Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

94 percent of all security incidents fall into 9 basic attack patterns

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

April 22, 2014

Click here to order the best dedicated server and at a great price.

Businesses today really need to lock down their PoS (point-of-sale) systems. However, to a lesser extent, they don't have to worry as much as banks and financial services companies do.

Overall, statistics demonstrate that about 94 percent of all internet security incidents fall into nine basic attack patterns

And web app attacks dominate the financial services sector. Point-of-sale and distributed denial of service attacks plague the retail segment, according to Verizon.

Those are the primary takeaways from Verizon's 2014 Data Breach Investigations Report which included 50 global companies' statistics, 1,367 confirmed data breaches and 63,437 security incidents.

What these security incidents highlight is the risk weighting by industry. "It's a complex landscape and you simply can't take a top 10 list and say that everyone defend against the same things," said Jay Jacobs, senior analyst at Verizon Enterprise Solutions.

But since 2013 was the year of retail attacks -- or at least publicized ones, thanks to Target -- here's a snippet from the report-- "From an attack pattern standpoint, the most simplistic narrative is as follows-- Compromise the POS device, install malware to collect magnetic stripe data in process, retrieve data, and cash in.

All of these attacks share financial gain as a motive, and most can be conclusively attributed (and the rest most likely as well) to organized criminal groups operating out of Eastern Europe. Such groups are very efficient at what they do.

While the majority of these cases look very much alike, the steps taken to compromise the point-of-sale environment offer some interesting variations, the Verizon report suggests.

The most popular PoS attack involves RAM-scraping malware, which grabs payment card data while it's being processed in RAM memory before it's encrypted.

Regarding Web attacks, Verizon's Enterprise unit recommended the following controls:

  • Don't use single-factor password authentication on anything that faces the Internet.
  • Set up automatic patches for any content management system such as Drupal and WordPress.
  • Fix vulnerabilities right away before the bad guys find them.
  • Enforce strict lockout and lockdown policies.
  • Monitor all outbound connections.
  • Overall, insider misuse still remains a huge issue and much of its security still revolves around trusting an individual, often an employee.

    Health care, public sector, and mining are typically the industries with the most lost and stolen laptops. Thefts are often exposed in those industries due to mandatory reporting requirements.

    The United States remains the largest victim of cyberespionage, with South Korea a distant second. State-affiliated actors are 87 percent of cyberespionage cases and 49 percent of them hail from Eastern Asia.

    Verizon's advice for preventing stolen equipment was conventional for the most part: encrypt all devices, back them up carefully and lock them down.

    The wireless carrier added-- "Yes, it's unorthodox as far as recommendations go, but it might actually be an effective theft deterrent, though it will probably increase loss frequency.

    In other internet security news

    The Canadian RCMP (Royal Canadian Mounted Police) has arrested a 19-year old teenager who allegedly used the Heartbleed Internet bug to hack into Canada's revenue tax agency in the last week.

    Shortly after the Internet bug was discovered and revealed to the whole world last week, the Canada Revenue Agency suffered a data breach that leaked the Social Insurance Numbers of about 900 Canadian taxpayers.

    The revenue agency was forced to shut down its website temporarily to prevent further theft of sensitive personal information.

    Today, the RCMP said it arrested Stephen Arthuro Solis-Reyes at his London, Ontario home Tuesday. During the police raid, federal agents seized computer equipment as criminal evidence.

    Solis-Reyes now faces two counts of federal computer-related crimes. He is scheduled to appear in an Ottawa courtroom tomorrow. The arrest appears to be the first related to the Heartbleed bug since it was discovered last week.

    Assuming the federal police arrested the right individual, Solis-Reyes could go down in hacking history. Whoever committed the breach single-handedly delayed the country's tax-return deadline by nearly a week.

    Canada's taxing authority pushed back its tax-filing deadline from April 30 to May 5, a potentially costly wait. The RCMP, who function as federal law enforcement officers, were "working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations," said Assistant Commissioner Gilles Michaud.

    In the meantime, the tax agency is carefully combing through its computer systems to determine the extent of the damage.

    "We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed," the Canada Revenue Agency said in a statement.

    To address similar concerns in the United States, the IRS assured taxpayers its systems were secure. The IRS last week told taxpayers to ignore Heartbleed and file their returns anyway.

    In other internet security news

    It's reported this morning by Der Spiegel that Germany’s space research centre in Cologne has been the victim of a co-ordinated and covert targeted attack carried out by state-sponsored hackers.

    The paper's article says that last Sunday the German Aerospace Centre contacted the National Cyber Defence Centre in Bonn after it found malware on computers used by researchers and system admins in the Centre.

    The attack was co-ordinated and systematic with some of the Trojans used designed to self-destruct on discovery, while other malware lay silent for several months before being activated, according to Der Spiegel.

    Although Chinese characters have been found in some of the malicious code recovered and some recurring typos may suggest an attacker from the Middle Kingdom, this could be mere camouflage, an insider told the paper.

    As such, the NSA can’t be completely ruled out, he said. The news set alarm bells ringing all over Berlin as DLR not only researches space and aeronautics systems but also armament and rocket technologies as well.

    Given the United States’ pre-eminent global position in space exploration, it’s unlikely but not impossible that it would resort to such tactics.

    China would seem more likely at first glance. This is despite the fact that Germany became the first foreign country to collaborate with the Middle Kingdom on its space missions when a DLR-developed SIMBOX project was carried out on the Shenzhou 8 mission in 2011. DLR signed a deal with China on co-operation in space as far back as 2008.

    In other internet security news

    In the last few years, several web portals and testing tools have popped up to check whether servers and other equipment are vulnerable to OpenSSL's 'Heartbleed' bug, and that's fine. The only problem is that those tools have unearthed several anomalies in computer crime law on both sides of the Atlantic.

    Both the U.S. Computer Fraud and Abuse Act and its British equivalent, the Computer Misuse Act, both make it illegal to test the security of third-party websites without prior permission.

    Specifically, testing to see what version of OpenSSL a website is running, and whether it also supports the vulnerable Heartbeat protocol, would be legal. But doing anything more active – without permission from website owners – would take security researchers on the wrong side of the law, making it a federal crime.

    Chris Wysopal, co-founder of Veracode and former member of the celebrated Boston-based hacking crew Lopht, was among the first security researchers to raise the issue-- "I would say it would certainly contravene the Computer Misuse Act in Britain," said computer security researcher David Litchfield, a celebrated expert in database security issues.

    "This is no different than testing to see if a site is vulnerable to SQL injection. It's not legal without permission," he added.

    Unauthorised security probing is illegal under section 3 of Britain's Computer Misuse Act of 1990, whatever the intent, as case law has established.

    Information technology lawyer Dai Davis, a solicitor at Percy Crow Davis & Co says that actively scanning for the Heartbleed vulnerability would violate the U.K. computer crime laws, even though this "violation" is unlikely to be enforced. But it can be, nevertheless.

    "Under current British law, you could argue that running scans is just about criminal," Davis added. "It's not in the spirit of the law but the Computer Misuse Act is badly written, but that's how it stands today, like it or not."

    Some security researchers argued that there ought to be an exemption to these laws if the activity is "helpful", while others say that this aspect of computer crime law is not being enforced or is, in any case, being ignored.

    "It’s not legal, but vast numbers of otherwise ethical security professionals are testing every site on the internet. And that's being done every single day," tweeted Martin McKeay, a security researcher at Akamai.

    Heartbleed is a catastrophic flaw in widely used OpenSSL that creates a means for attackers to lift passwords, crypto-keys and other sensitive data from the memory of secure server software, 64 KB at a time.

    This huge internet security vulnerability was patched earlier this week, and software should be updated to use the new version, 1.0.1g. But to fully clean up the security issue, system admins of at-risk servers should generate new public-private key pairs, destroy their session cookies, and update their SSL certificates before telling users to change every potentially compromised password on the vulnerable systems.

    In other internet security news

    A new security flaw has exposed millions of internet passwords, credit card numbers and other sensitive data to potential theft by computer hackers who may have been secretly exploiting the issue before its discovery this morning.

    The security breach affects the encryption technology that is supposed to protect online accounts for emails, instant messaging and a wide range of electronic commerce services.

    Internet security researchers who uncovered the threat, known as "Heartbleed," are particularly concerned about the issue because it went undetected for more than two years, giving hackers plenty of time to do some very nasty things.

    Although there is now a method to close that security flaw, there are still plenty of reasons to be concerned, said David Chartier, CEO of Codenomicon, a security company based in Finland.

    A team at Codenomicon diagnosed Heartbleed while working independently with a Google researcher who also discovered the threat.

    "I don't think anyone that had been using this technology is in a position to definitively say they weren't compromised," Chartier said.

    Chartier, and other computer security experts, are advising people to consider changing all their online passwords. "I would change every password everywhere because it's possible that something was sniffed out," said Wolfgang Kandek, chief technology officer for Qualys, a maker of security-analysis software.

    "You simply don't know since an attack wouldn't have left a distinct footprint anywhere," he added. But changing the passwords won't do any good, these experts said, until the affected services install the software released Monday to repair the issue.

    That places the onus on the Internet services affected by Heartbleed to alert their users to the potential risks and let them know when the Heartbleed repair patch has been installed so they can change their passwords.

    "This is going to be difficult for the average person to understand, because it's difficult to know who has done what and what is safe or not," Chartier added.

    Yahoo, which boasts more than 800 million users globally, is among the Internet services firm that could be potentially hurt by Heartbleed. The company said most of its popular services including sports, finance and Tumblr had been fixed, but work was still being done on other services that it didn't identify in a statement late yesterday.

    "We're focused on providing the most secure experience possible for all our users and are continuously working to protect our customers' data," Yahoo said.

    To be sure, Heartbleed creates an opening in SSL/TLS, an encryption technology marked by the small, closed padlock and "https:" on Web browsers to signify that internet traffic is secure. The security hole makes it possible to snoop on Internet traffic even if the padlock had been closed.

    Potential attackers could also take the keys for deciphering encrypted data without the website owners knowing the theft had occurred, according to security researchers.

    The security vulnerability affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet used today.

    About 68.4 percent of all Web servers rely on OpenSSL, Chartier said. That means the data passing through hundreds of thousands of websites could be compromised, despite the protection offered by SSL encryption technology.

    Beside emails and chats, OpenSSL is also used to secure virtual private networks, which are used by employees to connect with corporate networks seeking to shield confidential information from prying eyes.

    If you need reliability when it comes to SMTP servers, get the best, get Port 587.

    Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

    Share on Twitter.

    Source: The Royal Canadian Mounted Police.

    Click here to order the best dedicated server and at a great price.

    Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

    You can link to the Internet Security web site as much as you like.

    Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
    Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

    Click here to order our special clearance dedicated servers.

    Get your Linux or Windows dedicated server today.

    Click here to order our special clearance dedicated servers.