The Honan Affair and the Cloud's Dark Lining
Aug 13, 2012 6:00 AM PT
The attack last week on journalist Mat Honan's iCloud account has the potential to strip the silver lining from the cybernimbus.
Honan had his digital life destroyed when hackers, in a convoluted effort to hijack his Twitter account, ended up trashing everything connected to his Apple iCloud account.
"Cloud storage means you have all your eggs in one basket, so you better take very good care of that basket," Dmitry Bestuzhev, head of Latin America Global Research for Kaspersky Lab, told TechNewsWorld. " You lose it, you lose everything."
The Honan incident says more about the fragmented state of security policies implemented by cloud providers than the security of the cloud itself, argued Trend Micro threat research manager Jamz Yaneza.
Both Honan and the cloud services involved contributed to the unfortunate incident, he added. "The affected user admits to not having followed the proper and logical advice that's been said over and over again for years, regardless of infrastructure -- backup, then backup your backup," Yaneza told TechNewsWorld.
Meanwhile, authentication systems deployed by providers are, for the most part, weak. "Security systems should match what they protect," he observed. "You do not use a lock and key to prevent access to a missile silo."
Embracing the cloud doesn't free anyone from security concerns, maintains Symantec's head of Global Cloud Marketing Dave Elliott.
"Cloud services providers, enterprises and individual users can all learn a lesson or two from this incident," he told TechNewsWorld. "Security is still your responsibility when you move to the cloud, both as an individual user or as an enterprise, so don't abdicate your responsibilities when you make the move."
Facebook was under daily attack by cyber grifters during the first half of 2012, according to Bitdefender's E-Theat Landscape report for the first half of the year. On average, 7.3 scams a day were targeted at Facebook users, Bitdefender reported.
"Classic email spam is going down," Bitdefender Senior E-threat Analyst Bogdan Botezatu told TechNewsWorld. "They are now more focused on social networks, like Facebook or Twitter, because they can deliver much more targeted content there."
The biggest security surprise during the first half of the year was the discovery of Flame, the super malware program aimed primarily at Iran. "It gave new meaning to the term 'cyberwarfare,'" Botezatu observed.
Social networks aren't the only popular attack targets on the Web. In its six-month report on Web apps, Imperva noted that a typical Web application is assaulted at least once in every three days.
The biggest source of attack traffic on the Internet is the Asia-Pacific region, network traffic manager Akamai revealed in its State of the Internet report for the first half of 2012. More than 42 percent of all attacks observed by the company's global data network originated in that region, it said.
FireWire's Malware Intelligence Lab also released some interesting findings about Advanced Persistent Threat (APT) awareness among security professionals. It found that 65 percent of infosec pros believed their signature-based security systems could foil spear phishing attacks -- which, of course, they can't. Spear phishing is the cornerstone of a targeted attack.
Meanwhile, Symantec reported that small businesses (SMBs) are gaining in popularity as targets for cybercriminals. More than a third of the targeted attacks on businesses during the first half of 2012 were on SMBs. That's twice the percentage of attacks leveled at those concerns during the previous six-month period, the cybersecurity company reported.
New Cyberthreat Discovered
A new super malware program targeting computers in the Middle East was revealed last week by Kaspersky Lab.
Called "Gauss," after a German mathmematician of that name, the malware shares some characteristics of the Flame malware discovered earlier this year.
Kaspersky described Gauss as "a complex, nation-state sponsored cyberespionage toolkit designed to steal sensitive data, with a specific focus on browser passwords, online banking account credentials, cookies, and specific configurations of infected machines."
Discovered as part of an initiative sponsored by the International Telecommunications Union (ITU) following the discovery of Flame, Gauss has been neutralized by shutting down its command and control infrastructure. However, Kaspersky estimates that the malware had tens of thousands of victims.
Unlike Flame, which was primarily aimed at Iran, Gauss appears to have been designed to steal data from several Lebanese banks, as well as from Citibank and PayPal customers.
The exact method Gauss used to infect computers is still unknown, Kaspersky said.
- Aug. 3: Stanford University Medical Center sent letters to some 2,500 patients informing them that their medical and personal information, including Social Security numbers, may have been on a notebook computer stolen from a faculty member's locked office on July 15 or 16. The center said that the computer contains tracking software that hasn't been activated since the theft.
- Aug. 3: Reuters' blog platform was hacked and items falsely attributed to the wire service's journalists were posted to the site.<.li>
- Aug. 5: Reuters' Twitter account was compromised and bogus tweets about the Syrian insurrection were posted to the Internet.
- Aug. 6: Torbay Care Trust in Devon, UK, was fined pounds 175,000 (US$274,278) for publishing to the Internet a spreadsheet containing personal information for 1,000 employees. Information included sexual orientation, religious beliefs, name, date of birth, pay scale and National Insurance number. The preadsheet was online for 19 weeks before a member of the public alerted the organization to the error.
- Aug. 9: The Australian Institute of Business Brokers (AIBA) denied claims by hacktivist collective Anonymous that passwords of 250 brokers were stolen from the organization. Passwords associated with brokers in the Internet posting by Anonymous were bogus, the AIBA said.
- Aug. 16: Call for speakers closes for RSA Conference 2013 in San Francisco.
- Aug. 20-23: Gartner Catalyst Conference. San Diego, Calif. Standard price: $2,295.
- Aug. 23: Washington D.C. Tech-Security Conference. L'Enfant Plaza Hotel, 480 L'Enfant Plaza SW, Washington, D.C.
- Sept. 12-14: UNITED (Using New Ideas to Empower Defenders) Security Summit. Grand Hyatt, San Francisco. Registration: $1,395.
- Oct. 9-11: Crypto Commons. Hilton London Metropole, UK. Early bird price (by Aug. 10): Pounds 800, plus VAT. Discount registration (by Sept. 12): Pounds 900. Standard registration: Pounds 1,025.
- Oct. 16-18: ACM Conference on Computer and Communications Security. Sheraton Raleigh Hotel, Raleigh, N.C.
- Oct. 18: Suits and Spooks Conference: Offensive Tactics Against Critical Infrastructure. Larz Anderson Auto Museum, Brookline, Mass. Attendance Cap: 130. Registration: Super Early Bird, $195 (by Aug. 18); Early Bird, $295 (by Sept. 18); Standard, $395 (by Oct. 17).
- Oct. 25-31 Hacker Halted Conference 2012. Miami, Fla. Sponsored by EC-Council. Registration: $2,799-$3,599.