Government Technology

Cisco Report Identifies Rising Security Threats on and off Social Media



December 10, 2009 By

Cisco Systems released an annual report on Tuesday, Dec. 8, that identifies pesky malware strains that plague users on Web 2.0 platforms and highlights some government breaches from the past 12 months.

The 40-page Cisco 2009 Annual Security Report is all about global cyber-security dangers that we should watch for. They wreaked havoc from January to December, and the vendor encourages the worldwide Internet community to be vigilant in 2010 or risk further compromise and embarrassment.

"We're seeing rapid adoption of social media by enterprises across vertical markets, and we're seeing the opportunity to communicate and collaborate is also posing security challenges for the enterprise," said Henry Stern, Cisco's senior security researcher. "We need to work more on public-private partnerships across enterprises and government and, for that matter, collaboration among enterprises to maintain some inertia toward fighting spam, botnets and online criminals."

He explained that these digital ne'er-do-wells learn quickly, and the money-laundering industry supporting them has topped $100 million per year.

The report cited an incident in July when attackers from the Ukraine used Zeus malware to infect the county treasurer's desktop in Bullitt County, Ky., to steal authentication credentials and rob Bullitt of $415,000 over multiple wire transactions.

"We have Zeus, which is a shrink-wrapped banking Trojan designed for stealing information from people's computers, and has functionality built into it to perform what's called a man-in-the-browser attack, and this is how criminals can get past secure socket layer and two-factor authentication," Stern said.

So everyone's vulnerable, from consumers who do online banking to companies to government finance departments.

Zeus was identified in the report as code that's growing in adoption with a high success rate and high potential for profitability. Koobface, a social media worm that dupes users into downloading malware, was cited as high-growth but less profitable.

"When people are becoming more personal, revealing more personal information through things like social networks - these are opening doors for criminals to infiltrate organizations," Stern said.

Palo Alto Networks highlighted the risks Web 2.0 can bring to public and private organizations in the Application Usage and Risk Report that was unveiled on Nov. 9. As workplaces use more social media and instant messaging applications to communicate and transfer files, they open a gateway to more types of digital corruption that can bypass network firewalls.

But even those who don't think they're worth robbing or breaching can be at risk because of their connection to others.

"People will often think, 'I don't have any money in my bank account anyway. What are they going to do to me?' and not realizing the scope of damage that could be undertaken," Stern explained. The social media account could allow them to see your loved ones' information, not just yours. "They're doing that using your identity and your friends' trust of you, and that's something that you can possibly never recover."

The Cisco report also features the Global ARMS Race Index, which attempts to gauge the level of online criminal activity, from the safest at 1 to the most dangerous at 9.5+. As of this December, the global community is at an orange 7.2, meaning that "enterprise networks are experiencing persistent infections and consumer systems are infected at levels capable of producing consistent and alarming levels of service abuse."

The report also noted that criminals can target government agencies for reasons that have little to do with financial gain. In August 2009, hackers tried to use denial-of-service attacks to silence a blogger in the former Soviet republic of Georgia who criticized the Russian government.

 


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Maintain Your IT Budget with Consistent Compliance Practices
Between the demands of meeting federal IT compliance mandates, increasing cybersecurity threats, and ever-shrinking budgets, it’s not uncommon for routine maintenance tasks to slip among state and local government IT departments. If it’s been months, or even only days, since you have maintained your systems, your agency may not be prepared for a compliance audit—and that could have severe financial consequences. Regardless of your mission, consistent systems keep your data secure, your age
Best Practice Guide for Cloud and As-A-Service Procurements
While technology service options for government continue to evolve, procurement processes and policies have remained firmly rooted in practices that are no longer effective. This guide, built upon the collaborative work of state and local government and industry executives, outlines and explains the changes needed for more flexible and agile procurement processes.
Fresh Ideas In Online Security for Public Safety Organizations
Lesley Carhart, Senior Information Security Specialist at Motorola Solutions, knows that online and computer security are more challenging than ever. Personal smartphones, removable devices like USB storage drives, and social media have a significant impact on security. In “Fresh Ideas in Online Security for Public Safely Organizations,” Lesley provides recommendations to improve your online security against threats from social networks, removable devices, weak passwords and digital photos.
View All

Featured Papers