Allow me to frame the threat of cybercrime that we all face by quoting from Jeff Debrosse’s 2009 Cybersecurity Review white paper: Cybercriminals are global and often well organized. They are smaller and more maneuverable than most corporations. Some are sheltered by certain G8 economic countries’ policies and laws. Their thefts fuel their home country’s
We have discussed SEO poisoning extensively in the ESET Threat Blog, and it should come as no surprise to our readers that any topic which trends up quickly in search engine traffic will be exploited by the criminals who specialize in such activities. The poisoned search term du jour is “erin andrews death threat”. Apparently,
A short time ago I was watching someone I know type in a password to an important web site. I wasn’t looking to see what the password was, however I noticed it wasn’t long and it was all entered on the numeric keypad. This is someone who is not a security expert, but has heard
September 2009 saw some key security analysis raining directly onto the Adobe PDF platform, particularly with SANS pointing towards remote code execution within PDFs as one of the top threat vectors: Adobe Acrobat, Reader, and Flash Player Remote Code Execution Vulnerability (CVE-2009-1862) Adobe Reader Remote Code Execution Vulnerability (CVE-2009-1493) Kudos to Adobe for patching these
SANS posted a story at the Internet Storm Center a couple of days ago that they were seeing fake email from the IRS. (Even I don’t have time to read everything on the Internet relating to current information security issues.) The emails described try to kid the victim that they’ve under-reported or failed to report
A couple of weeks ago I posted an entry on here about the size of the cybercrime problem from a dollar perspective. I pointed out that is was reported that US banks had lost US$40 million per month for the third quarter of 2009 due to online banking fraud. Also, the 2009 Internet Crime Report
About a month ago I gave a presentation in Kuala Lumpur that covered some of the concerns about the seemingly enthusiastic rush to push everything out “to the cloud”. People in the Marketing business love the term “cloud computing” and have come up with some lovely images of fluffy clouds reflected on office blocks and
[Interim updates removed: later information on Twitter profile attacks and Blackhat SEO attacks using keywords related to this topic to spread malware, has been made public in a later blog at http://www.eset.com/blog/2010/03/30/here-come-more-of-the-ghouls.] Following this morning’s bombings in the Moscow Metro (subway system), Aryeh Goretsky suggests the likelihood of criminals using “blackhat SEO” (search engine optimization
Looking into their crystal balls (no jokes, please) at the end of 2009, our colleagues in Latin America came up with a prophecy that was later incorporated into a white paper (2010: Cybercrime Coming of Age): In June 2010, one of the most popular regular sports events, the soccer World Cup, will take place in
There’s a news item out at the moment about how a French man has been arrested for a host of Twitter account attacks including the accounts of US President Obama and Britney Spears. It seems the hacks were carried out in April last year and the arrest came about after collaboration between the US FBI
A flurry of long-overdue government initiatives designed to address cybercrime has begun to actually develop some momentum. When I consider that it took a year to just get a cybersecurity bill through committee, I think of Nero fiddling while Rome burns, especially when everyone on the committee appears to believe it’s critical legislation. The CyberSecurity
Two weeks ago I acted as a panelist in a panel discussion at an IT Security conference in Kuala Lumpur. I was asked a question about global cybercrime laws. And I’ve just read Randy Abrams’ blog that he posted here today about the proposed new US legislation that is ultimately aimed at driving other nations
Engineers are really smart people who often know how to make something with no real world effectiveness work really well without effect. In a glaring example of marketing hype, very limited effectiveness, and a lesson in teaching users to fall for phishing attacks, Pavni Diwanji, Engineering Director at Google published a blog post http://googleonlinesecurity.blogspot.com/2010/03/detecting-suspicious-account-activity.html The
Back on the 22nd of February, I wrote an entry on this blog called “Does Anybody Know WHOIS Out There?”. This entry was about the very slack or even non-existent verification of identification information (sheesh, try saying THAT with a few beers under your belt!) provided by individuals and organizations registering domain names on the
The Apple iPad is the current gadget du jour amongst the digerati and has been seeing strong presales, with estimates as high as 150,000 units on the first day. With such attention in the media and the blogosphere, it is no wonder that both legitimate businesses and scammers have taken to using it as bait
The Anti-Phishing Working Group has asked its members to publicize the forthcoming Counter eCrime Operations Summit in Brazil, which I’m pleased to do. This year the APWG is hosting it’s fourth annual Counter eCrime Operations Summit (CeCOS IV) on May 11, 12 & 13 in São Paulo, Brazil. The Discounted Early Bird Registration rate will
[Update: so far I have two votes for dumb. Maybe I’m giving this spammer too much credit, and it is a simple “spam template fail” 😉 On the other hand, while I wouldn’t vote “evil genius”, I’d still love to know how many people actually fall for this – I don’t have a problem envisaging
It has been a year since we last discussed fraudulent domain name registrar scams and we wanted to let people know that this scam continues unabated. In a nutshell, a message is sent to a publicly-visible email address listed on your website (sales, support, the CEO’s office, a public relations contact, et cetera) from a
Greetings, friends and fiends. It’s been a while since I’ve been able to blog: I’ve been trying out one of these vacation thingies that I keep reading about in travel magazines. (Well, my wife does, and she tells me when I need a holiday, presumably as my conversations get grouchier.) But I see that my
We have recently seen some reports that give some idea of the real size of the cybercrime problem. Recently Federal Deposit Insurance Corporation (FDIC) Examiner Dave Nelson reported that online banking fraud involving the electronic transfer of funds cost US banks more than $40 million dollars per month for the third quarter of 2009. The
Ford Motor Company has recently announced that later this year it will be producing cars with built-in WiFi capabilities. Since 2008, the first generation of this system enabled owners of certain Ford, Lincoln & Mercury vehicles to connect media players & bluetooth devices to their entertainment systems. This second generation of its so called Sync