Security Advisor

High-Profile Cyber Attacks Puts Pressure on IT

Government officials are predicting that a future attack on the U.S. may happen in cyberspace. Plus: Evaluating the security landscape, Windows malware threats becoming sophisticated, anti-span suite helps avoid user interaction with possible phishing threats.

• By Jabulani Leffall
• 06/14/2011

The signal for a paradigm shift in the IT security realm comes this week not from the usual suspects -- a security software firm, a haughty hacker or a malware research outfit -- but straight from the lips of the Director of the Central Intelligence Agency Leon Panetta.

Testifying before members of the U.S. Congress in confirmation hearings to become the next Secretary of Defense, Panetta said a large-scale cyber attack on critical infrastructure such as the power grid, financial sector or the government could amount in the next "Pearl Harbor," and that such an event is now a "real possibility."

Panetta's warning comes as the Pentagon looks to shore up cyber security and create a comprehensive policy to combat cyber warfare. The remarks are also timely in the sense that they come on the heels of large scale attacks on the International Monetary Fund, Citigroup and Sony -- three of the world's larger, more high profile institutions based in two different countries that are doing business in hundreds of countries.

The rash of attacks is evidence that the season is opening up for hackers to pull off incursions ranging from mischievous to malicious to outright sabotage.

Adding insult to injury is yet another incident involving the RSA, the ITSEC organization that organizes an annual confab of security pros.  The occurrence that we are just now hearing about is that hackers busted into the groups network and, using info from RSA's SecurID architecture, launched an attack on a high-profile customer, defense contractor and aeronautics giant Lockheed Martin.

Symantec: Stakes Are High
In a post called "Puddles," Symantec's Kevin Haley said that in light of the rash of security breaches, pronouncements from government leaders and growth in malware propagation, it's important to contextualize the scale and nature of each attack. 

Specifically, Haley calls the attacks against corporate entities a mixed back of "massive attacks, targeted attacks and hacktivism."

"So, is the threat landscape worse than before? Yes. But, we've been saying that for years. It's reached the point of being a cliché. What's new is that there is greater visibility to these threats," he wrote.

While he said it's a positive thing that the patterns of events have brought much needed attention to IT security, there's some bad news too: "The bad news is that these incidents make clear the stakes are higher than they've ever been before," Haley added.

More Fake Windows Malware in the Offing
As Redmond prepares for a massive Patch Tuesday, Microsoft researchers are getting to the bottom of "Scareware," or fake Windows prompt attacks, that lure users into unwittingly loading viruses and other malware into their processing environment.

Fake Windows notices are nothing new to IT pros -- but they've gotten more sophisticated in recent months with authentic looking logos, configurations designed to specify which OS a user has, and a hodgepodge of insider language and commands made to deceive Windows users in an Internet Explorer or Mozilla Firefox session. Some of these notices even name drop for greater authenticity, using, among other names, Microsoft's Director of Security Assurance Steve Lipner as a would-be cosigner to the "threat."

Even Apple Inc. has not been immune to such attacks. But what is new is that Microsoft researchers Hamish O'Dea and Tareq Saade believe they finally have a notion of who might be behind such attacks. While the investigation is ongoing, it's suspected that the leading group of interest is a group of "scareware" developers and hackers with Russian ties.

Stay tuned.

Microsoft Partner Releases New Anti-Spam Spoofing Suite
SPAMfighter, a certified Microsoft Gold Partner based in Denmark, just rolled out the SPAMfighter Exchange Module, which it said can help SMB- and enterprise-level Windows administrators parse out messages that could spawn phishing attacks. Spefically, the package allows either SYS or SEC admins (or both) to act as gatekeepers and retrieve e-mails from external mail servers, scan them for spam and malware, and deliver them to local mailboxes without any user interaction.

The company calls the release a "major upgrade" of SPAMfighter software that it says is used by more than 36,000 companies worldwide.