Cyber attacks frequent on Asia Pacific enterprises
Three quarters of Asia Pacific enterprises — and two thirds of businesses in Singapore – have experienced cyber attacks in the past 12 months, according to new global research.
The 2010 Symantec State of Enterprise Security Study, released today, found that 38 per cent of Asia Pacific enterprises, and 67 per cent in Singapore, rank cyber risk as their top concern, more than natural disasters, terrorism, and traditional crime combined.
Initiatives that IT executives rated as most problematic from a security standpoint include infrastructure-as-a-service, platform-as-a service, server virtualisation, endpoint virtualisation, and software-as-a-service. The study involved surveys of 2,100 enterprise CIOs, CISOs and IT managers from 27 countries in January this year, including 850 respondents from the Asia Pacific and 100 from Singapore.
Full Story: Network World
The Future of Cyber Security: Hackers Have Grown Up
Late last year, the software engineers developing a new Windows-based networking client confronted an all-too-common problem in today’s hostile internet environment: How would they make their software resistant to the legions of enemies waiting to attack it? Particularly worrisome was a key feature of their code, a mechanism to accept updates online. If it were subverted, an attacker could slip his own program into an installed base of millions of machines.
The coders decided to fortify their software with MIT’s brand-new, high-security cryptographic hashing algorithm called MD-6. It was an ambitious choice: MD-6 had been released just two months before, and hadn’t yet faced the rigors of real-life deployment. Sure enough, the move seemed to backfire when a security hole was found in MD-6’s reference implementation not long after the launch. But the coders rallied, and pushed out a corrected version in a new release of their software just weeks later.
It would be a model for secure software development, except for one detail: The “Windows-based networking client” in the example above is the B-variant of the spam-spewing Conficker worm; the corrected version is Conficker C, and the hard-working security-minded coders and software engineers? A criminal gang of anonymous malware writers, likely based in Ukraine. The very first real-world use of MD-6, an important new security algorithm, was by the bad guys.
Full Story: Wired
People the weak link in cybersecurity – report
WASHINGTON – The popularity of Facebook and other popular social networking sites has given hackers new ways to steal both money and information, the security company Sophos said in a report released on Wednesday.
About half of all companies block some or all access to social networks because of concerns about cyber incursions via the sites, according to the study.
“Research findings also revealed that 63 percent of system administrators worry that employees share too much personal information via their social networking sites, putting their corporate infrastructure — and the sensitive data stored on it — at risk,” the Sophos report said.
This is despite years of exhortations to computer users that they should keep personal information private and refrain from opening attachments to emails from unfamiliar sources.
Full Story: Reuters/Yahoo SG
North Korea Suspected in Cyberattack
TOKYO, July 8 — South Korea’s intelligence agency suspects that North Korea may have been behind an Internet attack that on Tuesday and Wednesday targeted government Web sites in South Korea and the United States, lawmakers in Seoul told Yonhap news service.
Twenty-six Internet sites in the two countries, including the office of South Korea’s president and the defense ministry, were targeted, the South Korean National Intelligence Service said in a statement. In the United States, the attack targeted Web sites operated by major government agencies, including the departments of Homeland Security and Defense, the Federal Aviation Administration and the Federal Trade Commission, according to several computer security researchers.
“The attacks appear to have been elaborately prepared and executed at the level of a group or a state,” reported Yonhap, the South Korean news service. Some members of the intelligence committee in the country’s National Assembly were told by intelligence officials that North Korea or its sympathizers were prime suspects in the attacks, according to Yonhap, which cited unnamed legislators.
Full Story: Washington Post
Web Attacks Expand in Iran’s Cyber Battle (Updated Again)
More and more of Iran’s pro-government websites are under assault, as opposition forces launch web attacks on the Tehran regime’s online propaganda arms.
What started out as an attempt to overload a small set of official sites has now expanded, network security consultant Dancho Danchev notes. News outlets like Raja News are being attacked, too. The semi-official Fars News site is currently unavailable.
“We turned our collective power and outrage into a serious weapon that we could use at our will, without ever having to feel the consequences. We practiced distributed, citizen-based warfare,” writes Matthew Burton, a former U.S. intelligence analyst who joined in the online assaults, thanks to a “push-button tool that would, upon your click, immediately start bombarding 10 Web sites with requests.”
Full Story: Wired
Cyber attacks grow on SKorea military networks
South Korea’s military computer networks are under ever-growing cyber attack with 95,000 cases reported daily on average, officials said.
The Defence Security Command said in a report to a security forum that every day the military counters an average of 10,450 hacking attempts and 81,700 computer virus infections in addition to other cases.
The attacks increased 20 percent this year compared to 2008, it said. A spokesman for the command told AFP most of the attacks are the same as ordinary people experience at home, but one-tenth are serious.
Full Story: AFP
