Sign up for our Technology Newsletter 
Kaspersky Finds New Malware
Kaspersky Lab has discovered three Flame spyware related malware threats that it said use “sophisticated encryption methods”.
Kaspersky claims that it uncovered the three new hostile programs while analysing a number of Command and Control (C&C) servers used by Flame’s creators.
“Sophisticated encryption methods were utilised so that no one, but the attackers, could obtain the data uploaded from infected machines,” the firm’s statement read.
“The analysis of the scripts used to handle data transmissions to the victims revealed four communication protocols, and only one of them was compatible with Flame.
“It means that at least three other types of malware used these Command and Control servers. There is enough evidence to prove that at least one Flame-related malware is operating in the wild.”
The discovery of the three programs indicates that Flame’s Command and Control platform was being developed in 2006, four years earlier than first thought.
Flame was originally uncovered in May targeting Iranian computer systems. The malware drew widespread concerns within the security industry regarding its advanced espionage capabilities.
The full scale of Flame and its overarching implications remain unknown, despite the ongoing joint research campaign being mounted by Kaspersky, IMPACT, CERT-Bund/BSI and Symantec.
“It was problematic for us to estimate the amount of data stolen by Flame, even after the analysis of its Command and Control servers,” said Kaspersky’s chief security expert, Alexander Gostev.
Following the discovery of the three new related programs, Kaspersky’s chief malware expert Vitaly Kamluk told The INQUIRER that Flame is not the only one in this big family.
“There are others and they aren’t just other known malwares such as Stuxnet, Gauss or Duqu,” he said. “They stay in the shadows and no one has published anything about them yet. Others were probably used for different campaigns.”
Kamluk added that it is “very possible” there are more than the three listed in Kaspersky’s report.
“They started building RedProtocol, yet another ‘language’ for unknown malware. No known client types are using that one, which means that there is even more malware out there,” he added.
Rackspace Goes Openstack
Rackspace has finally deployed an Openstack based cloud, playing down claims that it benefits the most from the alliance.
Rackspace is one of the leaders of the Openstack alliance, an open source cloud initiative that aims to break Amazon’s stranglehold on the industry by offering open application programmable interfaces (APIs). Until now Openstack has largely been all talk, but Rackspace has deployed a production Openstack cloud that the firm claims will help it sell Openstack to the enterprise.
Fabio Torlini, VP of cloud at Rackspace said the firm has been “going flat out to make the code production ready”. Torlini said Rackspace’s decision to deploy an Openstack based cloud could be a tipping point in deployment. “It’s going to be the catalyst for many other companies deploying Openstack,” said Torlini.
Rackspace has been the largest contributor to Openstack and the fact that it has the first major Openstack deployment support claims that Rackspace is getting the most out of Openstack.
However Torlini said, “For us, we’re able to be the first one to launch a large scale Openstack compute platform because, yes, we are one of the main providers of the original code and we are a founder of Openstack, so we have tried to develop Openstack as a neutral foundation and it is a foundation to provide a service to all its members. But we’re lucky enough to be one of the founder members, to be able to drive it, and get there [deployment] first.”
Torlini defended Rackspace’s role in the Openstack alliance, claiming the strong leadership shown by the firm is good for the community. Torlini said, “Openstack is beneficial to the product itself but that’s the whole point. The whole idea of many more providers going onto Openstack helping develop the Openstack cloud, helping advance the actual products and code is the whole point of Openstack. On the counter side of that argument is if it’s beneficial for us it is just as beneficial for any other member of Openstack because they have access to the same code and they are able to provide.”
Torlini admitted that Openstack and the community is an advantage for the firm but claimed it wasn’t possible for Rackspace to dominate. “You have companies in Openstack that are far larger than Rackspace enabled to put much more resources into Openstack as well, it’s impossible for us to dominate Openstack – it’s an independent foundation. Is it advantageous from a product perspective? I should damn well hope so,” said Torlini.
Hacked Companies Still Not Alerting Investors
February 9, 2012 by admin
Filed under Around The Net
Comments Off on Hacked Companies Still Not Alerting Investors
At least a half-dozen major U.S. companies whose computer networks have been breached by cyber criminals or international spies have not admitted to the incidents despite new guidance from securities regulators urging such disclosures.
Top U.S. cybersecurity officials believe corporate hacking is widespread, and the Securities and Exchange Commission issued a lengthy “guidance” document on October 13 outlining how and when publicly traded companies should report hacking incidents and cybersecurity risk.
But with one full quarter having elapsed since the SEC request, some major companies that are known to have had significant digital security breaches have said nothing about the incidents in their regulatory filings.
Defense contractor Lockheed Martin Corp, for example, said last May that it had fended off a “significant and tenacious” cyber attack on its networks. But Lockheed’s most recent 10-Q quarterly filing, like its filing for the period that included the attack, does not even list hacking as a generic risk, let alone state that it has been targeted.
A Reuters review of more than 2,000 filings since the SEC guidance found some companies, including Internet infrastructure company VeriSign Inc and credit card and debit card transaction processor VeriFone Systems Inc, revealed significant new information about hacking incidents.
Yet the vast majority of companies addressing the issue only used new boilerplate language to describe a general risk. Some hacking victims did not even do that.
Symantec Admits Network Was Hacked
Symantec today reversed course away from earlier statements regarding the theft of source code of some of its flagship security products, now admitting that its own network was breached.
In a statement provided to the Reuters news service, the security software giant acknowledged that hackers had broken into its network when they stole source code of some of the company’s software.
Previously, Symantec had denied that its own network had been breached, and instead pointed fingers at an unnamed “third party entity” as the attack’s victim. Evidence posted by a hacker nicknamed “Yama Tough” — a self-proclaimed member of a gang calling itself “Lords of Dharmaraja” — indicated that the information was obtained from a server operated by the Indian government.
Two weeks ago, Symantec spokesman Cris Paden said that the hacker made off with source code of Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2, enterprise products between five and six years old.
Do You Trust Data-recovery Providers?
Comments Off on Do You Trust Data-recovery Providers?
Data-recovery service providers are tasked with saving important data for you when something goes wrong — a drive crashes or storage device is dropped, and no backup is available. But do you trust them with the important data you let them recover or could they actually be a source for a data breach?
A survey of 769 IT professionals published this week finds those surveyed need to find out more about the third-party data-recovery services their organizations use. For example, according to the survey, 67% felt that encryption they had in place protected their organizations from data loss or theft during the data recovery process. But encryption keys are often handed over to the third-party data recovery service provider as part of the process, according to the study done by Ponemon Institute.
Ponemon’s “Trends in Security of Data Recovery Operations” report says of the 87% of survey respondents who said their organization had at least one data breach in the past two years, “21% say the breach occurred when a drive was in the possession of a third-party data service provider.”
SEC Asks Companies To Disclose Attacks
Comments Off on SEC Asks Companies To Disclose Attacks
U.S. securities regulators formally asked public companies for the first time to disclose cyber attacks against them, following a trend of high-profile cyber crimes.
The Securities and Exchange Commission issued guidelines on Thursday that laid out the kind of information companies should disclose, such as cyber events that could lead to financial losses.
Senator John Rockefeller had asked the SEC to issue guidelines amid concern that it was becoming hard for investors to assess security risks if companies failed to mention data breaches in their public filings.
“Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark. This guidance changes everything,” Rockefeller said in a statement.
“It will allow the market to evaluate companies in part based on their ability to keep their networks secure. We want an informed market and informed consumers, and this is how we do it,” Rockefeller said in a statement.
There is a growing sense of urgency about cyber security following breaches at Google Inc, Lockheed Martin Corp, the Pentagon’s No. 1 supplier, Citigroup, the International Monetary Fund and others.
Microsoft: Stolen SSL Certs No Good
Comments Off on Microsoft: Stolen SSL Certs No Good
Microsoft has officially stated that a digital certificate stolen from a Dutch company could not be used to force-feed customers malware through its Windows Update service.
The company’s assertion came after a massive theft of more than 500 SSL (secure socket layer) certificates, including several that could be used to impersonate Microsoft’s update services, was revealed by Dutch authorities and several other affected developers.
“Attackers are not able to leverage a fraudulent Windows Update certificate to install malware via the Windows Update servers,” said Jonathan Ness, an engineer with the Microsoft Security Response Center (MSRC), in a Sunday blog post. “The Windows Update client will only install binary payloads signed by the actual Microsoft root certificate, which is issued
and secured by Microsoft.”
Seven of the 531 certificates now known to have been fraudulently obtained by hackers in July were for the domains update.microsoft.com and windowsupdate.com, while another six were for *.microsoft.com.
EMC’s Data Breach Cost $66 Million
Between April and June 2011, EMC spent $66 million handling the fallout from a March cyber attack against its systems, which resulted in the compromise of information relating to the SecurID two-factor authentication sold by EMC’s security division, RSA.
That clean-up figure was disclosed last week during an EMC earnings call, by David Goulden, the company’s chief financial officer. It doesn’t include post-breach expenses from the first quarter, when EMC began investigating the attack, hardening its systems, and working with customers to prevent their being exploited as a result of the attacks.
In spite of the breach, EMC reported strong second-quarter financial results, earning consolidated revenue of $4.85 billion, which is an increase of 20% compared with the same period one year ago. Meanwhile, second-quarter GAAP net income increased by 28% from the same period last year, to reach $546 million. The company saw large growth in its information infrastructure and virtual infrastructure products and services, including quarterly revenue increases of 19% for its information storage group.
Those results led executives to increase their financial outlook for 2011 and predict consolidated revenue in excess of $19.8 billion, which would be a 16% increase from EMC’s 2010 revenues of $17 billion.