Talking Points – Security week review

Good morning my friends as we all all aware Lulzsec closed its operation after 50 days of astonishing activities.

Is that really the end? or just the beginning?

While a group seems to fade, another one revamp, Anonymous taken the Lulzec legacy and both Operation Payback and AntiSec seems to strikes again and again. Brazil, USA, Italy, Spain Greece, Americas and Europe, Asia and Africa seems there is no border for Cyber Aktivists and Cyberwarfare.

So if LulzSec closed operations (but it is really what happened?) nothing has really changed in the CyberSpace.

But if the Age of Lulzsec turns to be History we finally find again on our news the good old Cyber-crime. May be someone was thinking that the only problem was Cyber terrorism, but, come on, you still think that cyber-criminal are not a constant presence in our world? if so Think twice 🙂

It comes out that researcher found the biggest botnet ever TDL-4; so my friend, the bad guys are still there.

And was not only botnet to generate headache in our IT departments, A recent Cisco Report showed how Phishers and spammers are shifting their activities from mass distribution to more specific and more remunerative targeted attacks.

Mixing Mail, as a main vector, and malware, mostly deployed with a “drive by download” methodology starting from the Mail itself, those targeted attacks are becoming more insidious and more evil.

But anyone can be fooled, if RSA did you think you’re better?

But those targeted attacks are delivered not only by ususal E-mail but also using the newest communication media, like social networks and portals. So if google deleted 93000 fake advertisements the King, Facebook, is always the preferred target. Malware campaign using the Facebook messages are spreading all days long. and do no think you do not need protection, there have been reported infected apps as well. Speaking of which we cannot avoid to remember that application world is still a very difficult area for security, so not only Facebook suffer security issues, but I have to say also mobile applications developed for the always more used so called smartphone and smart devices (tablets).

it is not the fact Google is still fighting to clean up android market, but the use we do of mobile devices is spreading concerns among experts. we use it for work and access sensitive data, we use it for leisure and access personal data. those devices are full of useful information for cybercrooks and can be also used as a trojan horse to reach our networks from the inside. And do not even think that someone is immune, both major OS have dangerous flaws, and “he’s worse than me” apologeting does not stop the bad guys.

As i read once: “the good news is that there is only the 0.01% of chances to be targeted, the bad is that I’m in those 0.01%”

Lot of reports so also on mobile security, that does not means we do not have to use them, but just we have to learn how to use them.

besides I’m doing a little survey here to understand how we feel about mobile, you’re more than welcome to partecipate 🙂

It has been a long roller coaster ride this month, that certified a lot of changes in our perceptin of what is moving outside there.

We started to learn that Acktivism and hackers are back, Data are the preferred target for cybercrooks, cyber criminality work for money and live for money, any device can be source of risk, and the jailbreaking and hacking are not just geek activities but things we have to face every day.

Special mention to:

Anonymous and LulzSec

but we should remember the other guys with colored names like The Jester, Web ninjas, Chinga la migra …. 

Some of the Hacks this month signed deeply the perception of what our world is becoming so let start mention

Google Mail Hack: China Vs a Private company, Mail always important (even more), Politicians and public officials using a private account to exchange private info…wow a lot of amazing stuffs here

Sony: From PSN to Picture, how to not do security, not to understand what it is happening, and how not to assume responsibility for it’s own mistakes, looks like life (or a soap opera)

Citi: yes we’ve been hacked, credit card data stolen but we do not tell to anyone, may be if nobody knows nothing happened… seems the Citi group justification. alas it comes out…

IMF: Damn it, i was trying to ask a 12 billion dollar loan for myself, geez if the most important financial entity can be hacked we should really be cautious. can you imagine what kind of sensitive data they handle? and just to wonder, you do knows hacker started the journey with spear phishing?

Acer: This case we can honestly ask Why the”Pakistan cyber army” group needed to attack them?

Sega: Why games company? may be because of their database are full of interesting data, like usernames, email, passwords, credit cards numbers (wait, that was Sony PSN).. Sega has not been the only one of course, seems games company are a preferred target. Funny enough, LulzSec deny any involvement and promise revenge against Sega Hackers.

Arizona Deparment of Public Safety: LulzSec, Anonimous? Both? can you feel the irony of the Antisec operations here?

Infragard, CIA, FBI: yes the more the better, also what should be the temple of  security can be hacked by some motivated teenagers…. we should really think about it, what would happen when well motivated professionals play the game?

…

i could continue of course but then you would think I’m here to scare you, well partially right 🙂

All this should make us think: if the security landscape is changed why our security activities are still the same?

all for this week

have a great time and enjoy your weekend

cheers

Antonio