Access "Customized malware programs require new response, experts say"
This article is part of the December 2010 issue of Inside the Data Accountability and Trust Act and what it means for security
When investigators at Trustwave's SpiderLabs forensics team responded to a breach at an international VoIP provider earlier this year, the conditions they found at the provider's data center were appalling to say the least. Servers containing data on 80,000 customers were located in a rundown barn. To make matters worse, the investigators had to endure the odor from about 20 farm cats living among the equipment. The third-party hosting service looked professional; its website boasted of hundreds of customers and even included pictures of a hardened data center. The VoIP provider was the target of customized malware -- a rootkit -- which took advantage of the hosting service's weaknesses. The VoIP provider realized it had a problem only after customer complaints came pouring in -- months after the malware did what it was designed to do. The cybercriminals were long gone, says Jibran Ilyas, a senior security consultant for Spiderlabs. Customized malware is a growing problem, he says. Poor network configurations, shoddily deployed security software, and an over... Access >>>
Premium Content for Free.
Disaster recovery and contingency planning security considerations
Security must be included in disaster recovery planning to ensure sensitive data is protected.
Customized malware programs require new response, experts say
Cybercriminals are taking advantage of poorly deployed security software with customized malware designed to infiltrate systems and steal data without being detected.
- Disaster recovery and contingency planning security considerations
Understanding the Data Accountability and Trust Act
by Richard E. Mackey, Jr., Contributor
The Data Accountability and Trust Act, if passed into law, would create a national standard for privacy and data protection.
Vendor risk management and the CISO
by Eric Holmquist
The CISO has a key role in reducing the risk of sharing sensitive corporate data with third parties.
- Understanding the Data Accountability and Trust Act by Richard E. Mackey, Jr., Contributor
Cloud computing technology: Don't get left behind
Cloud computing presents a lot of security issues but security professionals need to accept the challenge.
Career advantages of security professional certifications and advanced degrees
by Lee Kushner and Mike Murray
Choose wisely when pursuing industry certifications and advanced degrees to gain the best competitive advantage.
Internet privacy laws will get attention in the next Congress
by Judith Harris, Christopher Cwalina, and Amy Mushahwar
In the 112th Congress, enterprises can expect a heavy focus on Internet privacy issues on Capitol Hill.
- Cloud computing technology: Don't get left behind
More Premium Content Accessible For Free
As tablets and smartphones become more integrated into business environments, CISOs are scrambling to put effective countermeasures in place. But too...
This Technical Guide examines the necessary elements of, and how to implement, a sound mobile device management strategy. Devices will be lost...
Despite the enormous concerns around cloud security, many information security professionals remain on the sidelines when it comes to their ...