Posts Tagged ‘Cyber Crime’

By: Francesco Trama: Co-Founder: PacketViper, LLC

Network Security Driving Me NutsI woke one morning and found this alert in my email:

ON WORLD Press Freedom Day, Saturday May 3, Panama’s TVN channel 2 received another “cyber-attack” on its website (tvn-2.com). The network said that the attacks have gone on continuously for five days leading up to Sunday’s election and a TVN broadcaster has been threatened via Twitter. read http://www.newsroompanama.com/panama/7645-press-freedom-day-marred-by-cyber-attack-on-tvn.html” 

My opinion is this: There needs to be a point when “we” as security sales professionals provide a disclaimer that clearly explains:

Disclaimer: This security device may get you 80% secure at best with hard work, and commitment; This device will need constant attention, managing, and there’s a good possibility if you forget, or ignore something on it your network and all its data will be compromised! 

I’m sure it might say something in twenty paragraphs of the EULA.

There are many factors on why I say this,

1. Complexity

2. Learning curve

3. Commitment to product

4. Lack of firewall and security knowledge

5. Management

6. False sense of security after the sale.

[Read More]

Since the UN Identified this back in February, do you think the infections have spread, or have been curtailed? I would say with near certainty they have grown exponentially like a plague in every direction uncontrollably.  Here in the US we are finding it difficult to manage our own break outs, even though at times we can slow the growth. Now imagine the “up and coming” tech areas to our south, still getting their “%^&*” together.

By no means am I saying “we” (US) has theirs together, I just consider us further along is all.

Given they are still in their “tech growing phase” these or any under developed tech areas should be considered high risk, and treated with higher scrutiny and limited how your networks are exposed to these areas.

By Francesco Trama

 

Explainer: Cybercrime in Latin America

” Illegal botnets, or networks of remote-controlled computers infected with malware, have been found throughout Latin America. Also known as “zombie computers,” these networks can be used for a variety of cybercrimes, ranging from stealing personal information to sending spam. Trustnet’s study found that nearly half of all global cybercrime takes place through remote access with methods like botnets.

Cybercriminals from anywhere in the world can control the botnets through command and control servers, or C&Cs. A February 2013 UN draft report identified significant clusters of C&Cs in the Caribbean basin, as well as Central America. Two types of malware spawned zombie computers in the region last year—one called Dorkbot that infected 80,000 computers in 10 Latin American countries, the other called the Flashback virus, which harmed 40,000 Latin American computers.”

Source: http://www.as-coa.org/articles/explainer-cybercrime-latin-america

I read a disturbing alert/article which claimed that

“Thousands of WordPress websites are being used to carry out a huge cyber attack campaign in the form of a distributed denial of service [DDoS] attack.

The Hacker News reports that hackers have targeted “a large number” of sites on the WordPress platform after successfully compromising some 90,000 servers way back in April 2012 and in the process have created a WordPress botnet.

Read more: http://www.itproportal.com/2013/09/27/hackers-launch-huge-ddos-attack-using-wordpress-websites/#ixzz2g7QmIaMQ”

This is obviously concerning to many folks, and our customers.  What we decided to do is create a Global Network List (tm) for our customers which will contain all AUTOMATTIC Inc (WordPress) IP addresses, just over 60,000. Customers will be able to now set triggers to alert, restrict, rate limit, and or block based exclusively on AUTOMATIC Inc networks.

Obviously we do not feel WordPress, their affiliates, or AUTOMATTIC Inc is a bad entity, rather a quality provider of online services to the public. This is simply a stop gap measure for our customers to limit any DDOS potential for compromised systems within, should they need to.

Let me explain what PacketViper Global Network Lists are.  PacketViper aside from per port Geo IP filtering includes our patent pending Global Network Lists.  Our Global Network Lists are a collection of global business (i.e Microsoft, eBay, Amazon, Automattic Inc), collocation providers (i.e. Softlayer, Expedient, Ubiquity), high risk networks (i.e. malware, botnet, C&C), and many other varieties of industries.  Customers can quickly choose to allow or deny any of the thousands of industries based on their value to their business. This gives more granularity to the customer, on top of the per port Geo IP filtering.

For Instance: if a customer is filtering many geo-locations, and wants to insure Microsoft networks like email servers, or some application widgets can always reach the customers network.  They would simply place a check mark next to Microsoft, enter the ports needed to communicate with Microsoft, click on save, and they are done.

Global Network List Screen Shot

Image

 

 

By Francesco Trama