Government Technology

    Digital Communities
    Industry Members

  • Click sponsor logos for whitepapers, case studies, and best practices.
  • McAfee

Cisco Report Identifies Rising Security Threats on and off Social Media



December 10, 2009 By

Cisco Systems released an annual report on Tuesday, Dec. 8, that identifies pesky malware strains that plague users on Web 2.0 platforms and highlights some government breaches from the past 12 months.

The 40-page Cisco 2009 Annual Security Report is all about global cyber-security dangers that we should watch for. They wreaked havoc from January to December, and the vendor encourages the worldwide Internet community to be vigilant in 2010 or risk further compromise and embarrassment.

"We're seeing rapid adoption of social media by enterprises across vertical markets, and we're seeing the opportunity to communicate and collaborate is also posing security challenges for the enterprise," said Henry Stern, Cisco's senior security researcher. "We need to work more on public-private partnerships across enterprises and government and, for that matter, collaboration among enterprises to maintain some inertia toward fighting spam, botnets and online criminals."

He explained that these digital ne'er-do-wells learn quickly, and the money-laundering industry supporting them has topped $100 million per year.

The report cited an incident in July when attackers from the Ukraine used Zeus malware to infect the county treasurer's desktop in Bullitt County, Ky., to steal authentication credentials and rob Bullitt of $415,000 over multiple wire transactions.

"We have Zeus, which is a shrink-wrapped banking Trojan designed for stealing information from people's computers, and has functionality built into it to perform what's called a man-in-the-browser attack, and this is how criminals can get past secure socket layer and two-factor authentication," Stern said.

So everyone's vulnerable, from consumers who do online banking to companies to government finance departments.

Zeus was identified in the report as code that's growing in adoption with a high success rate and high potential for profitability. Koobface, a social media worm that dupes users into downloading malware, was cited as high-growth but less profitable.

"When people are becoming more personal, revealing more personal information through things like social networks - these are opening doors for criminals to infiltrate organizations," Stern said.

Palo Alto Networks highlighted the risks Web 2.0 can bring to public and private organizations in the Application Usage and Risk Report that was unveiled on Nov. 9. As workplaces use more social media and instant messaging applications to communicate and transfer files, they open a gateway to more types of digital corruption that can bypass network firewalls.

But even those who don't think they're worth robbing or breaching can be at risk because of their connection to others.

"People will often think, 'I don't have any money in my bank account anyway. What are they going to do to me?' and not realizing the scope of damage that could be undertaken," Stern explained. The social media account could allow them to see your loved ones' information, not just yours. "They're doing that using your identity and your friends' trust of you, and that's something that you can possibly never recover."

The Cisco report also features the Global ARMS Race Index, which attempts to gauge the level of online criminal activity, from the safest at 1 to the most dangerous at 9.5+. As of this December, the global community is at an orange 7.2, meaning that "enterprise networks are experiencing persistent infections and consumer systems are infected at levels capable of producing consistent and alarming levels of service abuse."

The report also noted that criminals can target government agencies for reasons that have little to do with financial gain. In August 2009, hackers tried to use denial-of-service attacks to silence a blogger in the former Soviet republic of Georgia who criticized the Russian government.

 


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Digital Cities & Counties Survey: Best Practices Quick Reference Guide
This Best Practices Quick Reference Guide is a compilation of examples from the 2013 Digital Cities and Counties Surveys showcasing the innovative ways local governments are using technological tools to respond to the needs of their communities. It is our hope that by calling attention to just a few examples from cities and counties of all sizes, we will encourage further collaboration and spark additional creativity in local government service delivery.
Wireless Reporting Takes Pain (& Wait) out of Voting
In Michigan and Minnesota counties, wireless voting via the AT&T network has brought speed, efficiency and accuracy to elections - another illustration of how mobility and machine-to-machine (M2M) technology help governments to bring superior services and communication to constituents.
Why Would a City Proclaim Their Data “Open by Default?”
The City of Palo Alto, California, a 2013 Center for Digital Government Digital City Survey winner, has officially proclaimed “open” to be the default setting for all city data. Are they courageous or crazy?
View All