Osama Bin Laden, Mac Malware, Sony Lead Week's Security News
The news that a United States Navy SEAL operation had killed Osama bin Laden in a fortified luxury home in Abbottabad, Pakistan on May 1 dominated headlines the past week. All the major search engines, Yahoo, Bing, and Google, exploded with the volume of bin Laden-related queries as people turned to the Internet for the latest information. Scammers took advantage of the intense curiosity to poison search engine results with links to malware-laden pages. Links to fake antivirus software were the most common. To tap into people's desire to see images and video, scammers put up pages promising the video of the actual operation, which pushed fake codec files. Malicious videos on Facebook also went viral.
The news regarding the data breach of the PlayStation Network and Qricoity music and video service remained grim. Consumers were angry about the lack of communication and lawmakers were demanding answers. Sony executives tried to smooth over the backlash by issuing a formal apology at a press conference in Tokyo. Sony Computer Entertainment chairman Kazuo Hirai, and two other senior executives formally bowed for "causing great unease and trouble to our users."
Shortly after that apology, Sony admitted that during the course of its investigation into the PSN data breach, it discovered its gaming service, Sony Online Entertainment, had also been compromised, bringing the tally of affected customers up to 101 million. Sony also blamed hacktivist collective Anonymous for distracting its network administrators with its distributed-denial-of-service attacks, since the data breach occurred around the same time. However, a professor at Indiana's Purdue University testified at a Congressional hearing that Sony was running obsolete Web server software and had no firewall protecting PSN.
This week also saw some of the first pieces of malware specifically targeting users on the Mac OS X platform. Fake antivirus software has long been a problem on Windows systems, and this week, several researchers reported MACDefender, a fake antirivus specifically designed to run on the Mac. The rogue software looks like a legitimate Mac program, which helps trick users.
Along with the fake antivirus, several security researchers reported there was a crimeware kit targeting Mac OS X for sale on underground forums. The toolkit allows anyone to put together a malicious site using forms very similar to the ones used by the Zeus and Spyeye Trojans.
Several recent research reports painted a depressing picture of the current state of security. An Amplitude Research report found that network administrators were very worried about potential data breaches and the risks associated with employees using social media and the of personal mobile devices in the workplace. A Unisys report found that Americans were more anxious about all areas of security, including financial, online, national and personal. Finally, a Ponemon Institute report found that cloud providers don't think it's their primary responsibility to be securing customer data on their infrastructure. Combining the findings of this report with last year's report in which cloud users claimed ensuring their data was protecting in the cloud wasn't their responsibility either, it was clear that no one was stepping up to the job.
The week ended with Microsoft announcing a teeny tiny Patch Tuesday for May 10, with only two security bulletins. One bulletin is expected to address bugs in Microsoft Office and the other in Windows Server operating systems. The small May release follows the company's largest ever update in April.