Trends Antivirus

Emerging Trends in Healthcare Security: Join @McAfeeBusiness For #SecChat Thursday 2/23

Posted by admin in McAfee on February 16, 2012

Healthcare demands a degree of confidentiality and privacy that exceeds almost any other industry. As a result, trends such as cloud computing and the consumerization of IT have unique implications for security professionals working in this sphere. With increased integration of electronic records, as well as evolving regulatory pressures and privacy laws, the complexity of managing these systems has grown significantly – underlining the urgency of addressing security risks.

During this month’s #SecChat, we hope to open up a discussion that will provide insight into how healthcare organizations effectively monitor networks, optimize incident response, and assess and mitigate the risk of a security incidents including breaches – particularly in the wake of emerging trends in IT.

Is the healthcare industry ready for cloud adoption? Or is a reluctance to migrate to the cloud justified, given both information security and HIPAA compliance concerns? What are some of the security and compliance implications of growing tablet use among clinicians, and how has your organization reacted to having so much sensitive information outside of the traditional IT infrastructure? Has social media use among healthcare professionals sparked any security issues at your org, and what kind of policies have been set in place to mitigate this risk?

Join us next Thursday, 2/23 at 10am PT by following the #SecChat hashtag and @McAfeeBusiness Twitter feed, and share your opinion on emerging trends in healthcare security – from cloud adoption and mobile applications, to social media, incident response and more.

Logistics: How do I participate in #SecChat?

Find

Search for the #SecChat hashtag (via TweetChat, TweetDeck, or a Twitter client) and watch the real-time stream.

Follow

@McAfeeBusiness will get the conversation rolling by posing a few questions to participants.

Engage!

Tweet your reactions, questions and @reply’s to the chat, making sure to use the #SecChat hashtag.
#SecChat should last about an hour.

Blog Central » Security Connected

#SecChat, 2/23, @McAfeeBusiness, Emerging, Healthcare, Join, Security, Thursday, Trends

No Comments

6 Trends for 2012: @McAfeeBusiness January #SecChat Recap

Posted by admin in McAfee on January 27, 2012

With the McAfee Labs’ 2012 predictions report as a guide, we started off this month’s #SecChat by crowdsourcing the question to our participants: what did the security community believe would be the most influential threats of 2012? We received a wide variety of speculations and well thought-out arguments, and we’ve collected what we hope is an accurate representation of the most buzzed-about topics of the hour:

1. Mobile & BYOD

Similar to what we reported in the McAfee whitepaper, many of you predicted that mobile threats would remain one of the most prominent vectors through 2012. But while nearly all of our 2011 sightings were concentrated on the Android platform, @rpermeh, @msarrel and others predicted that we are also due to see an increase in malware for iOS devices. In light of these increasing mobile threats, this presents a challenge for enterprises that have embraced BYOD policies. @hrbrmstr noted that organizations will struggle with increased demand for BYOD, but will continue to lack effective means to control and monitor the practice. @ChetWisniewski predicted that the mobile market would start to specialize, as did the market for desktop exploitations. While today’s attacks are for the most part opportunistic and interested in a quick monetary payoff, exploits will continue to evolve throughout 2012 to a focus on data theft.

2. Hacktivism

The threat of hacktivism is a particularly interesting case, because while most of our followers agreed that hacktivism would continue through 2012, many did not think that that it would necessarily increase in real-world influence. @jenatsafenet noted that “hackers love free publicity,” citing that hacktivist exploits often get much more buzz if they are timely – around holidays, elections, etc – influencing the time and type of attacks. @KPHaley in particular believes that the hacktivist threat will increase around this year’s election. Still, @FSLabsAdvisor predicts that some of the “fame-seeking” segments of hacktivist groups will burn out in 2012, causing a subsequent drop in media coverage which could affect how the world views them as a threat.

3. Social Engineering

As @chort0 pointed out, “social engineering is the only true multi-platform tool in the tech world”. As a result, no matter what #SecChat topic we choose, social engineering always seems to make an appearance by the end. Many of our participants voiced some of the best practices advice we discussed during our December chat on security awareness. @ChetWisniewski noted that we must partner with users, provide tools and education with practical advice, and remember that IT only becomes ‘the enemy’ when we act like dictators. @chort0 advised showing employees examples of real-world attacks, to encourage them to modify behavior.

4. Critical Infrastructure

As we moved on in our conversation, critical infrastructure stepped into the spotlight; a threat the McAfee Labs also predicted would be influential in the coming year. While @sam0910 agreed that critical infrastructure is more at risk than ever before, @ChetWisniewski asserted that those systems are no more vulnerable than anything else – the attacks just get more press, because there is a larger real-world impact when facilities are breached. @chort0 and @Shpantzer added that most hacktivists lack the skill and motivation for kinetic damage, and that nation-states could be influenced by the deterrent of MAD. Nevertheless, @KPHaley believes that infrastructure providers should be looking at exploits like Stuxnet and Duqu as a warning, and take steps that will allow them to mitigate the threat of attack. @rpermeh agreed, saying that these are particularly good targets for nation-state actors and hacktivists, as they provide a bridge from the cyber to the real world.

5. Cloud

We’ve heard time and time again that for many organizations, 2012 is set to become the “year of the cloud”. @KPHaley and @ChetWisniewski addressed the security implications of this New Year’s resolution, predicting that many companies will migrate to the cloud and only afterwards worry about data security. @ChetWisniewski in particular noted that very few organizations have a “cloud data” policy, and awareness is very low among end-users. There is a great need to provide contextual warnings, as well as an easy and secure means to share files and data. Many of our participants mentioned the problem orgs are now facing with systems like Dropbox, and the need to create something that will work well in place of it.

6. Showing how security is material to the business

To wrap up with a thought we think is important to bring home, one of the most poignant topics in our discussion was the importance of effective communication between IT/security and the business. As @securelexicon pointed out, the inability of information security professionals to communicate risk in business terms could be one of the biggest threats of all. It’s time to form alliances with executives beyond the IT bubble, work to understand their culture, and learn how to explain to a board how a more secure company is a more profitable company. @msarrel gave a particularly interesting tidbit of advice – he likes to show C-level executives material evidence showing how news of a data breach can directly correlate to a drop in stock price. Whatever method you choose, it is crucial that security advocates learn to speak the language of business if any of the above threats are going to be fully addressed going into 2012.

Thanks again to everyone who contributed to this month’s discussion. We are always so impressed by the breadth of knowledge shared, and the many professionals who take time out each month to share their experience with our community. For those of you who haven’t yet joined a #SecChat discussion, look out for our next topic announcement here in the blog and on Twitter at @McAfeeBusiness. We always enjoy welcoming new faces and opinions to the table, as well as suggestions for future discussion topics.

Blog Central » Security Connected

#SecChat, 2012, @McAfeeBusiness, JANUARY, Recap, Trends

No Comments

Mobile Devices: Security Trends to watch out for in 2012

Posted by admin in Gdata on January 27, 2012

Mobile devices were one of the hot topics of 2011 and are set to continue to be so in 2012. In an interview at the start of the year, media mogul Rupert Murdoch announced that everyone who could afford it would buy a tablet PC and that there would eventually be more than one billion of them worldwide.

Electronics are also popular Christmas gifts in 2011: According to a survey by high-tech association BITKOM, 13% of Germans want to give or buy a tablet PC while 16% want to give or buy smartphones.[1] In Germany alone, 2.1 million tablet PCs are expected to be sold, 162% more than in the previous year.[2]

Mobile devices equipped with the Android operating system have been popular for quite some time. In the third quarter of this year, the Android OS once again dominated the mobile all-rounder market with more than half the market share: 52.5% of all smartphones sold in this period had this operating system, ahead of Symbian (16.9%) and Apple (15.0%).[3] This now established leadership in customer preference is also a clear sign for malware writers that they can focus on this platform to benefit from wide-spread use of these devices.

Applications, or apps for short, provide the most convenient way for spreading malicious code. Everyone who has a Google-certified Android device can easily use his or her Google account to buy apps from the official Android market or alternatively download them from unofficial markets or websites. Miscreants hide their malicious code in apps that either look deceptively like popular apps or get customers interested in some other way. All it then takes is for the user to install the app on his or her mobile device to infect the phone. Once this has happened, the malware can damage the owner in many different ways: It can send SMS, sign up to premium SMS subscriptions, steel personal data, ‘root’ the phone, turn the device into a wire tap, and much more. The speed at which new malware functions are implemented is noticeably on the rise, whereas there are shockingly few updates available for the Android operating system at times. It has already been mentioned numerous times that Android might be the new Microsoft with regard to malware – the number of malware strains is on the rise but this is not stopping the rapid spread of the operating system.

At the moment, malicious applications are only installed by users themselves after they have been tricked, misled and convinced (social engineering). However, mobile devices offer so many technical possibilities that it is only a matter of time until we are faced with automatic attacks and infections where users are not actively involved. We expect such automated attacks to take place in the wild for the first time in 2012; probably in the form of drive-by infections triggered by websites visited, as is already common practice with computer malware. The respective proof of concept has been around since the start of the year.

[1] http://www.bitkom.org/70427_70422.aspx

[2] http://www.bitkom.org/de/presse/8477_70631.aspx

[3] http://www.gartner.com/it/page.jsp?id=1848514

This article is part of our “Security Trends to watch out for in 2012″ series.

This report will include discussion on:

Mobile Devices (smartphones and tablet computers)
Targeted Attacks
Major Events
Banking Trojans
Virtual Money
Internet-capable consumer electronics (smart TVs and consoles)

Go Safe. Go Safer. G Data.

USA – G Data Software, Inc.

2012, Devices, Mobile, Security, Trends, watch

No Comments

2012 Trends in Social Business

Posted by admin in McAfee on January 24, 2012

In “Six Social Media Trends for 2012”, David Armano explores the evolution of social media into social business. “Social media,” says Armano, “continues to move forward towards business integration.” According to Forrester’s Stephen Mann, the increasing ubiquity of mobile devices in enterprise environments is facilitating this trend. A joint Booz Allen/Buddy Media study found that 57% of businesses surveyed plan to increase social media spending. The study also showed that 38% of CEOs perceive social media as a high priority. These statistics point to increasingly mercantile applications of this mode of social expression, communication and bonding – social media is maturing as a business tool.

Below are two social business trends that offer attractive competitive and financial returns for a variety of attackers focused on mobile devices.

Convergence Emergence

According to Armano, merchants are developing creative ways to integrate social media with their product/service offerings. He cites a 2011 Domino’s pizza marketing campaign that posted customer feedback from social media on an electronic ticker in Times Square as an example where virtual interactions were translated to real-world presentations. This campaign led to a double-digit increase in sales and a refinement of their brand image.

The use of social media by merchants to promote the perception of their brand could be targeted by hacktivists with a social agenda, or by hackers with financial goals. Over the holidays, I witnessed demonstrators picketing a major pet product retailer and protesting their alleged mistreatment of animals. If hackers aligned themselves with these protesters, they could launch social media campaigns designed to influence the perception of that chain. This trend also has privacy implications for consumers.

The market penetration enabled by commercial convergence is enhanced by the increasing influx of personal devices into the enterprise. According to Contos, “There will be more demand from both technical and business users wanting to bring their own devices, whether or not the company has authorized their use.” As was the case with one of my clients, uncontrolled connections between the corporate network and personal devices may provide an internal attack surface to cyber miscreants. Device management systems such as the McAfee Enterprise Mobility Management solution may help control the touch-points between these devices and organizational assets.

Gamification

“Game-like qualities,” says Armano, “are emerging within a number of social apps in your browser or mobile device.” Businessweek’s Rachael King authored an article discussing the use of games to train employees and improve the quality and effectiveness of their work experiences. “The trend, known as gamification, lets businesses weave elements of games into applications that otherwise have little to do with playing,” writes King.

According to a Gartner study, the goals of gamification are to “achieve higher levels of engagement, change behaviors and stimulate innovation.” This study highlighted the engagement drivers that impact the perspectives and choices made by the participants. These drivers rely on a reliable feedback mechanism consistent with game rules that reflect the corporate mission. Given the consumerization of IT, the application infrastructure that enables these games will support mobile devices.

The introduction of software applications to “gamify” business may lead to attacks targeting feedback mechanisms and the game rules. Imagine a worm that alters the rules of a training game or changes the way individuals are ranked. A more discreet attacker may design an application to gather information on the “gamified” business functions to inform a social engineering attack. For example, the game activity and rankings of key staff could be used to customize phishing attacks that incorporate aspects of corporate games.

These trends are but a glimpse of the challenges that can only be tackled through hybrid solutions developed by business and technical professionals. My 2012 contributions to the @McAfeeBusiness feed and the Security Connected blog will explore the application of this strategy.

Blog Central » Security Connected

2012, Business, Social, Trends

No Comments

Security Trends to watch out for in 2012

Posted by admin in Gdata on January 20, 2012

Over the next few weeks we will be posting our report of Security Trends to watch out for in 2012.

This report will include discussion on:

Mobile devices (smartphones and tablet computers)
Targeted attacks
Major events
Banking Trojans
Virtual currencies
Internet-capable consumer electronics (smart TVs and consoles)

Go Safe. Go Safer. G Data.

USA – G Data Software, Inc.

2012, Security, Trends, watch

No Comments

10 Security Predictions for 2012: Top Trends

Posted by admin in McAfee on December 30, 2011

With 2012 just a few short days away, it’s that time of year when, in the words of McAfee Labs’ Dave Marcus, we “dust off the crystal ball, put on our battered Mr. Wizard hat,” and speculate about what the new year has in store. McAfee Labs recently announced its 2012 threat predictions, to which I’d like to add some color, and throw in some observations of my own.

Attacks on Critical Infrastructure

We expect that the volume and sophistication of attacks focused on critical infrastructure – in particular electric, oil and gas, and chemical, will continue to rise in 2012, taking the form of extortion, Denial of Service, and targeted Stuxnet-like attacks. In an ever more networked world, the cyber vulnerabilities of critical infrastructure pose challenges to governments and owners and operators in every sector across the globe.

Threats to Mobile Devices

With increasing popularity, and use cases expanding beyond games and books to work-related tasks like banking, we are seeing more and more people trying to exploit mobile systems. Last month, McAfee Labs released its Q3 Threats Report, which showed that the Android mobile operating system solidified its lead as the primary target for new mobile malware. The amount of malware targeted at Android devices jumped nearly 37% since Q2, putting 2011 on track to be the busiest in mobile malware history. We expect this trend to continue into 2012, with more organizations leveraging Virtual Desktop Infrastructure solutions to sandbox organizations from users’ consumer devices.

Consumerization of IT

In 2012, we expect to continue to see an increased use in tablets for mobile computing, as well as an increased use of social media applications from mobile devices. There will be more demand from both technical and business users wanting to bring their own devices, whether or not the company has authorized their use. 35 different brands of tablets were released this year – it’s a huge and growing industry, and organizations are leveraging technology like virtualization, network access control, and solutions like McAfee Enterprise Mobility Management to adapt to this flood of new technology.

Social Media

Social media is already such an ingrained part of our personal lives, but it has now infiltrated even the depths of our businesses and organizations. Data loss prevention controls, firewalls, IPS, and the like will need to become more application aware in 2012 in order to allow organizations to continue to use social media from a business perspective. We are seeing more and more threats coming in through vehicles like Facebook and Twitter, and we expect to continue to see malware growth in this area, a threat that McAfee is taking very seriously.

McAfee’s Innovation Team has been working hard on a project to apply the concept of reputation from McAfee Global Threat Intelligence to social media systems, letting us probe sites like Twitter for malware-related concepts. On the horizon for 2012 are products using this data – for example, allowing bad tweets to be stripped out of your feed, and flagged in your Twitter reader.

Stealth Rootkits

We expect to continue to see an increase in malware and rootkits getting below the user space and into the kernel space, making it tough for most security controls to detect them. Rootkits will self-mutilate – when traditional anti-malware solutions look for malicious content, a rootkit doesn’t come up as looking like anything bad. But the malware is designed to reassemble itself so it can function. The system looks good, you back it up, and a few weeks later that machine you’re running is infected. You restore from what you thought was a good backup, but you restore with a rootkit that has reassembled itself.

Sometimes this means a whole rebuild and a new OS – one of the reasons why we are looking to move security down to the silicon level. Products like McAfee Deep Defender utilize McAfee DeepSAFE technology with Intel, to sit between the processor and the OS to help protect vital system software residing in the physical memory, providing a new view of the drivers and other software as they operate.

Hacktivism

In the past, financial gain served as the primary motivation behind cybercrime, but we’re seeing increased groups of hackers with other motivations. They are guided by economic, political, or religious interests that generally go beyond their nation’s borders. In 2011, hacktivist “groups” like Anonymous and Lulzsec grabbed a significant number of headlines, and we expect to see this trend continue into 2012. Especially since many of these groups have garnered publicity and notoriety for their cause, we expect that more individuals will decide to take this path.

Spearphishing and SQL Injection Attacks

As the easiest and most common ways to penetrate an organization, these types of attacks are effective and extremely prevalent. User awareness and reputation solutions will be used to combat these types of threats, as well as improved coding techniques and better database security controls.

Cyberwarfare

In 2012, we expect to see at least one major cyber security event similar to South Korea’s 10 Days of Rain attacks – a blatant attack from a nation state that will serve as a prelude to information warfare. Cybercrime has evolved from something of a hobbyist affair to a very professional activity, and is now being leveraged to increase a country’s political power. As the world enters a new period of tension, many countries have redirected their services toward a cyberwar strategy, and many states have not hesitated to put forward their expertise in this arena.

Connected Solutions

Here at McAfee, 2012 will continue to see a bringing together of network security, data, endpoint and security management. We’re looking for cohesive solutions – disparate parts that enrich each other with reputation information from McAfee Global Threat Intelligence, and pieces such as our acquisition of SIEM provider NitroSecurity, McAfee Risk Advisor, and security at the silicon level with McAfee Deep Defender. We will be bringing all of these pieces together, making them all much more relevant and central to the business.

Security is becoming more about business enablement and risk mitigation, as evidenced by the recent Disclosure Guidance on Cybersecurity issued by the SEC – a big step towards the widespread realization that for many orgs, IT and the business are one.

Optimized Security Strategies

Going into 2012, we will need to stop narrowing our focus on just stopping bad things from happening – we need to also focus on improving other business units to support this goal. For example, reducing the overhead for an organization’s help desk, and integrating IT and security as early on as possible. We need to see security as a business enabler that will allow us to take advantage of new market opportunities, without taking on inflated levels of risk.

What are your thoughts on this list – anything trends for 2012 that you would add or take away? Let us know here in the blog, or on Twitter at @McAfeeBusiness, where we regularly update our followers on McAfee news, happenings and events.

Blog Central » Security Connected

2012, Predictions, Security, Trends

No Comments

10 Security Predictions for 2012: Top Trends

Posted by admin in McAfee on December 16, 2011

With 2012 just a couple of short weeks away, it’s that time of year when, in the words of McAfee Labs’ Dave Marcus, we “dust off the crystal ball, put on our battered Mr. Wizard hat,” and speculate about what the new year has in store.

Attacks on Critical Infrastructure

Threats to Mobile Devices

Consumerization of IT

Social Media

Stealth Rootkits

Hacktivism

Spearphishing and SQL Injection Attacks

Cyberwarfare

Connected Solutions

Optimized Security Strategies

Blog Central » Security Connected

2012, Predictions, Security, Trends

No Comments

Antivirus Reviews

Trends Antivirus

Emerging Trends in Healthcare Security: Join @McAfeeBusiness For #SecChat Thursday 2/23

6 Trends for 2012: @McAfeeBusiness January #SecChat Recap

Mobile Devices: Security Trends to watch out for in 2012

This article is part of our “Security Trends to watch out for in 2012″ series.

Security Trends to watch out for in 2012

Over the next few weeks we will be posting our report of Security Trends to watch out for in 2012.

10 Security Predictions for 2012: Top Trends

10 Security Predictions for 2012: Top Trends

Recent Posts