A recap of the past week's IT security news features Google's attempts to clean up search, mobile security concerns and the latest data breach survey from the Ponemon Institute.
Data breaches, mobile security and malicious links in Google search seemed
to be on everyone's mind this week.
Hours after the devastating earthquake in Japan,
cyber-criminals had already poisoned the search results for "most
recent earthquake in Japan
." The malicious links directed users to a
fake antivirus page. By midday, it
appeared that pages referencing the SEO poisoning had bumped down the malicious
links, but Trend Micro researchers predicted there will be further attempts to
push the malicious links further up on search results pages.
The latest attempt to pollute Google's search results came less than a day
after Google rolled out a new tool that will allow users to block
from appearing in search indexes. The option is the latest
in a string of moves by the search giant to block unsavory or unwanted content
to cut down on search spam.
Everyone was buzzing about the annual data
breach survey from the Ponemon Institute
that pegged the average cost of
data breaches at $7.2 million in 2010. If that number wasn't startling enough,
the researchers from the Ponemon Institute found that moving quickly on the
data breach actually drove up costs. Apparently, companies should move slowly
and take the time to thoroughly investigate the breach before notifying their
It was the week for data security surveys, indicating an increase in the
number of malvertisements
or malicious advertisements, served up by third-party ad networks. In 2010,
there were over 3 million impressions of the type of malware that affected users'
experience on the London Stock Exchange.
The Internet is getting to be more dangerous, and the users are complaining.
The FTC reported an increase in the number of online fraud complaints in 2010,
noting that there were more people complaining about identity theft, buying
things online and not getting what was advertised, or about malware, adware and
spyware. In previous years, the FTC had noticed more disputes about not being
able to cancel accounts with Internet service providers or other online services.
Mobile security was also a big concern, with companies thinking about
securing user devices as well as company-issued mobile devices to ensure
corporate networks and data remain safe. This was even more of a concern after
Trend Micro researchers reported finding a mobile Zeus variant for BlackBerry
phones last week.
Even with CIOs and technology professionals expressing concerns about future
data breaches and outside attacks, a poll of RSA
Conference attendees in February conducted by Ipswitch File Transfer found that
a significant number of them hadn't actually implemented existing best
practices to ensure proper data security.
It was an exciting week, too, for attendees at CanSecWest in Vancouver,
British Columbia, who watched security
researchers attempt to compromise the four major Web browsers and four major
mobile platforms. All the ones that researchers attempted to breach-the Safari
browser for the Mac OS X, Internet Explorer 8, Apple iPhone and RIM's
BlackBerry-fell as a result of various vulnerabilities in WebKit and drive-by
exploits. The others-Google Chrome, Mozilla Firefox, Windows Phone 7 and Google
Android-survived by default because none of the attending researchers had found
an exploit to take advantage of.
Perhaps the bug bounty programs that Google and Mozilla have in place are
working out very well.