Cyber Security News of the Week, April 22, 2012

Cyber Security Commentary — ISSA-LA 4th Annual Information Security Summit

Join us on May 16 for ISSA-LA’s 4th Annual Information Security Summit.  Keynote address by Alan Paller. Special keynote address by Chris Coffey. Perfect for business, technology and information security leaders.

I recommend the Summit to both the CIO and their staff because it’s the one day you can count on to get informed, learn how to stay informed, and build a network of strong security professionals who are passionate about supporting the “neighborhood watch” of information security. 

Jennifer Terrill, CISSP
Vice President Information Technology /  CISO
True Religion Brand Jeans

Visit the ISSA-LA Summit Website for more information or to register.

Cyber Crime

Thieves Replacing Money Mules With Prepaid Cards?: Recent ebanking heists — such as a $121,000 online robbery at a New York fuel supplier last month — suggest that cyber thieves increasingly are cashing out by sending victim funds to prepaid debit card accounts. The shift appears to be an effort to route around a major bottleneck for these crimes: Their dependency on unreliable money mules. KrebsOnSecurity, April 13, 2012

Cybercriminals Check In At Hotel Point-Of-Sale Systems: Cybercrime gangs are increasingly finding hotel point-of-sale systems hospitable to attack: Researchers have spotted a new remote access Trojan (RAT) tool for sale in underground forums that targets hotel computers at a global hotel chain. Dark Reading, April 19, 2012

Cyber Vulnerabilities

Flashback Malware Still Affects 140,000 Macs: Apparently not all Mac users got the memo about Flashback, the malware that recently infected more than 600,000 computers running OS X. According to security firm Symantec, roughly 140,000 Mac computers were still infected as of April 16. CIO, April 18, 2012

Google Warns 20,000 Websites They Could Be Infected with Malware: Google has warned 20,000 websites that they might be hacked and injected with JavaScript redirect malware, Google said. CIO, April 19, 2012

The malware numbers game: how many viruses are out there?: How many distinct strains of malware are in circulation today? If you said hundreds of thousands or millions, you’re way off. A close look at numbers from one leading security company helps explain why some big numbers don’t tell the whole story. ZDNet, April 15, 2012

Cyber Security Management

Three Security Snags That Expose The Database: Insecure Web apps, no linkage to IAM, and poorly configured segmentation all contribute to database vulnerability. Dark Reading, April 19, 2012

The Benefits Of Top-Down Security: While enterprise-level breaches often get the attention of C-level suite executives and the members of their IT staff, industry research shows it actually falls to rank-and-file employees to apply best practices and exercise sound judgment in order to properly contain them. Dark Reading, April 18, 2012

Board: Protect medical devices from cybercrime: Medical devices such as insulin pumps are at increased risk of cybersecurity breaches, which puts millions of patients at risk of significant harm, warns the Information Security and Privacy Advisory Board (ISPAB). FierceHealthIT, April 16, 2012

Enterprise Networking: Data Security in the BYOD Era: 10 Big Risks Facing Enterprises: Rogue and shadow IT have been problems for data and network security and compliance officers for a long time, but the rising number of bring-your-own-device (BYOD) proponents is threatening to become a much larger overall issue. Most organizations do not have the tools to ensure security of their data on just any device, especially when those devices will be by definition either partially or totally unmanaged. In addition, organizations are grappling with the challenges these pose for the enterprise network. Traditional security technologies that rely on endpoint security, configuration management, or establishing and controlling a network perimeter are ill-suited for a BYOD-friendly company, prompting CIOs to turn to more innovative, data-centric approaches as they come to terms with losing control of access to sensitive data. And make no mistake: 2012 is all about control of data. Our expert resource for this slideshow is Ryan Kalember, vice president of strategy at WatchDox, which enables organizations to access, share and control their documents on any tablet, smartphone or PC—even those beyond the IT department’s control. eWeek, April 17, 2012

Securing the Village

America’s cyber czar speaks: Howard Schmidt, special assistant to U.S. president Barack Obama and White House cybersecurity coordinator, appeared this morning before a group of executives gathered at Bloomberg’s New York headquarters to discuss his goals, challenges and hopes for American cybersecurity. ZDNet, April 20, 2012

Microsoft Responds to Critics Over Botnet Bruhaha: Microsoft’s most recent anti-botnet campaign — a legal sneak attack against dozens of ZeuS botnets — seems to have ruffled the feathers of many in security community. The chief criticism is that the Microsoft operation exposed sensitive information that a handful of researchers had shared in confidence, and that countless law enforcement investigations may have been delayed or derailed as a result. In this post, I interview a key Microsoft attorney about these allegations. KrebsOnSecurity, April 18, 2012

Cyber Crime Economics

The Cybercrime Wave That Wasn’t: In less than 15 years, cybercrime has moved from obscurity to the spotlight of consumer, corporate and national security concerns. Popular accounts suggest that cybercrime is large, rapidly growing, profitable and highly evolved; annual loss estimates range from billions to nearly $1 trillion. While other industries stagger under the weight of recession, in cybercrime, business is apparently booming. The New York Times, April 14, 2012


Anonymous Must Evolve Or Break Down, Say Researchers: The movement started as an Internet meme and grew into a complex and chaotic community. Security experts argue that the Anonymous brand is now in danger of imploding. Dark Reading, April 19, 2012

Cyber Legislation

House committees approve 2 cybersecurity bills”>House committees approve 2 cybersecurity bills: Two cybersecurity bills were approved by House committees on Wednesday. Those bills — as well as a third cybersecurity bill — are expected to be considered on the House floor as soon as next week. Federal Times, April 18, 2012

Cyber crime official optimistic on new legislation: The Obama administration’s top cyber security official says companies would not be unduly burdened by a Senate bill that would phase in security standards for key parts of the country’s privately held infrastructure. Chicago Tribune, April 16, 2012

New CISPA Draft Narrows Cybersecurity Language as Protests Loom: The U.S. House Intelligence Committee has released a new draft of the Cybersecurity Intelligence Sharing and Protection Act (CISPA), narrowing the definition of “cybersecurity threat” in response to alarms being sounded throughout the technology community. Mashable, April 14, 2012