A recap of the past week's IT security news features continued MacDefender activity, attacks on three defense contractors and phishing attacks targeting Web-based e-mail accounts.
May 2011 is the month Apple and its legion of Mac users were
forced to acknowledge that there was nothing natively secure about the Mac OS X
when it came to malware. In response, Apple rolled out its promised MacDefender
The tool was actually an updated File Quarantine, a little
known feature in Snow Leopard, which works in ways similar to an antivirus
application. File Quarantine lists all the file definitions of what software
should not be allowed on the Mac, and Apple tweaked it so that it can
automatically update its definitions once a day. Sounds like an antivirus package.
The thing is, cyber-criminals are, if nothing else, quick to
adapt. Less than 12 hours after Apple released the removal tool, there was a
new MacDefender variant that could get through File Quarantine. Apple updated
the definitions. And yet another version came out Friday. Apple countered with
a yet another update.
It's a game of cat and mouse, and right now Apple is just
trying to keep up.
Speaking of cat and mouse, the developers behind the Android
malware DroidDream were back this week with a new version, dubbed DroidDream
. Despite the name, there was nothing "less" about the damage this
particular variant could cause. Google immediately removed 26 apps from its
official Android Market containing the malware. For the most part, the apps
were all copies of legitimate apps that had the malicious code grafted on.
Web-based e-mail services also came under attack. Google
claimed several of its high-profile
Gmail user accounts
, including those of government officials, had been hit
by a successful phishing attack. The company claimed the attacks originated
from China, even though the country vehemently denied it. Trend Micro noticed
that similar phishing attacks had hit several Hotmail
and Yahoo Mail
accounts recently, as well.
The scariest-attack-of-the-week award actually goes to those
unknown cyber-attackers that apparently breached networks of not one, but three,
major defense contractors towards the end of May. Lockheed
Communications and Northrop Grumman
all shut down remote access to their
networks without warning. Apparently, attackers used cloned SecurID tokens to
trick the networks into letting them logon to the network remotely.
There's been a lot of debate over what exactly was stolen
from RSA Security and whether that meant SecurID was compromised. While RSA
Security is still not publicly discussing what was stolen, it does seem that if
defense contractors were compromised, then relying on SecurID for the
enterprise's two-factor authentication needs might not be the best security
decision to make.
To be fair, it's not really clear whether Northrop Grumman
was compromised using SecurID.
Next week, companies descend on New York City for Cloud
Expo. A lot of cloud security announcements are expected to come out of the show. This will occur just in time, according to a McAfee
and Brocade report
released this week because organizations are beginning
to think about virtualization-specific security technology to defend their
cloud applications and infrastructure. Approximately 26 percent were the most
worried about targeted attacks against their virtualized infrastructure and 24
percent said security breaches were their biggest concern.