Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

China escalating its global cyber-attacks

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

May 7, 2013

A newly published report to Congress by the U.S. Department of Defense (DoD) includes some of the strongest words yet implicating China in its recent global cyber attacks. What's worse, the attacks are intensifying at an alarming rate.

"Just last year, numerous computer systems and servers from around the world, including those owned by the U.S. government, continued to be targeted for massive intrusions," the report states. "Some attacks appear to be attributable directly to the Chinese government and military, something that's really irritating the U.S. government."

Overall, the main purpose of these Chinese government-sponsored attacks was to extract various data and sensitive government information, the report claims, presumably to benefit China's defense or high-tech industries, although determining which is which can be difficult due to how things stand in that country.

"Differentiating between civil and military end-use is very challenging in China due to opaque corporate structures, hidden asset ownership, and several connections of commercial personnel within the central government itself," the report goes on to say.

As a result, the DoD investigators claim, China's armed forces have directly benefited from the expanding Chinese civilian economy, in which Chinese companies with access to foreign technology in areas such as aerospace, night-vision devices, GPS technology, microwave integrated circuits, and information technologies have transferred their knowledge to its military.

The DoD's line is in keeping with earlier reports from other government agencies and advisors. For example, in November 2012, a Congressional committee found that Chinese state-sponsored actors regularly attempted to exploit sensitive U.S. government and private-sector informations systems, while in February the White House issued another report claiming that industrial espionage by Chinese actors was at an all-time high.

Private companies as well have pointed the finger directly at China, and have been doing so for several years already. Just last month, Verizon found that where cyber-attacks could be traced back to state-affiliated hackers, China was responsible in no less than 96 percent of cases.

Deep concerns over the PRC's involvement in such cyber attacks have already led to an all-out ban on purchases of Chinese-made IT equipment by U.S. federal government agencies, a move that Chinese networking equipment maker Huawei has slammed as "protectionism."

The Chinese government has consistently denied any involvement in cyber-attacks against the U.S. and its allies, accusing U.S. government officials of hanging onto a "Cold War Mentality" and arguing that China "resolutely opposes internet attacks and has established relevant laws to that effect."

But according to the DoD report, China's vision on how to prevent cyber-attacks largely revolves around increased state control of internet traffic, where "governments exercise sovereign authority over the flow of information and the overall control of content in cyberspace" – a philosophy shared by Russia, but which the U.S. strongly opposes, nevertheless.

Worse, the report states, doctrinal writings of the People's Liberation Army identify "information warfare" as one of the most important aspects of modern combat, with computer network attacks being one key technique in that area.

The report further observes that while China's officially reported military budget increased to $114 billion in 2013, the country's actual military-related spending in all areas is likely somewhere between $135 and $215 billion.

By comparison, the U.S.' defense budget for fiscal year 2013 is expected to fall at around $590 billion. We will keep you posted on this and on other stories as they happen.

In other internet security news

Dutch police have confirmed the arrest of a suspect that took part in a massive DDoS attack against the anti-spam group Spamhaus last month.

The 35 year-old man is a Dutch national but was arrested at his home in Barcelona under a European arrest warrant, the Netherlands National Prosecution Office said.

His two computers and a mobile phone have been seized and he will be extradited to the Netherlands on charges of aiding unprecedentedly serious attacks on the non-profit organization Spamhaus.

"Spamhaus is delighted at the news that an individual has been arrested and is grateful to the Dutch police for the resources they have made available and in the way they have worked with us," said a Spamhaus spokesman.

"Spamhaus remains concerned about the way network resources are being exploited as they were in this incident due to the failure of network providers to implement best practice in internet security," he added.

Although the identity of the man hasn't been released yet, it has been suggested that he's Sven Kamphuis, the owner and manager of Dutch hosting firm Cyberbunker, which has been feuding with Spamhaus for years and is claimed by some to be responsible for the DDoS attack.

Cyberbunker is a Dutch company based in a former nuclear bunker that provides anonymous hosting of anything except terrorist or child pornography websites. The firm denies being responsible for spam, but Spamhaus has listed it on its spammers blacklist, to the Dutch firm's considerable annoyance.

Whether that irritation spawned the massive DDoS attack still remains to be proven, but investigators in the Netherlands, the U.K., and the United States are very keen to find out who was behind it. Numerous attacks in March on the Spamhaus servers saw 300 Gbps of traffic coming from an estimated 30,000 unique DNS resolvers and internet traffic was slowed as a result of the enormous flows in data.

In other internet security news

Britain's government is hit by over 33,000 pieces of malicious emails every single day, ranging from casual phishing attacks to specifically targeted espionage hacks to steal various personal data.

Chloe Smith, minister for political and constitutional reform at the Cabinet Office, told delegates at the Infosecurity Europe conference yesterday that despite this onslaught, cyber security represents an opportunity, as well as a threat for internet security firms based in Britain.

"On average, the U.K. has a history of being innovators in technology and in technical areas such as cryptography which is maintained to this day in our universities," Smith added.

"We know how to implement this technology as our ongoing strengths underpin our cutting-edge position in areas such as online commerce and banking. Undeniably, there is massive growth potential for U.K. businesses and innovators to do very well in the cyber security segment."

There are about 2,380 U.K. companies in the cyber security sector, which equates to about 21 percent of all security companies in the country. Information security firms have created 26,000 jobs, with collective sales estimated at £3.8 billion, bringing in revenues from exports of about £800 million.

"By 2017, cyber security global growth is forecast to be over twice that of the security sector as a whole, as economic constraints bite in traditional defence and security markets," added Smith. "This is a growth sector and one which we should encourage and nurture."

To further promote the security segment, the U.K.'s Department of Business, Innovation and Skills has joined up with IT trade group Intellect to launch the Cyber Growth Partnership as a way of promoting further growth in the U.K.'s higher technology segment, and in particular helping start-ups and smaller firms.

Smith went on to outline the threats Britain's government faces, calling for collaboration between government agencies and private business in combating state-sponsored cyber-espionage, online fraud and internet disruptions such as DDoS attacks.

"On average, over 33,000 malicious emails are blocked at the Gateway to the Government Secure Intranet every month," Smith said. "These are likely to contain or link to sophisticated malware, often sent by highly capable cyber criminals and state-sponsored groups. A far greater number of malicious emails and spam, but less sophisticated emails and spam are blocked each month as well."

As large as these numbers may seem, industry is by far the biggest victim of cyber threats, according to Smith. The U.K. government is launching new security guidance and a specific voucher system for small businesses through the Technology Strategy Board.

The voucher provides companies with a grant to work with outside consultants. The cyber security element of this program will fund one-hundred companies with Innovation Vouchers of up to £5,000 each.

The system is part of broader plans to make the United Kingdom one of the most secure places in the world to do online business and to make the country more resilient to cyber-attacks.

"About £650 million of investment over four years has been put in place in one of the tightest fiscal environments government has ever seen. This underlines the importance we place on cyber security," Smith added.

Christopher Boyd, senior threat researcher at Threat Track Security, welcomed the voucher initiative as well as its support of university research programs in cyber-security. "The government's commitment to investing in cyber security research and skills in the U.K. is commendable," Boyd said.

"Various organizations including central government, large and small businesses and academia can only benefit from better insight into cyber security challenges, and the same market intelligence will only help breed the next generation of security countermeasures."

Boyd continued-- "The innovation voucher system is a prime example of this, helping small businesses to engage with U.K. security solution providers to develop innovative solutions to emerging security issues," he said.

In other internet security news

Cody Kretsinger, a twenty-five year old man from Decatur, Illinois, and a former LulzSec hacker has been placed in federal prison for a year for hacking into Sony Pictures' servers.

Kretsinger was better known to his fellow LulzSec buddies as "Recursion" and was also ordered to carry out 1,000 hours of community service, and a year of home detention, following his release from prison.

He was sentenced by a Los Angeles court yesterday. Kretsinger had pleaded guilty to a single count of conspiracy and unauthorized impairment of servers in a plea-bargaining agreement.

Kretsinger admitted breaking into the Sony Pictures website and extracting information which he passed on to other members of LulzSec, who leaked the data in order to embarrass Sony, a hated enemy of the hacktivist group.

Sony claimed that the hack left it $600,000 out of pocket. Kretsinger was ordered to somehow repay this amount in restitution to Sony, the LA Times adds.

Earlier this month, a 26-year-old British man also pleaded guilty to computer hacking as part of LulzSec, a splinter group of mischief-makers from the larger Anonymous collective.

Ryan Ackroyd, from South Yorkshire, admitted taking part in attacks against numerous high-profile targets including Nintendo, News International, 20th Century Fox, Sony Group and the NHS. Ackroyd adopted the online persona of a 16-year-old girl named Kayla during much of his malfeasance.

Ackroyd and other convicted LulzSec suspects like Jake Davis, 20, from the Shetland Islands, Scotland, 18-year-old Mustafa Al-Bassam from Peckham, south London and Ryan Cleary, 21, from Wickford, Essex are all due to be sentenced on May 14.

Erstwhile LulzSec leader Hector Monsegur, was revealed in March 2012 as an FBI informer who had been grassing on his former cohorts for ten months after his arrest in June 2011. Sabu's sentencing was delayed by six months in February due to his "ongoing cooperation with the government".

In other internet security news

Internet security researchers say they have discovered a whole list of new malware that targets the QUIK stocktrading application used by some banks and financial institutions.

The malware has been used in a series of attacks since November 2012, according to Russian security firm Group-IB. Cyber criminals have traditionally targeted private and corporate banking accounts, using malware such as variants of the ZeuS cybercrime toolkit to log key-strokes and extract account information from investors and traders.

This isn't new-- online stock trading and brokerage systems have been hacked a lot in the past, but attacks have been successful through fake profiles and social engineering scams.

Recently however, trading fraudsters have diversified tactics and begun to use malware, in an effort to defraud the public and steal money.

Particularly, professional black hat coders have designed a new strain of malware targeting specialized trading software called QUIK (Quik Broker, Quik Dealer) from Russian software developers ARQA Technologies and FOCUS I-Vonline from New York-based EGAR Technology.

Such software is used by many banks in the Russian Federation including Sberbank, Alfa-Bank and Promsvyazbank.

Both of the applications are used for trading on MICEX, a leading Russian stock exchange. MICEX offers services including placing and trading stocks, listing securities, and even the facility to set up initial public offerings (IPOs) or company flotations.

Exchange clients trade in stocks and shares issued by the likes of Gazprom, VTB Bank, RusHydro, Mobile TeleSystems, and a few others.

Andrey Komarov of Group-IB says that the online trading malware was a variation of the Ranbyus spyware normally used to infect Windows computers and target online banking customers.

"It has quite similar functions to Zeus, as it uses a VNC spawning module which helps the hacker to be connected to the infected computer absolutely remotely and to do his fraud in silence, that's why it won't be detected by anti-fraud filters, as the theft will happen from the same IP address," Komarov explained.

Worse, another Trojan virus identified as Broker-J, also targets QUIK but uses other techniques instead, effectively stealing encryption keys from the QUIK storage and transferring them to cybercriminals, still using the same IP to avoid detection.

"The end customer should use standard methods of antivirus defense if he or she runs financial software on a personal computer which is connected to public networks," said Vladimir Kurlyandchik, head of business development at ARQA Technologies.

"People should use efficient internet security appliances and antivirus software, and also make use of firewalls. It is our standard recommendation," he added.

"In case of any suspicions of unauthorized access to an account the end user should immediately initiate the procedure of changing access keys, along with new user IDs and secure passwords," he added.

Kurlyandchik also stated that the QUIK platform incorporates several new technologies to also help prevent unauthorized access, including two factor authentications using either RSA Secure-ID tokens or SMS messages sent to a pre-registered phone, as well as other similar security devices.

"The securities broker now has a few and improved tools to monitor suspicious activity and to block access to the system from suspicious IP-addresses, hosts etc," he said.

In other internet security news

Since last week, many hosting providers are reporting a huge increase in attempts to hack into blogs and content management systems, with WordPress implementations again being hit the most with hackers' offensive. It's not the first time that Wordpress blogs have been the subject of hacking attempts and it probably won't be the last.

Thousands of Wordpress installations across the globe were hit by a brute force botnet attack, featuring several attempts to hack into blogs using a combination of popular usernames (eg, "admin", "myblog" and "user") and an array of unsafe passwords such as "god", "sex", "love" and "1 2 3 4 5".

Attacks of this type are commonplace-- it's the sharp rise in volume late last week to around three to four times the normal volume rather than anything technically devious that has set many alarm bells ringing all over the web.

Around 90,000 compromised servers have been attempting to break into WordPress websites by continually trying to guess the username and password to get into the WordPress admin dashboard.

To help mitigate such attacks, the senior system administration team at Sun Hosting, a large Canadian hosting provider, has rolled out wide security policies to help contain and limit such attacks. For the time being, the company has removed any public information detailing the new way they're blocking the attacks, as the hackers seem to be actively monitoring for changes, and altering their tactics.

Sun Hosting says: "If your site or blog has been targeted in similar attacks, the security precautions we've implemented may limit the access to your WordPress admin dashboard. We have chosen to proactively protect our customers from such attacks in order to avoid a potentially larger security issue on your account. Your admin password should consist of a minimum of 12 characters, with upper case and lower case letters, numbers as well as ponctuation marks."

The primary target appears to be WordPress installations but Joomla users also reportedly took some hammering as well. Early suggestions are that hackers are looking to harvest "low-hanging fruit" as quickly as possible in order to gain access to a bank of compromised sites for follow-up malfeasance, which could be anything from hosting malware to publishing phishing pages or running some sort of denial of service attack.

"It's 'doorknob rattling' but on an industrial and international scale," notes Paul Ducklin, Sophos's head of technology for Asia Pacific.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Source: UKBPA.

Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

Click here to order your new fully dedicated Plesk server with the Linux operating system.

Get your Linux or Windows dedicated server today.

Click here to order your new fully dedicated Plesk server with the Linux operating system.

Click here to order your new fully dedicated Plesk server with the Linux operating system.