Everywhere you turn, someone is using his or her smartphone. Whether you’re addicted to your BlackBerry or you can’t live without your iPhone, smartphones are taking over the mobile world. Browsing through mobile applications has become part of the smartphone culture; we look for an app that will make doing XYZ a little easier in our lives. However, unsuspecting consumers need to realize that mobile applications are one of the greatest threat vectors for smartphones.
“Smartphones are appealing to cybercriminals because they contain vast amounts of data and are always connected to the Internet,” said RSA panelist Joseph Opacki during one of the conference's Wednesday discussions on mobile security. While the smartphone works to make our lives easier, it’s also coincidentally making the life of a hacker easier, too. Mobile devices are garnering momentous attention from the cybercriminal community and now security experts understand why.
A director of cyber security intelligence at an IT services and solutions consulting firm, Adam Meyers, agreed that mobile web browsers and operating systems contain vulnerabilities that could be exploited for malicious purposes. Users may begin to encounter malware that exploits these weaknesses via drive-by-download on mobile web sites.
Among other things, one of the main reasons consumers are so addicted to their smartphones is unlimited accessibility to email. This is certainly something to think about the next time you’re scrolling through your inbox and see an email from an unknown sender. During a cyber espionage session at RSA on Thursday, Mikko Hypponen told audience members that, “Almost all targeted attacks happen via email, though some occur during the use of online chat services or web-based exploits. These emails are actually created and sent by attacks; they contain code to trigger exploits that open backdoors on affected systems.”
McAfee CTO George Kurtz made a valid point during his keynote while discussing malicious codes and whether security checkpoints will always stop them before any real damage is made. “If you download something from an app store, are you assuming it is okay? When do Apple or Google have time to go over three million apps with a fine tooth comb?” Based on these ideas, can we start see the world of mobile app scanning take off? Is this really the next step in the fight against targeted attacks?
Tags:
cybercriminals,
cyberthreat,
malware,
mobile apps,
mobile device,
mobile security,
security,
smartphone,
vulnerabilities
Posted by Katerina Korfias on February 18, 2011 at 12:59 PM
| TrackBack (0)
WikiLeaks – It happened, now what? During yesterday’s “WikiLeaks: The Aftermath” panel, former Black Hat hacker and senior editor at Wired.com Kevin Poulsen claimed that WikiLeaks-style copy-cat sites are on the rise, but they’re taking a new direction. According to Poulsen, "Founder of WikiLeaks Julian Assange made exposing secret documents sexy.” Assange showed us just how much attention a disgruntled employee can cause and now organizations other than WikiLeaks are springing up to support the release of sensitive data.
Take, for example, the recent HBGary debacle. HBGary Federal was hacked by group Anonymous, which ended up publishing thousands of emails belong to company executives. But these aren’t just copying WikiLeaks--these are organizations that are developing technology to make their job easier by better transferring secured data.
When discussing WikiLeaks, the notion of a “cyber war” frequently comes into mind. Many are categorizing this recent attack as the leader that paved the way for a new era of cyber attacks to come in and cause massive damage to critical infrastructure. However, security experts debated this issue during a keynote yesterday. According to these experts, the public needs to fully understand what cyber war is and what it isn’t; the subject matter is perceived as black or white, with no room for gray in between.
Former U.S. Secretary of Homeland Security Michael Chertoff states, “I would consider something that destroys major systems an act of cyber warfare.” He also claimed that the U.S. government needs to work on establishing a more efficient structure of response to cyber attacks. In turn, this would require an increase in government IT security. “If people inside the government see something they don’t like, there needs to be a process for whistle blowing that protects the information in the right way,” said a former member of the U.S. National Security Council staff, Roger Cressey.
The WikiLeaks attacks are not just something of the past; hackers have seen the damage that was caused and that's only adding fuel to their fire. Groups are searching for ways to make their next big hit, especially on an organization that has no infrastructure and no funding. It’s a battle of the fittest, with the strong exploiting on the weak.
Tags:
Anonymous,
cyber warfare,
cyberattack,
government IT security,
government security,
hackers,
HBGary,
Julian Assange,
U.S. government,
WikiLeaks
Posted by Katerina Korfias on February 17, 2011 at 11:38 AM
| TrackBack (0)
As we trek into the third day of RSA, we’re already noticing that many of our pre-RSA predictions are holding true – guess it’s our "sixth sense" for security trends. In an earlier post, my colleague Kristin Allaben suggested that in addition to cloud security, top themes at this year’s conference would include trends in government security and cyber warfare.
Yesterday’s highly anticipated Symantec keynote delivered by president and CEO Enrique Salem warned his audience that the worst of targeted cyber attacks is yet to come. A statement made by Salem left us, and surely the rest of the audience, feeling slightly unsettled referred to a recent, highly publicized targeted malware attack. “Stuxnet was the attack that moved the game from espionage to sabotage.” It seems as though the safety of our critical security infrastructure is at stake, especially with recent movements to the cloud and the replacing of PCs with smart devices. Is our growing adoption of virtualized environments ultimately letting down our protective barriers?
Art Coviello, EVP of EMC and president of RSA, doesn’t seem to think so and remains fairly optimistic. During his presentation, he claimed that virtualization is the silver lining in the cloud. Due in large part to a growing business demand, organizations are rapidly adopting cloud technologies. While this is great for the cloud industry, Coviello stated that it is causing growing concern for security practitioners who are in charge of governing and managing data in the cloud. Automation has become an essential part of enabling security in virtualized environments.
Rest assured though, there is light at the end of the tunnel. Coviello told audience members that the vendor community has been working to apply security principles to their solutions that will enable a secure, trusted cloud. Interestingly enough, we can expect to see predictive analytics being deployed in trusted cloud environments based on an understanding of normal states, user behaviors and transaction patterns.
Check back here tomorrow for additional coverage and highlights of this year’s RSA Conference. We’re interested to see if discussion will continue around security in the cloud or if something new will pop up.
Tags:
cloud computing,
cloud security,
government IT security,
malware,
Stuxnet,
targeted attacks,
virtualization
Posted by Katerina Korfias on February 16, 2011 at 12:13 PM
| TrackBack (0)
