Thursday, May 14, 2009

Security Awareness Thoughts & McAfee Threats Report Summary

As always my colleagues and  I monitor the global security landscape and how it affects our organization. McAfee one of the most well known virus protection software companies has recently released their first quarterly report for 2009. “McAfee Threats Report: First Quarter 2009

To summarize the report goes into the types of threats that are prevalent on the Internet and has some predications as to what may come and when. Although I don’t expect everyone to read the article I wanted to share some of its insights.

  1. They have detected nearly twelve million new IP addresses operating as “zombies,” computers under the control of spammers and others.
  2. It is now apparent that cybercriminals will attack any target of opportunity they can find including targets in their own Country.
  3. Spam as a percentage of all email sent has fallen bellow 90% for the first time since 2006 due to the shutdown of the Web hosting service provider McColo. However they fully expect spam volumes to regain their 2008 levels.
  4. Although Conficker was more media hype than threat it still infected a large number of systems worldwide.

My concern with the last point is that the unfulfilled hype undermines the credibility of threats in general and there are a number of threats that did not gain media publicity however infected more systems and pose a larger security threat in general.

I’d also like to add that today’s malware is more difficult to detect, and that undetected threats are possible. Looking at the “Failures in Detection (Last 24 Hours)” graph on’s Statics page you will gain a scary piece of knowledge. For a single 24 hour period (5/14/2009) 50936 infected files where scanned. Out of them only 360 where detected by all of the 39 antivirus engines they utilize.  There is a very significant statement in these numbers: “Not one Virus protection software package detects all known Viruses.”

So what does this all mean to an Organization? Simple, you need to be very aware of the possibility of security threats including viruses and malicious applications as well as attacks. You must be observant to any abnormal behavior in system activity and react quickly as to minimize its affect. I’m sure if you monitor incoming traffic from your network by IDS or simple Firewall logs you will notice traffic that is not quite right. For example traffic coming from Asia when you know you don’t have any clients outside of the USA. You may even notice some brute force attacks or some other attempt at breeching your security in server logs.

Do yourself and your organization a favor if you experience any weird behavior on your desktop or laptop, please take the precaution of disconnecting it from the network immediately and then contact your Information Security team. If you’re part of your organization’s Info Sec Team then you’re more then aware of the ramifications of having some malicious software reeking havoc on your network. You need to educate your company on the likely possibility of threats and the immediate actions they should take. Develop a strong incident response plan that is endorsed at the corporate level. This way you have the authority to react quickly.

I hope this article was useful to you and as always if you have any comments or suggestions I’d be happy to hear from you.

No comments:

Post a Comment