From malware on Google's Android phones to the US Defense Advanced Research Projects Agency trying to understand how stories or narratives impact security and human behaviour, the security world certainly is never boring. Here we take a look at 20 security stories that have shaped the industry in the past few months.
Is retaliation the answer to cyberattacks?
Should revenge assaults be just another security tool large IT shops use to counter cyberattacks? It's a controversial idea, and the law generally frowns on cyberattacks in general. But at the Black Hat DC conference in January, some speakers took up the issue of whether and how organisations should counterattack against adversaries clearly using attack tools to break into and subvert corporate data security. One idea that got plenty of attention here was the notion of exploiting vulnerabilities in attack tools and botnets to try to determine what the attacker was going after or feed fake data, or even dive into the attacker's network lair.
Cybercriminals targeting point-of-sale devices
Point-of-sale payment processing devices for credit and debit cards are proving to be rich targets for cybercriminals due to lax security controls, particularly among small businesses, according to a report from Trustwave. Trustwave, which investigates payment card breaches for companies such as American Express, Visa and MasterCard, conducted 220 investigations worldwide involving data breaches in 2010. The vast majority of those cases came down to weaknesses in POS devices. "Representing many targets and due to well-known vulnerabilities, POS systems continue to be the easiest method for criminals to obtain the data necessary to commit payment card fraud," according to Trustwave's Global Security Report 2011.
Google Android's infected apps spotlight mobile danger
The Google Android Market for apps is supposed to be an apps showplace, but the fact that Google yanked down about 50 Android apps it found out were malicious came as something of a jolt to many in the security industry. "We believe they all had the same malware," said Kevin Mahaffey, CTO at Lookout Mobile Security, which has taken to calling it the DroidDream infection. The apps were released under the Google-registered developer names 'Kingmall2010', 'we20090202' and 'Myournet', which Lookout Mobile suspects are all the same person or group. At least one of the malicious apps is based on stolen software that was Trojanised and submitted to Google. Most of the malicious Google Android apps to date have been on third-party websites, but this week's episode of the malicious Google Apps on the Android market calls into question the vetting process.
FBI: Internet crime high; types of misdeeds changing
The FBI's 10th annual internet crime report finds that complaints and money losses are at an almost all-time high with non-delivery of payment or merchandise, scams impersonating the FBI and identity theft leading to top 10 online complaint parade. The report - which is issued through the FBI's partner the Internet Crime Complaint Center (IC3) and the National White Collar Crime Center (NW3C) - found that in 2010, IC3 received 303,809 complaints of internet crime, the second-highest total in IC3's 10-year history. IC3 also reached a major milestone this year when it received its 2 millionth complaint. On average, the group receives and processes 25,000 complaints per month.
NEXT PAGE: New cyberattack plans
- Malicious Android apps
- New cyberattack plans
- Cryptographic security for iPhones and Android
- Anonymous forces CEO of HBGary to step down
- Low-cost SSL proxy