Thursday, November 13, 2008

USA Corporate Networks. Are They Secure Enough?

For some time now, cyberscum have been targeting individual users with malware designed to capture passwords, financial data and other personal information. While this certainly hurts if you're a victim, personal finances usually involve relatively small amounts.

Now, evildoers are going after much bigger fish. USA Today has a story on this trend, with an unnamed Houston company serving as the nightmare scenario in the lead:

An innocuous posting appeared on a Houston-based technology company's internal website on a recent Friday afternoon.

A couple of workers saw it, and obeyed instructions to click on a Web link. The posting seemed trustworthy. It was on an employees-only message board. And the link referenced news about a favorite company charity.

By clicking on the link, the workers infected their PCs with a virus that shut down the company's antivirus defenses, says Don Jackson, director of Threat Intelligence at Atlanta-based SecureWorks, who investigated the break-in. As a rule, tech security firms help clients under non-disclosure agreements.

The virus swiftly located -- and infected -- some 300 other workstation PCs, silently copying the contents of each computer's MyDocuments folder. It transmitted the data across the Internet to a gang of thieves operating out of Turkey.

"It was kind of like high-tech dumpster diving," Jackson says. "You get in, grab all the stuff you think might be important and sort through it later."

That Sept. 19 caper underscores an alarming shift in the teeming world of Internet crime. In the past year, cybercriminals have begun to infiltrate corporate tech systems as never before. Knowing that some governments and companies will pay handsomely for industrial secrets, data thieves are harvesting as much corporate data as they can, in anticipation of rising demand.

This should send chills down the spine of any corporate IT manager. All it took was one small hole that allowed the planting of the link in the company message board. It may have accessed by social engineering, in which an employee was tricked into giving up a password. Or, malware on an employee's workstation or even home computer may have yielded access. Or, an unpatched flaw in a company server may have let the bad guys in.

The story paints another interesting scenario:

Cybercriminals on the cutting edge are forging ahead. They're culling the ocean of stolen personal data for user names and passwords to access corporate systems. They've begun to target corporate employees who use free Web tools, such as instant messaging, Web-based e-mail and group chats on social-networking sites.

Often employees use such free tools to expand their business contacts and to back up clunky, company-supplied systems. But corporations have been slow to come to grips with security holes intrinsic to such free tools, or to restrict their use. "Corporations need to accept the fact that these tools are here to stay and secure them," says Jose Nazario, senior security researcher at Arbor Networks.

The most fertile turf: AOL, Yahoo and MSN instant messaging; YahooMail, HotMail and Gmail; and MySpace and FaceBook, the free tools that on any given day you'll find open on millions of workplace PCs. The most coveted loot: e-mail address books, instant-messaging buddy lists, PowerPoint slide presentations, engineering drawings, partnership agreements, price lists, bid proposals, supply contracts, executive e-mail exchanges and the like.

Employees often complain angrily when the Web-based tools they use at home are blocked at work. This story paints a compelling argument for doing so.

And remember last month's emergency patch from Microsoft? Here's why it was issued:

Last month, enterprising thieves discovered a big security hole in millions of work computers that forced Microsoft to issue a rare emergency patch.

The flaw, in Windows XP and Windows Server PCs, makes it possible to control any Internet-connected PC without having to trick the user into clicking on a tainted attachment or Web page. Criminals implanted a program in corporate PCs that automatically turned on every 10 minutes, says Sunbelt Software researcher Eric Sites.

The program copied and extracted all personal data stored by a PC's Web browser and registry, which gives the Web location of the machine, then turned off.

"This looks like something very customized, targeting very specific people," says Sites. "They could be after business intelligence or military secrets. These are not your average attackers."

Microsoft did not know about the flaw until reports of ongoing intrusions reached the software giant. Security experts say it will take months for the patch it issued to be installed pervasively in corporate settings. That's because large organizations test and install patches methodically, so as not to disrupt internal networks.

The bottom line is this: Just because you're on a corporate network doesn't mean your computing is safer than at home. In fact, just the opposite may be true, because the value of what's behind the enterprise firewall makes it a juicier target.

Do you think your employer does enough to keep your workplace computing environment safe?

Semi-related: Major Source of Internet Spam Yanked Offline Brian Krebs at the Washington Post investigates a West Coast Web-hosting company and discovers they serve out spam, scams and kiddie porn. According to an accompanying blog post, his reporting got them shut down.

Source: http://blogs.chron.com/techblog/

No comments:

Durov: The phone of the richest man in the world was hacked through WhatsApp.

The founder of "VKontakte" and Telegram Pavel Durov said that back in November 2019 he warned about the vulnerability of the Whats...