 |
 |
|
By Don Reisinger on 2011-05-17
An uptick in phishing attacks, a lack of domain name service security awareness among IT personnel, and an increase in mobile attacks are among the findings of IID's "eCrime Trends Report, First Quarter 2011." IID is a vendor of anti-phishing solutions. Many in the information security industry have been focused on Advanced Persistent Threats (APT) during the past several months, according to the report. The typical “low and slow” approach is often pointed out as a popular tactic for cyber criminals who are targeting systems at large organizations. As a result of the HBGary Federal breach, it has been discovered that enterprises such as Johnson and Johnson and Dow Chemical have been targets of hackers, as was the law firm King & Spalding. Like the attack against HBGary Federal, the breach of RSA’s SecurID Security two-factor Authentication product in March 2011 shows that threats really can penetrate and disrupt even those businesses that focus on IT security, according to the report. More than 25,000 organizations worldwide use the SecurID product. These events illustrate how cyber criminals are focusing on particular aspects of the Internet business ecosystem and not just haphazardly guessing at which organizations to target. In the plus column, Microsoft, McAfee, Fireye and other security researchers worked with U.S. Federal law enforcement to take down the Rustock botnet.
|
|
|
- of
12 percentThe number of phishing attacks was up 12 percent in 1Q 2011 compared with the same period a year ago.
DNSSECOn March 31, 2011, Verisign signed the .com root zone for Domain Name Service Security Extensions (DNSSEC), continuing a global move toward DNSSEC implementation within the DNS layer.
Complex PropositionIn the application layer, timetables for complete DNSSEC implementation are still to be determined. With the wide variety of open standards and proprietary technologies in play in hundreds of DNS-aware applications, DNSSEC implementation in this layer will be complex and will require close coordination between IT Security, DNS Administration, and Vendor Management.
Lack of IT AwarenessFully half of internal and external IT personnel in charge of Internet security within their respective organizations say they have little or no knowledge of DNSSEC, according to a survey conducted by IID in coordination with the Online Trust Alliance.
5%Only 5 percent of survey respondents say that their organizations have implemented DNSSEC.
16%Only 16 percent of respondents say that they plan to bring DNSSEC to their organizations at some point in the future.
Rustock takedownWhen Microsoft and others helped law enforcement take down the Rustock botnet, the amount of spam around the world decreased significantly. The botnet was believed to send out one-third of all spam around the world.
Financial phishingBanks were primary targets of phishing attacks in 1Q 2011. In fact, compared to the 4Q 2010, phishing attacks in the banking sector increased 11 percent. Most attacks were non-U.S.-based.
Mobile attacksMany banks continue to see rogue mobile apps used in phishing. In January 2011, Google removed 50 apps from its Android Market. Each app had reportedly been downloaded between 50,000 and 200,000 times.
|
| FEATURED SPONSORED VIDEOS | |
|
|
|
|
|
|
|
|
Apple's MacBook Pro: 10 Reasons It Belongs in the Workplace
10 Ways to Develop Your Tech Talent
10 Products Apple Should Launch In the Next Year
With More Budget Comes Greater Responsibility for CIOs
CIOs and Lawyers: A Match Made in Heaven or Hell?
Writing Effective Email: Resist These 10 Cardinal Sins
