Untitled Document

Industry News

How To Make The Right Choice About Security Outsourcing
New report offers in–depth look at security services alternatives — and how to evaluate them.
More >

More than half of enterprises are now using third–party security services, studies say
Today, as the volume of malware and other threats grows — and as companies cut back on IT staffing, equipment, and software during difficult economic times — security pros are looking, favorably, at the notion of getting some outside help. In fact, in a new report published earlier today, Symantec reports that more than half — 61 percent — of enterprises are now using third–party security services or are planning to employ them in the next 12 months.
More >

2008 FBI Internet Crimes Report
Internet–based crime increased by 33 percent last year, making 2008 the biggest year ever for reported cybercrime incidents, according to an Internet Crime Complaint Center annual report.
More >

Conficker Silent, But Future Attack Likely, Experts Say
The Conficker worm seems to have conducted its April 1 updates in relative peace, but security experts say that its current silence might end with a malicious attack down the road.
More >

'GhostNet' Infiltrates 1,300–Plus Computers Across More Than 100 Countries
Canadian researchers discover a global cyberespionage network that targets attacks and can gain full control of hacked systems.
More >

Don't Let Your Data Be Held For Ransom
Researchers at security vendor FireEye have discovered that malware formerly used to push "scareware" is now being used to push "ransomware."
More >

SMBs The New Target for Cyber Criminals
Visa Security Summit 2009 — Hacking banks and large businesses? That's sooo 2008. Hackers and computer criminals this year are taking a new aim — directly at small and midsize businesses, according to experts who spoke here today at Visa's annual security event.
More >

More News on Phishing and Vishing Scams
Tax time will unfortunately bring more than a refund check to many taxpayers this year. Affinion Security Center, a leading provider of identity theft protection, detection and resolution services, recently conducted a survey of 1,000 adults to determine the level of awareness and concern that exists for tax– and employment–related identity theft. Overall, the findings revealed that taxpayers have a lack of awareness and only moderate levels of concern, leaving them vulnerable and unprotected against these growing threats.
More >

Making a Typo In Your Google Search Could Lead to Malware
Report shows how rogueware affiliate networks use SEO techniques to distribute their rogue antivirus software for profit.
More >

Survey: Credit card fraud a top concern in U.S.
Overall, people are more worried about their financial security and less worried about national security than in previous surveys, according to the survey.
More >

Diary of a Data Breach Investigation
An information security manager shares the diary he kept while investigating a possible data breach.
More >

SPOTLIGHT ON HOSTED EMAIL

Mortgage Bank Selects Hosted Exchange over Google for Secure, Anytime, Anywhere Email Access
At W.J. Bradley Company, a privately held mortgage firm with more than 500 employees across 32 locations, having reliable, secure and anywhere access email is critical to the success of the business. If email is unavailable, productivity suffers and the processing of loans can be jeopardized. By leveraging a software–plus services solution built on Microsoft Exchange 2007, W.J. Bradley has realized their desired mobility, productivity and security needs.
Read the full case study from Microsoft and USA.NET >

March 2009 Statistics in Review

Top sources by country triggering IDS events in March (stand alone sensors)

RFC1918 represents a private IP. This is significant as most of our sensors monitor ingress/egress points, thus this data shows that in March we triggered many more IDS events on client internal traffic destined for the internet or internal to internal traffic. Taking a look at the top ten ids signatures this actually matches our view into top sources triggering IDS events.

1. United States
2. RFC 1918
3. China
4. Australia
5. Mexico
6. Korea
7. United Kingdom

8. Colombia
9. Canada
10. Brazil
11. Japan
12. Russian Federation
13. Slovakia
14. Spain

Top IDS events in March

Type	Name
ids.detect.recon.portsweep	TCP SYN Host Sweep
ids.detect.agent.backdoor	BACKDOOR exception 1.0 runtime detection – intial connection server–to–client
ids.detect.exploit.lib	Visual Studio Msmask32.ocx ActiveX Buffer Overflow
ids.detect.recon.web.content	IE Response Cross–Domain Info Disclosure
ids.detect.recon.pingscan	ICMP Network Sweep w/Echo
ids.detect.exploit.ip	SIP Long Header Field Header
ids.detect.exploit.net_mgmt	snmp: UDP.Public.Community.String
ids.detect.svc.os	NT Event log: security message
ids.detect.corrupt.ftp	FTP.Text.Line.Too.Long
ids.detect.anomaly.os	Windows System32 Directory File Creation
ids.detect.recon.portsweep	TCP SYN Port Sweep
ids.detect.exploit.web	Null Byte In HTTP Request
ids.detect.spoof.ip	TCP Hijack
ids.detect.exploit.tcp	TCP Drop – Bad Checksum
ids.detect.exploit.email	Non–SMTP Session Start

Top Firewall Deny sources by country in March

This also makes sense as most internal traffic tops the list. The top 2 dominated the firewall denied traffic in terms of raw numbers, this is of course expected for internal traffic (RFC1918) and to a degree from the US.

Italy is on the list again this month and matched Brazil in a near tie for 3rd and 4th. Russia dropped quite far with Korea taking its place. China and Ethiopia counts were down from last month.

Country of Origin

1. RFC 1918
2. United States
3. Brazil
4. Italy
5. Korea
6. China
7. Ethiopia

8. Netherlands
9. Japan
10. Australia
11. Sweden
12. United Kingdom
13. Canada
14. Russian Federation