Spyware spikes in northern Europe

Spyware spikes in northern Europe

February 2006 ISSN 1353-4858 Featured this month Contents NEWS Apple grows in popularity – but security lags Attention has swung back to Apple with...

153KB Sizes 0 Downloads 55 Views

February 2006 ISSN 1353-4858

Featured this month

Contents NEWS

Apple grows in popularity – but security lags Attention has swung back to Apple with the news that it is now worth more than Dell – in terms of market capitalisation. Yet in the security world Apple equipment is not getting the attention it requires – with remarkable complacency in particular over Mac OS X. In the past five years, OS X and Apple have gained in popularity. In the first quarter of its 2006 financial year, Apple shipped over 1.2 million OS X powered computers, an increase of 20% for the same quarter in 2005. But focus on OS X security has not necessarily been growing at the same rate. OS X users have been generally pretty relaxed about security, mainly as the Macintosh operating system historically has not been a target for attackers. There are very few security tools for OS X when compared to Windows; programs such as personal firewalls, anti-spyware, and anti-virus are few and far between. With Apple’s switch to Intel-based systems after years of using IBM’s Power PC chips, the sense of security is about to change. Turn to page 4...

The hacker’s five favourite routes to the network Stealing corporate data has never been easier. So says a penetration tester writing in this issue: and he should know – he’s clocked up 10 years of hacking experience, from both inside and outside organizations. He shares his ‘top five’ network vulnerabilities, showing the most likely routes an attacker would take to compromise your network security. As expected, not everything in this article is about technical controls. The first port of call is the ‘Helpful Staff Member’ – in this case an office receptionist contacted on a ‘pay as you go’ mobile phone, who obligingly gives out the names and e-mail addresses of the IT project leaders for the areas of interest – mostly to do with payroll and payment systems. Then comes the spoof web page, in the same style as the corporate site, even using the same images and logos by embedding the real image paths in the code. And they’re off. Turn to page 5...

Spyware spikes in northern Europe 2005 was the biggest year yet for spyware, with the UK and the Nordic countries having the most infected of European computers. The latest ‘State of Spyware’ report from Webroot reveals record infection rates for the worst types of spyware. Of note was the rise in the most malicious types – Trojan horses and system monitors. For enterprises, between Q3 and Q4 2005, the number of Trojan horse infections increased 9% worldwide, and from Q2 to Q4 2005, the number of system monitors like keystroke loggers increased 50% consecutively each quarter. Throughout 2005, the company’s researchers observed a steady increase in the complexity and severity of spyware technology. Keyloggers using kernel-level drivers became increasingly common as the year progressed, and the usage of polymorphic code continued to increase. Turn to page 2...

Spyware spikes in northern Europe

1

Fine-tuning for Olympic IT Security

2

Gates commits to sharing on Valentine's Day at RSA

2

FEATURES New Threat of Apple Mac OS X Bruce Potter considers that the rise in popularity of Apple Mac computers is way ahead of the security for the product.

4

The Hacker's top five routes into the network (and how to block them) Peter Wood, Chief of Operations at First Base Technologies, draws on his own hacking experiences to list the compromises and weaknesses an unethical hacker may abuse.

5

Risk management – getting properly valued David Morgan leads the way through the minefield of risk assessment and ensuring your company accepts the process.

10

UTM: one-stop protection Mark Stevens looks at whether unified threat management systems are really the solution of choice for the at-risk network.

12

Security awareness: switch to a better programme Everett C. Johnson, International President of ISACA and the IT Governance Institute, on how training and awareness can build your company's security from the inside out. 15

Network printing security – getting to grips with the multifunction device Darren Cassidy of Xerox looks at the security challenges that arise with all-inone printers/scanners/copiers. 19

REGULARS News in brief Events

3 20

ISSN 1353-4858/05 © 2006 Elsevier Ltd. All rights reserved This journal and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use.

NEWS ...continued from page 1 Editorial office: Elsevier Advanced Technology PO Box 150 Kidlington, Oxford OX5 1AS, United Kingdom Tel:+31 20 485 2145 Fax: +44 (0)1865 853971 E-mail: [email protected] Website: www.compseconline.com Editor: Terry Ernest-Jones Senior Editor: Sarah Gordon International Editoral Advisory Board: Dario Forte, Edward Amoroso, AT&T Bell Laboratories; Fred Cohen, Fred Cohen & Associates; Jon David, The Fortress; Bill Hancock, Exodus Communications; Ken Lindup, Consultant at Cylink; Dennis Longley, Queensland University of Technology; Tim Myers, Novell; Tom Mulhall; Padget Petterson, Martin Marietta; Eugene Schultz, Hightower; Eugene Spafford, Purdue University; Winn Schwartau, Inter.Pact

Spyware spikes in northern Europe European findings





Production/Design Controller: Colin Williams Permissions may be sought directly from Elsevier Global Rights Department, PO Box 800, Oxford OX5 1DX, UK; phone: (+44) 1865 843830, fax: (+44) 1865 853333, e-mail: [email protected] com. You may also contact Global Rights directly through Elsevier’s home page (http:// www.elsevier.com), selecting first ‘Support & contact’, then ‘Copyright & permission’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: (+1) (978) 7508400, fax: (+1) (978) 7504744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: (+44) (0) 20 7631 5555; fax: (+44) (0) 20 7631 5500. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal circulation within their institutions. Permission of the Publisher is required for resale or distribution outside the institution. Permission of the Publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the Publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the Publisher. Address permissions requests to: Elsevier Science Global Rights Department, at the mail, fax and e-mail addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer. 02158 Printed by Mayfield Press (Oxford) LImited

2

Network Security



In the fourth quarter of 2005, the average number of spies per consumer PC was: 21.6 in the UK; 20.3 in Norway; 19.1 in Sweden. But only 9.2 in Italy; 9.6 in France; 10.1 in Germany; and 13.1 in Spain. Between the third and fourth quarter of 2005, the average number of spies per European consumer PC increased by 37% in Norway, and 19% in the UK. Germany was not far behind the UK, with a 16% increase, but France was down 3%. In terms of Trojans per 1,000 consumer PCs, Sweden and Norway lead the pack with 263% and 219% respective increases from Q3 to Q4.

The complete State of Spyware Report is available at www.webroot.com/sosreport

Fine-tuning for Olympic IT security SA Mathieson

C

ontractor Atos Origin sees no attacks, just a few accidental disconnections.

IT security for the Turin Winter Olympics has involved fine-tuning systems built over several games, rather than any dramatic changes, according to the official responsible. Patrick Adiba, Atos Origin’s executive vicepresident for the Olympics and major events, said work on IT security for the Turin games has involved incremental changes, such as altering an alert system so that if a number of pieces of similar hardware all report the same problem, this is treated as a single issue rather than many identical ones. “The main changes are adjustments to the system, so there is no big technical gap or step. It’s more getting technology to work in a smooth manner and the IT systems more efficient,” said Adiba from Turin. He added that “we haven’t seen anything that looks like an attack” on the games’ internal network, which supports functions including results, competitor information and accreditation, although a few alerts were generated by accidental disconnections of equipment during installation. This internal network is kept separate from the internet, with the official web-site run externally.

Adiba stresses the importance of careful testing, preferring proven technologies to brand-new ones. Turin sees the Olympics change operating system, but from Windows NT to 2000 rather than Windows XP, as this decision was taken several years ago to allow for around 100,000 hours of IT testing. The testing culminated in Test Rehearsal 2 last December, in which a shadow team created problems for the real IT team to solve. “We ran about 500 scenarios during TR2,” said Adiba. “We had to fine-tune a few processes on security. Part of what we tried to do was remove false positives, alarms that weren’t really alarms.” This included combining identical alerts from similar hardware. Atos Origin has provided the internal IT for Olympics and Paralympics since Salt Lake City’s Winter Games of 2002, under a 2000 contract with the International Olympic Committee with undisclosed terms. Last year, this was extended to cover the London Games of 2012.

Gates and McNeally commit to sharing on Valentine’s Day Brian McKenna

I

ndustry giants crack accidental shooting jokes at RSA.

Bill Gates told the RSA conference Microsoft will continue to offer leadership to the IT industry on security. The forthcoming Windows Vista OS will be strongly secure, he said: “security is the area that jumps out as the thing we have spent the most time on”. Microsoft’s chairman and chief software architect stressed successes in the war against spam, and urged his audience to drive wider deployment of SenderID. And he highlighted the additional of computational proof to emails in new versions of Outlook as an antispam move. He also demonstrated the information bar in Internet Explorer 7 turning either red or green as warning or assurance. His company would, he said, share more of its expertise in future. His address to the RSA conference in San Jose spoke of Microsoft’s commitment to a ‘trust ecosystem’, to engineering for security, and to making platforms secure. Gates opened his keynote by wishing delegates Happy Valentine’s Day, and mentioning his other invitation: to go hunting with the hapless Dick Cheney. ...continued on back page

February 2006