CyberNation » Uncategorized Israeli Security News Fri, 08 Aug 2014 03:49:24 +0000 en-US hourly 1 Facebook remains criminals’ favorite Wed, 09 Jul 2014 08:11:50 +0000 Facebook has been keeping its status as a favorite with Internet criminals whose specialty is to still social media accounts, reveals Kaspersky Labs. In the first quarter 2014, 10.85% of sites the security firm spotted were ones who were disguised as the popular social network. Out of the total sites (In any category, not just social media sites), Yahoo fakes were the only one who created more phishing alerts.

It turns out that fake Facebook pages can now be found in a host of languages: English, French, Portuguese, Italian, Turkish, Arabic and many more. Unauthorized access to Facebook accounts or to any other social media network may be used to send a malicious code or phishing links. Net criminals also use stolen accounts to send spam to the afflicted contact list and to post spam on friends’ walls. Another use is sending out messages asking friends for emergency financial aid. Hijacked accounts can also be used to gather information about sole users towards a focused attack in the future.

Smartphone and tablet owners who visit social network sites from their mobile devices are also in the danger of personal information theft. It appears that in some of the mobile web browsers tend to hide the site’s URL upon visiting sites, a fact that makes it hard on the users to spot fake sites.

“Net criminals have developed some ways to lure their victims into pages with phishing content. They send out links to phishing pages through Email or social networks, use banners stationed in content of external advertisers. Victims are often tempted by some ‘interesting content’ that is promised, and when users follow a published link, they arrive into a fake page asking them to fill in details before watching a page. If the user enters his or hers details, his information passes on directly to those criminals”, explains Nadza Demidova, web content analyst in Kaspersky Labs.

]]> 0
Israel is testing its Cyber defense Tue, 24 Jun 2014 14:55:03 +0000 The National Cyber Skirmish conducted by the national Cyber Bureau, is a stepping stone in the bureau’s capabilities and operations. People and Computers discovered that the skirmish, ‘Magic Cycle 1′, reflects the completion of the second phase in the building of the Israeli cyber defensive structure.

The first phase is dated back to December 2011, when the government approved Dr. Evyatar Matanya as the head of the national Cyber Bureau (NCB). The NCB’s role is to build an inter organizational joint venture, between both civil and security agencies, to take care of the matter.

The Exercise tested the key factors in the government’s preparations for dealing with a significant cyber event in the state level. People and Computers learned that during this passing year the NCB was making efforts to build a central command center in Beer Sheva – using a Computer Emergency Response Team (CERT) – a team that will supply immediate response to cyber security events in government organizations. The center is called CRIST -Computer Security Incident Response Team.

The Skirmish was part of a comprehensive program formulated by the NCB, which includes exercises in the national, sectoral, and international scales. The exercises are meant to test the cooperation between the various parties, including security units, the Ministry of National Infrastructure, Energy and Water, the Bank of Israel and Communications agencies both in the government and the IDF. The drill was focused on decision making at the state level, and it supplied much needed practice for senior staff, In order to further enhance the awareness for the need of mechanisms that deal with cyber events of national scale.

Dr. Matanya told the participants of the drill that “we must be prepared for every and any scenario. We’ll keep exercising the relevant agencies and organizations to raise the level of Israel’s readiness in this complex and ever changing reality.”


]]> 0
“The Focus of attack is shifting” Tue, 24 Jun 2014 14:34:31 +0000 “The main occurrences of cyber attack based thefts will continue to be from Financial institutes that have not raised their level of defense to one that is capable of bypassing simple attacks. Keeping that in mind, the focus is shifting towards valued information, far from the financial sector. There will be more attacks in Organization with production floors”, Said Amit Meltzer, a senior cyber defense advisor.

Meltzer spoke during an event of the CISO forum, Organized by People and Computers. The event was hosted by Avi Weisman, CEO of SEE Security.

Meltzer talked about different aspects and trends in the information security field: “The political climate is still friendly for cyber attacks – International legislation against cyber crimes made progress but isn’t perfect as of yet, and there are countries where the criminals can act from without much intrusions. Those countries are keeping a blind eye on such activities as long as they can use the criminals for espionage.”

He gave an interesting look on the face of current cyber attacks: “There is a development in so called ‘Dark Economy’. These criminal based transactions and infrastructure offer whoever wants to buy attack kits and develop advanced attack methods relatively fast, attacks that are going unnoticed.

He also said that “The attacks will intensify rapidly and in conjunction with the progress of the ‘internet of things’, a trend that makes the environment filled with threats. Those threats are not just IT-related and require a broader kind of thinking. There is a trickle down of cyber attack products from the high end market to a more larger audience, products that are being bought and sold in illegal websites in prices ranging from 100$ to 1,500$.

Meltzer spoke about the Israeli Market, revealing it has less value for high profile cyber criminals, for a few reasons: “Its size, making the motivation to attack Israel more nationalistic than criminal. Israel is also the backyard for many of the attacking organizations, and you don’t Defecate where you eat, sort of speak. The Hebrew language is a reason, but not a major one.”

“In order to avoid cyber attacks, there needs to be changes in the defensive processes, adding more technologies. The only way to counter attacks, is merging organizations centers into one center, with a joint working process. Also, without giving the security personnel access to critical processes, the latter will be hard to defend. The methodology is to protect the core assets instead of identifying the attacker. The business is more important that chasing the criminals”, concluded Meltzer.

]]> 0
Privacy? What’s that? Tue, 24 Jun 2014 14:23:12 +0000 Social media produces some very interesting paradoxes when it comes to privacy, it was revealed in a research done by EMC.

15,000 people from 15 different countries in the world took part in a survey, and among the results was that while 91% claimed that they prefer easier access to information and Knowledge via the Internet, only 27% of consumers are ready to sacrifice their privacy.

The survey also showed that only 41% of people, “believe government is committed to protecting their privacy”. Another interesting result that was quoted by EMC is that “A large majority of respondents (81%) expect privacy will decrease in the next five years.”

As far as cyber is concerned – “85% of respondents value ‘the use of digital technology for protection from terrorist and/or criminal activity; however, only 54% say they are willing to trade some of their privacy for this protection”.

Compared to a year ago, 59% of global respondents feel they have less privacy now. The US and Brazil, with 70% and 71% respectively, were the highest percentage countries with respondents who feel they have less privacy now. France, on the other hand, is the only country where a majority of respondents did not agree that they have less privacy now than they did a year ago. 81%, a large majority of respondents, expect privacy to decrease in the next five years.

Jeremy Burton, President of the Products and Marketing division in EMC Information infrastructure, said that: “Individuals need to know that their data not only is secure, but that its privacy is protected. The Privacy Index reveals a global divergence of views around these critical issues of our time, and a warning call that responsibility for transparency, fairness, safe online behavior and trustworthy use of personal data must be shared by business, governments and individuals alike.”

]]> 0
Government sites suffer rise in attacks Tue, 24 Jun 2014 08:44:11 +0000 Nearly 4,000 IT managers across 27 countries took part in a recent survey conducted by Kaspersky Lab, that has not only found that targeted attacks on the rise year-over-year, but also identified the business sectors most likely to be targeted Globally,

A recent survey by Security firm Kaspersky Labs revealed that the rate of targeted attacks reported within the Government and Defense sector was the highest – 18%, a significant high figure over the global average of 12%, a figure reported across all business sectors.

The data across all business sectors shows that targeted attacks can be found in all business segments, and at a higher-than-average rate, including the Telecommunications industry where 17% of businesses reported such attacks, and the financial services and transportation and logistics sectors, both reporting a 16% rate of targeted attacks.

The survey responses also shows that the overall number of targeted attacks is increasing. The 12% figure in 2013 has risen from the 9% global average reported a year before.

“Perhaps unsurprisingly, 94% of companies reportedly encountered at least one externally-sourced data security incident within the past 12 months, including phishing attacks, DDoS attacks, and theft of mobile devices. In 28% of these instances, business reported the loss of sensitive business data”, the Kaspersky report stated.

A “targeted attack” typically consists of several malicious components that operate in tandem to bypass an organization’s security measures, infect machines, and steal sensitive data.

]]> 0