A recap of the past week's IT security news features Osama bin Laden-related scams, new Mac OS X malware, and continued fallout from the Sony PlayStation Network breach.
The news that a United States Navy SEAL operation had killed
Osama
bin Laden in a fortified luxury home in Abbottabad, Pakistan on May 1 dominated
headlines the past week. All the major search engines, Yahoo, Bing, and Google,
exploded with the volume of bin Laden-related queries as people turned to the
Internet for the latest information. Scammers took advantage of the intense
curiosity to poison search engine results with links to malware-laden pages. Links
to fake antivirus software were the most common. To tap into people's desire to
see images and video, scammers put up pages promising the video of the actual
operation, which pushed fake codec files. Malicious videos on Facebook also
went viral.
The news regarding the data breach of the PlayStation
Network and Qricoity music and video service remained grim. Consumers were
angry about the lack of communication and lawmakers were demanding answers. Sony
executives tried to smooth over the backlash by issuing a formal apology at a
press conference in Tokyo.
Sony
Computer Entertainment chairman Kazuo Hirai, and two other senior executives
formally bowed for "causing great unease and trouble to our users."
Shortly after that apology, Sony admitted that during the
course of its investigation into the PSN data breach, it discovered its gaming
service, Sony Online Entertainment, had also been compromised, bringing the
tally of affected customers up to 101 million. Sony also blamed hacktivist
collective Anonymous for distracting its network administrators with its
distributed-denial-of-service attacks, since the data breach occurred around
the same time. However, a professor at Indiana's Purdue University testified at
a
Congressional
hearing that Sony was running obsolete Web server software and had no
firewall protecting PSN.
This week also saw some of the first pieces of malware specifically
targeting users on the Mac OS X platform. Fake antivirus software has long been
a problem on Windows systems, and this week, several researchers reported
MACDefender,
a fake antirivus specifically designed to run on the Mac. The rogue software
looks like a legitimate Mac program, which helps trick users.
Along with the fake antivirus, several security researchers reported
there was a
crimeware
kit targeting Mac OS X for sale on underground forums. The toolkit allows
anyone to put together a malicious site using forms very similar to the ones
used by the Zeus and Spyeye Trojans.
Several recent research reports painted a depressing picture
of the current state of security. An Amplitude Research report found that network
administrators were very worried about potential data breaches and the risks
associated with employees using social media and the of personal mobile devices
in the workplace. A Unisys report found that Americans were more anxious about
all areas of security, including financial, online, national and personal. Finally,
a
Ponemon
Institute report found that cloud providers don't think it's their primary responsibility
to be securing customer data on their infrastructure. Combining the findings of
this report with last year's report in which cloud users claimed ensuring their
data was protecting in the cloud wasn't their responsibility either, it was clear
that no one was stepping up to the job.
The week ended with Microsoft announcing a teeny tiny Patch
Tuesday for May 10, with only two security bulletins. One bulletin is expected
to address bugs in Microsoft Office and the other in Windows Server operating
systems. The small May release follows the company's largest ever update in
April.
Email
Print
