Information Security Threats

Hand of Thief

Hand of Thief is banking crimeware that targets Linux operating systems. The Hand of Thief uses a form grabber to steal IDs, passwords and other information pertaining to Internet banking.Definition

form grabber

A form grabber is a type of malware that captures data such as IDs and passwords from browser forms. The target of a form grabber is the user’s Internet banking information. Form grabbers typically gain access through a Trojan horse.Definition

Why sandboxing technology is integral for advanced malware detection

Expert Brad Casey details how advanced malware detection products rely heavily on sandboxing technology, though it's not a cure all for enterprises.Tip

FortiGuard Labs sees fast rise of mobile malware in 2013

FortiGuard Labs reports a 30% increase in mobile malware so far in 2013, and cautions ransomware is also making an appearance on mobile devices.News | 07 Aug 2013

Black Hat 2013 keynote: Alexander details NSA surveillance programs

In his keynote at Black Hat 2013, Gen. Keith Alexander said NSA surveillance programs have strict oversight, despite many inaccurate media reports.News | 01 Aug 2013

Disable autorun to prevent autorun malware infections

Expert Nick Lewis explains how disabling autorun prevents malware from affecting users.Answer

How to protect data from ransomware malware

It can be difficult to recover data that is encrypted by ransomware malware -- unless you have expert Nick Lewis' recommendations in place.Answer

RSA warns about 'KINS' banking Trojan

RSA is warning that a new banking Trojan, 'KINS,' with architectural similarities to previous Trojans, may start hitting PCs soon.News | 24 Jul 2013

How to detect malware with changing file sizes

Malware authors change the size of malware files to avoid detection by antivirus software. Learn how to detect this malware from expert Nick Lewis.Answer

Malwarebytes: Maneuver around 'FBI ransomware' on Macs

Jerome Segura of Malwarebytes explains how to get around 'FBI ransomware' computer locking.News | 22 Jul 2013

Mobile Device Management for 2013

In this Tech Guide, learn vital information regarding the booming BYOD trend in the enterprise and how IT teams are looking to MDM solutions to control and protect corporate data on mobile devices.Download

Inside the Samsung Galaxy Note 2 lock screen bypass vulnerability

Expert Nick Lewis explains how attackers bypassed the Samsung Galaxy Note 2 lock screen and which devices may be vulnerable.Answer

Enterprise mobile device defense fundamentals

This Security School lesson will examine the realities of the security threat posed by mobile devices such as smartphones and tablets, the methods savvy attackers are using today to take advantage of vulnerable mobile devices, and the technology and policy decisions you need to consider around personal devices and corporate data stored and accessed by consumer devices.partOfGuideSeries

differential power analysis (DPA)

A differential power analysis (DPA) attack is an exploit based on analysing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains.Definition

New malware threats require new antimalware protection strategy

Attackers are targeting new vectors such as smartphones, social media and cloud services. Enterprises need to up their game.Magazine

QR codes security: Do malicious QR codes pose a risk?

Expert Nick Lewis discusses QR codes security and whether malicious QR codes pose enough risk to justify disabling them.Answer

Personal online banking at work: Avoiding online banking security issues

Is it OK to allow personal online banking at work? Get advice on avoiding online banking security issues with enterprise users.Answer

Mobility trend takes off in the enterprise but leaves out security

Banks and other businesses are rushing to jump on the mobility trend but leaving security behind.Magazine

IT consumerization drives new security thinking

The influx of personal smartphones and other computing devices into the enterprise is forcing a shift in security strategy.Magazine

SRA launches One Vault Messenger for BlackBerry device encryption

SRA has launched One Vault Messenger, which is a short message service (SMS) encryption product for BlackBerry mobile devices.Article | 16 Feb 2011

socialbot

A socialbot is a software program that simulates human behavior in automated interactions on social network sites such as Facebook and Twitter. As a rule, socialbots are designed to pass the Turing test: They're sophisticated enough to fool other users and be taken for a human.Definition

IT security strategy 2.0: Adjusting for a shifting infosec landscape

Seismic shifts in the infosec landscape can no longer be ignored. Ernie Hayden explains how to update an IT security strategy to account for change.Tip

Black Hat 2013 opens with testy keynote, smart device hacks

After a contentious opening keynote by NSA Director Gen. Keith Alexander, day one of Black Hat 2013 showed smart device hacks, severe SCADA issues.News | 01 Aug 2013

New advanced persistent threat protection: Beyond perimeter defense

Firewalls and antivirus are ineffective in the face of APT attacks. Expert Nick Lewis offers suggestions for advanced persistent threat protection.Answer

Emerging threat detection techniques and products

Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing problem, penetrating networks and stealing intellectual property. This TechGuide will provide analysis of APT and ways to determine whether your organization risks exposure to targeted attacks. The chapters explore detection technologies, how to monitor insider threats and how to effectively use threat intelligence to defend against a targeted attack before it happens.E-Handbook

Cyberthreat landscape plagued by automated attacks, Gartner says

Gartner VP Richard Hunter reviews the enterprise cyberthreat landscape and explains why automated attacks will only make a bad situation worse.Podcast

Mega-DDoS attack prevention: How to prepare for larger DDoS attacks

Enterprises face increasing risks from mega-DDoS attacks. Expert Brad Casey provides advice on high-bandwidth DDoS attack prevention.Tip

FortiGuard Labs: Advanced persistent threats are escalating

Advanced persistent threats are on the rise, according to a report by FortiGuard Labs.News | 12 Jul 2013

Damballa: Security vendor partnerships of growing importance

Damballa executives say partnerships among security point product vendors are increasingly important, and will ultimately benefit enterprises.News | 09 Jul 2013

Understanding logic bomb attacks: Examples and countermeasures

In light of the attacks on South Korean organizations, expert Nick Lewis defines logic bomb attacks and offers other examples and countermeasures.Tip

Opinion: Yemeni CERT could turn the tide for Millennials

Providing order and security for the Internet in Yemen, where half of the population is under 18, could provide opportunity in a faltering nation.Opinion

ISM February 2004 Ranum

Opinion: LinkedIn hacking incident betrays users’ trust

Users are told to create strong passwords, but the LinkedIn hacking showed strong passwords are no defense when the application provider is attacked.News | 14 Jun 2012

Some CISOs consider ripping out or augmenting outdated SIEM systems

Outdated SIEM systems were difficult to deploy and costly to maintain, according to one expert. Today, CISOs are considering highly integrated, lightweight systems with more automation.News | 02 Apr 2012

Avoiding cloud bandwidth costs resulting from a cloud DDoS attack

A cloud DDoS attack on Web applications in the cloud could be expensive if it results in extra cloud bandwidth costs. Learn how to plan ahead.Answer

Confusion over APT attacks leads to misguided security effort

Enterprises swayed by vendor marketing and a lack of understanding still fail to adequately counter advanced persistent threats (APT).News | 15 Nov 2011

Getting started with a DNSSEC implementation

The many well-publicized flaws in DNS make implementing DNSSEC even more vital. In this expert response, Mike Chapple explains the enterprise basics for a DNSSEC implementation.Answer

React in seconds with a network incident response plan

A network incident response plan enables the split-second reactions necessary to survive next-generation attacks.Column

Lessons of cyberwar: A chance to boost information security budgets

In the wake of an incident, CISOs should make the most of the opportunity to increase information security budgets.Column

How does steganography work and does it threaten enterprise data?

Expert Joe Granneman explains how steganography works, and the ways it can both protect and threaten enterprise data.Answer

Understanding advanced evasion techniques, preventing AET attacks

Expert Brad Casey explains advanced evasion techniques and details how to protect enterprise networks against the likelihood of an AET attack.Answer

cold boot attack

A cold boot attack is a process for obtaining unauthorized access to encryption keys stored in the dynamic random access memory (DRAM) chips of a computer system.Definition

Advanced threat-detection products emerge: Benefits and challenges

Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.Tip

Black Hat 2013 opens with testy keynote, smart device hacks

After a contentious opening keynote by NSA Director Gen. Keith Alexander, day one of Black Hat 2013 showed smart device hacks, severe SCADA issues.News | 01 Aug 2013

Cyberthreat landscape plagued by automated attacks, Gartner says

Gartner VP Richard Hunter reviews the enterprise cyberthreat landscape and explains why automated attacks will only make a bad situation worse.Podcast

Exploit kits evolved: How to defend against the latest attack toolkits

Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits.Tip

After lull, PLA 'Comment Crew' hasn't changed cyber-espionage tactics

The Chinese government's alleged cyber-espionage arm remains active after a quiet period, using the same tactics revealed in Mandiant's APT1 report.News | 06 May 2013

The Red October malware campaign uncovered: What enterprises can learn

Expert Nick Lewis details the recently uncovered Red October malware campaign, plus the new and existing controls needed to thwart cyberespionage.Tip

Symantec 2013 Threat Report highlights rise in SMB attacks

Big Yellow's annual report indicates a threefold rise in targeted attacks against SMBs as attackers search beyond big firms for susceptible targets.News | 18 Apr 2013

How a DNS reflection attack differs from a standard DoS attack program

A DNS reflection attack is like a regular denial-of-service attack, but much worse. Nick Lewis explains why.Answer

Cyberbunker’s Sven Kamphuis denies unleashing DDoS attacks on Spamhaus

The internet activist accused of being behind one of the biggest distributed denial-of-service (DDoS) attacks to date claims he is the victim of an establishment conspiracy.cyber security | 02 Apr 2013

UGNazi hacker group claims responsibility for Twitter outage

Hacktivist group UGNazi says it caused multiple Twitter outages Thursday. Update: Twitter says a "cascading bug" was to blame.News | 21 Jun 2012

Avoiding cloud bandwidth costs resulting from a cloud DDoS attack

A cloud DDoS attack on Web applications in the cloud could be expensive if it results in extra cloud bandwidth costs. Learn how to plan ahead.Answer

Apache DDoS vulnerability requires immediate update to avoid threat

Apache has released an updated version of its Web server to address a DDoS vulnerability, for which exploit tools have been found in the wild.News | 31 Aug 2011

voluntary botnet

A voluntary botnet is a distributed network of computers whose processing power is harnessed to carry out a political or socially-motivated denial of service (DoS) attack.Definition

metamorphic and polymorphic malware

Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition

Quiz: Targeted attacks

Think you know a targeted attack when you see one? Check if you're up to speed and ready to protect your organization from this pernicious threat with this five-question quiz.Quiz

Antivirus software comparison, 2004: Not all AV products are equal

U.S. critical infrastructure security: Highlighting critcal infrastructure threats

Gaining awareness to prevent social engineering techniques, attacks

Curb the spam virus threat via information security awareness training

Information security awareness training doesn't always protect users from the ongoing spam virus threat. Nick Lewis offers additional measures that may help.Answer

Personal online banking at work: Avoiding online banking security issues

Is it OK to allow personal online banking at work? Get advice on avoiding online banking security issues with enterprise users.Answer

Security School: Watching the watchers

In our latest lesson, Andreas M. Antonopoulos explores how to monitor the activities of trusted insiders with policy, processes and technology.Tutorial

metamorphic malware

Metamorphic malware is malicious software that is capable of changing its code and signature patterns with each iteration.  Definition

RSA SecurID attack, social engineering threat analysis from Gartner's Neil MacDonald

In this video, Gartner Vice President Neil MacDonald discusses the SecurID attack at RSA, APT realities and the growing enterprise social engineering threat.Video

Gartner’s Neil MacDonald on RSA, APT and the social engineering threat

In this video, Gartner Vice President Neil MacDonald discusses the SecurID attack at RSA, APT realities and the growing enterprise social engineering threat.News | 24 Jun 2011

Does the Bit9 compromise call application whitelisting into question?

Expert Nick Lewis explains how Bit9 was recently compromised and the viability of application whitelisting as a result of the compromise.Answer

Targeted attack protection: Step-by-step preparation and mitigation

Targeted attacks can be stopped with a defense-in-depth strategy. Michael Cobb explains how to implement a targeted attack prevention plan.Tip

Spear phishing attacks likely key in U.S. Chamber of Commerce breach, experts say

Spear phishing attacks via China were likely what led to the lengthy U.S. Chamber of Commerce breach, experts say.News | 21 Dec 2011

XSS cheat sheet: How to prevent XSS attacks and detect exploits

Cross-site scripting (XSS) attacks are constantly top-of-mind for enterprise security professionals, and for good reason: They can do a great deal of damage. In this XSS cheat sheet guide, security professionals will receive advice on how to prevent XSS attacks and detect exploits.Tutorial

blue pill rootkit

The blue pill rootkit is malware that executes as a hypervisor to gain control of computer resources. Joanna Rutkowska, a security researcher for Singapore-based IT security firm COSEINC, developed the Blue Pill rootkit as proof-of-concept malware, which she demonstrated at the 2006 Black Hat Briefings conference.Definition

Scott Charney: Microsoft security policy and collective defense

In this video, Microsoft's VP for Trustworthy Computing, Scott Charney, discusses collective defense, the Microsoft security policy proposition for securing consumer computers on the Internet.Video

privilege escalation attack

A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.Definition

metamorphic and polymorphic malware

Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition

Spear phishing attacks likely key in U.S. Chamber of Commerce breach, experts say

Spear phishing attacks via China were likely what led to the lengthy U.S. Chamber of Commerce breach, experts say.News | 21 Dec 2011

privilege escalation attack

A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.Definition

metamorphic and polymorphic malware

Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition

Proxy server security: Defending against DoS and other attacks

In this expert response, find out how to boost proxy server security in the enterprise.Ask the Expert

Preventing Web server attacks

Web servers need constant hardening, testing and monitoring to prevent Web server attacks. In this lesson, learn tactics, policies and best practices for keeping enterprise Web servers safe and secure.partOfGuideSeries

Hand of Thief

Hand of Thief is banking crimeware that targets Linux operating systems. The Hand of Thief uses a form grabber to steal IDs, passwords and other information pertaining to Internet banking.Definition

form grabber

A form grabber is a type of malware that captures data such as IDs and passwords from browser forms. The target of a form grabber is the user’s Internet banking information. Form grabbers typically gain access through a Trojan horse.Definition

Third-party risk management: Horror stories? You are not alone

The majority of breaches occur as the result of third parties. MacDonnell Ulsch advises companies to safeguard third-party management agreements.Feature

Quiz: Targeted attacks

Think you know a targeted attack when you see one? Check if you're up to speed and ready to protect your organization from this pernicious threat with this five-question quiz.Quiz

The RSA breach: One year later

Symantec breach highlights remote management holes

Breaches prompt call for certificate authority architecture alternatives

Lack of SMB security opens door to online criminals

Data breaches show enterprise need for better data security management

piggybacking

Piggybacking, in a wireless communications context, is the unauthorized use of a wireless LAN. The purpose is network access, rather than any malicious intent, but it can slow down data transfer for the legitimate network users.Definition

Cyberwar calls for software and system investment, not hacking back

Hacking back isn't the way to win the cyberwar. Gary McGraw says building software and systems with fewer vulnerabilities is stronger protection.Tip

Targeted attack protection: Step-by-step preparation and mitigation

Targeted attacks can be stopped with a defense-in-depth strategy. Michael Cobb explains how to implement a targeted attack prevention plan.Tip

Creating a normalized corporate compliance program

It's essential for IT security managers to create a corporate compliance program to adhere to regulations while maintaining a productive workplace.Video

Meeting PCI DSS compliance requirements with a data management program

In order to meet PCI DSS requirements and compliance, it is important to organize and sort the data coming in by devising a data management plan.Video

Security data mining techniques to weed through data overload

These security data mining techniques will allow security professionals to find and tackle the real issues while overcoming data overload.Video

differential power analysis (DPA)

A differential power analysis (DPA) attack is an exploit based on analysing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains.Definition

Webcast: DNS security best practices; securing DNS infrastructure

Char Sample details three key methods for securing DNS, including how to monitor an enterprise’s DNS infrastructure traffic.Video

Adopt Zero Trust to help secure the extended enterprise

Forrester Analyst John Kindervag explains Zero Trust Model and how it can be applied to protect data in today’s extended enterprise.Tip

File integrity monitoring software benefits for the enterprise

In this video, Spryo Malaspinas offers a primer on file integrity software basics and file integrity monitoring software benefits for enterprises.Video

Personal online banking at work: Avoiding online banking security issues

Is it OK to allow personal online banking at work? Get advice on avoiding online banking security issues with enterprise users.Answer

Improving enterprise email security: Systems and tips

Enterprise email security has become more vital than ever due to increased attacks and threats. This tip details systems that can improve protection.Tip

Quiz: Targeted attacks

Think you know a targeted attack when you see one? Check if you're up to speed and ready to protect your organization from this pernicious threat with this five-question quiz.Quiz

domain rotation

Domain rotation is a technique use by malware distributors to drive traffic from multiple domains to a single IP address that is controlled by the distributor. The goal of domain rotation is to make it harder for a network administrator to blacklist the malware distributor.Definition

Using free Web application security scanning tools to secure Web apps

Expert Michael Cobb explains how free Web application security scanning tools can help secure Web apps for budget-strapped organizations.Answer

TLS security: Background on the 'Lucky Thirteen' attack

Professor Kenneth Paterson and graduate student Nadhem AlFardan have discovered a TLS attack that tracks the timing of error messages to reveal plaintext.News | 08 Feb 2013

Tackling SSL vulnerabilities for secure online transactions

The threat landscape and Web 2.0 technologies

Tackling SSL vulnerabilities for secure online transactions

A rash of CA breaches shows up weaknesses in the SSL infrastructure. Take action to protect your customers and employees.Magazine

The threat landscape and Web 2.0 technologies

The idea that social media and other Web 2.0 technologies have vastly altered the threat landscape is plain wrong.Magazine

malvertisement (malicious advertisement or malvertising)

A malvertisement (malicious advertisement) is an advertisement on the Internet that delivers a malicious payload. Definition

XSS cheat sheet: How to prevent XSS attacks and detect exploits

Cross-site scripting (XSS) attacks are constantly top-of-mind for enterprise security professionals, and for good reason: They can do a great deal of damage. In this XSS cheat sheet guide, security professionals will receive advice on how to prevent XSS attacks and detect exploits.Tutorial

metamorphic and polymorphic malware

Metamorphic and polymorphic malware are two categories of malicious programs that have the ability to change their code as they propagate.Definition

Which tools will help in validating form input in a website?

Find out how to validate form input in a website.Ask the Expert