19: Email addresses of more than 8,000 students were accidentally distributed to recipients of a financial aid mailing list by Student Finance England.
- March 20: A hacker known as "s3rverexe" breached a server for International Police Association of Australia and posted server information and email addresses of five users to the Internet.
- March 21: A computer containing personal details of every city councilor in Belfast, Ireland, was seized by police.
- March 21: The large online purchasing site Dangdang.com instructed users to change passwords after account balances of nearly 100 users were stolen due to breach of database information.
- March 22: Employees of Lake Worth, Texas, school district were notified of a potential security breach involving a former employee. The district is currently investigating the incident.
- April 28-29: Drone Summit: Killing and Spying by Remote Control. Mount Vernon Place United Methodist Church, 900 Massachusetts Avenue NW, Washington, D.C. Sponsored by Reprieve and the Center for Constitutional Rights. US$20-$100.