Cyber Threat Reports: The Week in Review

Because it is that time of the year in the security industry — Black Hat is celebrating its “Sweet Sixteen” party in Las Vegas and those who have been watching the bad guys have digested and decided to publish reports on what they have witnesses — this has been a week of cyber threat information overload for my inbox. Hence, rather than focus on one report, I thought it might be instructive to put the highlights of just a few of these reports in one place. Individually and collectively, they paint a less-than-rosy picture. In short, the bad guys have had a good half year.

Below are the highlights or lowlights depending on your perspective.


Image via Shutterstock

Kindsight (News - Alert) insight

Alcatel Lucent’s Kindsight subsidiary is out with its Kindsight Security Labs Malware Quarterly Report. It is worth a look due to the unique position of Alcatel-Lucent’s (News - Alert) network security and analytic products within service provider networks, which can measure the impact of traffic types traversing the network, including malicious and cyber-security threats. Findings include:

• 10 percent of home networks and over 0.5 percent of mobile devices were infected with malware, both increases from the previous quarter.  
•  6 percent of home networks exhibited high-level threats, such as “bots,” “rootkits” and “Trojan” banking viruses – all types of malware infecting computers, computer programs and applications running on computers.
• The ZeroAccess botnet continues to be the most common malware threat, infecting 0.8 percent of broadband users.
• In mobile networks, the vast majority of infected devices are either Android (News - Alert)™ phones or Windows™ laptops tethered to a phone on connected directly through a mobile USB stick or MIFI hub.
• Mobile malware continues to grow with a sixfold increase in the number of Android malware samples.

Threat Security and C-Levels

Here is a title that should make you want to link to the full report: ThreatTrack Security Finds C-Level Executives Lack Confidence in Their Cybersecurity. The independent blind survey of 200 C-level executives at U.S.-based enterprises was conducted by Opinion Matters on behalf of ThreatTrack Security in June 2013. The results highlight the opinions of CSO, CIO, CEO and CTO executives related to the cybersecurity practices of their companies. 

Not surprisingly, the survey found that 97 percent of enterprises with annual security budgets over $1 million still report concerns that they are vulnerable to malware attacks and cyber-espionage tactics.  However, there was some interesting food for thought:

·         69 percent of executives are concerned that their organizations may be vulnerable to targeted malware attacks, Advanced Persistent Threats (APTs) and other sophisticated cybercrime and cyber-espionage tactics.

• 21 percent say their biggest concern is not knowing whether an attack is taking place.
• 47 percent say their cyber defense does not include an advanced malware analysis tool, such as a malware analysis sandbox
• 42 percent do not have a dedicated Incident Response Team employed.
• One third of the enterprises surveyed say they are aware of a targeted malware attack against their company, including 50 percent of financial services firms and 53 percent of manufacturing companies.
• 82 percent of financial services firms are concerned about APTs and sophisticated attacks, but only half of them employ an advanced malware analysis tool like a sandbox.
• 36 percent of enterprises say they are more concerned about losing proprietary intellectual property and trade secrets in a breach than they are about losing their customers’ personally identifiable information (such as credit card data, social security numbers or medical records).

But that is not all. In a companion survey of 203 U.S. consumers done at the same time, 71 percent indicated that the companies that hold their personally identifiable information were either not doing everything they could to protect that data (43 percent) or they were not sure whether that was the case (28 percent). 75 percent had concerns that these companies would be attacked and their personally identifiable information would be compromised. The data also suggests we have reason to be concerned. While admittedly a small sample and thus anecdotal, 47 percent indicated that they have been notified at some point that their information has been compromised by a breach. And may be worst of all, another 47 percent said that even after being notified, they still did not feel well-informed or reassured that their data would be safe.

The big surprise, and this one seems to be shifting wildly and daily depending on the news surrounding the NSA scandal and the barrage of cyber attacks on companies and governments, 70 percent said they do not believe the government should dictate to private companies how they handle and store private data or which technologies they should use to secure their networks.

Voltage provides another factoid in the form of pre-PRISM paranoia

This week also saw Voltage Systems release the result of a little research it did back in April of this year at the Infosecurity Europe Event, i.e., it was before the PRISM scandal. It survey over 300 IT security professionals, over half of whom work in companies that employ more than 5,000 people, and found that 62 percent of them thought the government snoops on their corporate data that resides in the cloud.

I bring this up because security has been a big obstacle in slowing cloud adoption, and these findings while once again anecdotal, do reflect IT professional’s skepticism about cloud security despite the belief my many industry observers, including myself, that the cloud may in fact be safer than what currently passes for secured data in many enterprises today which do not store things in the cloud.

Mobile problems identified b y NQ Mobile (News - Alert)

Every report has a little bit of a twist. As the saying goes, “where you stand depends on where you sat.”  Thus, in my review of reports from this week I wanted to make sure one from my friends at NQ Mobile. The headline finding was the troublesome revelation (available for review here and then click where it the report is listed to open up a slide show of the results) that 51 thousand new mobile malware threats were identified in the first half of 2013, infecting an estimated 21 million mobile devices. And, just so you know that this is not anecdotal data here are some numbers to chew on as to why this one commands attention. 

• NQ Mobile’s protection services NQSense™ has 327 million registered users accounts and 111 million active users.
• The company’s crawler scanned over 2.2 billion urls and discovered over 5.4 million fraudulent ones in 2012.
• NQRiskRank™, the company’s algorithm for looking at whether apps are good or compromised in some manner, scanned 5.3 million apps in 406 marketplaces around the world in 2012.  

More to come   

Next week, there will be more reports, and they are going to confirm what we all surmise — threats are on the increase, oldies but goodies still are very effective however new ones are more malicious in many ways. In addition, attacks are increasing in frequency and sophistication, the days of attacking/hacking are coming to a close as the bad guys realize there is money in cyber attacks and they are constantly improving their monetization techniques. Plus, nothing is immune. The connected planet is reality and things go viral all too fast.

On the enterprise side of things, I resonate with the remarks of ThreatTrack Security Chief Executive Officer Julian Waits, Sr. who said, “Companies that don’t employ the right mix of people, process and technology are making themselves excellent targets for the cyber bad guys.” And, for we the people, education and simple protections which for starters includes downloading, running and updating the latest anti-virus and anti-malware is not something to put on a to do list. It is something to get done. 

I have a feeling next week will cause the need for another report on the reports based on my inbox being a leading indicator. I know there will be lots of news on solutions as well as warnings out of Black Hat on why we should not sleep well at night. There is no such thing as the “summer doldrums” in the cyber security business.