Opinions about information security from a risk management perspective
SpyEye v. ZeuS Rivalry Ends in Quiet Merger — Krebs on Security.
Brian Krebs today is providing an update on banking Trojan activity. While ZeuS has been in the public eye, another banking Trojan SpyEye seems to be ascending.
In the last several years, it is estimated that the ZeuS Trojan enabled the theft of more than $70 million from nearly 400 organizations.
Study: Electronic theft surpasses physical theft | Security – CNET News.
Kroll just released its fourth annual worldwide fraud survey. For the first time “Information theft, loss, or attack” surpasses “Theft of physical assets or stock,” 27.3% to 27.2% respectively. In addition overall fraud increased by 20%.
What accounts for this dramatic increase?
The fast pace at which technology changes poses a huge challenge in combatting electronic theft–28 percent of the companies polled said this is the one factor that raises their vulnerability to fraud. But still, only 48 percent said they plan to spend more money on IT security over the next year, down from 51 percent last year.
Via NetworkWorld, Sophos is reporting that Ping, Apple’s new social network add-on to iTunes, is “drowning in scams and spam.” Sophos says, “Apple has not implemented any form of automated spam or URL filtering in Ping,” although they do appear to be filtering profile photos for obscenity and copyright infringement.
This comes on top of other generally negative reviews of Ping:
– Apple’s Ping is a big pile of steaming dung
– Ping is neither social, nor is it a network. Discuss.
The biggest issue seems to be lack of integration with Facebook.
Earlier this week, the NYTimes wrote an article on the life and times of BadB, Vladislav Horohorin, a Russian cyber criminal recently arrested while on a trip to France.
He is expected to appear soon before a French court that will decide on his potential extradition to the United States, where Mr. Horohorin could face up to 12 years in prison and a fine of $500,000 if he is convicted on charges of fraud and identity theft. For at least nine months, however, he lived openly in Moscow as one of the world’s most wanted computer criminals.
It appears that BadB operated openly in Russia despite the fact that he was indicted in the United States in November 2009. He was arrested only because he traveled to a country which respects the rule of law and does not have an adversarial relationship with the U.S.
Computer security researchers have raised a more sinister prospect: that criminal spamming gangs have been co-opted by the intelligence agencies in Russia, which provide cover for their activities in exchange for the criminals’ expertise or for allowing their networks of virus-infected computers to be used for political purposes — to crash dissident Web sites, perhaps.
Definitely worth reading the whole article.
The Wall St. Journal is reporting that fraud related to the sale of virtual goods, primarily in online games, increased to 1.9% in 2009. This compares to 1.1% for physical goods. These numbers are coming from CyberSource Corp., a subsidiary of Visa, which provides payment management services including fraud detection related to the sale of digital goods. (We at Cymbel have no relationship with CyberSource or the other vendors like PayPal mentioned in the article.)
While interesting, these numbers are not surprising. As the article states, many of the precautions that can be used in the physical world, like checking the shipping address against the address on the credit card, are not available in the world of purely digital goods.
So for those selling digital goods, selecting a payment processing provider should be just as much about its fraud detection capabilities as processing fees.
