A very interesting week with significant implications for everyone. The spear-phishing attack is certainly a wake-up call, a hack in the U.K. could happen anywhere and mid-size companies appear to be the current target. However, perhaps of greatest concern could be the impact of the H1N1 virus upon the Internet and for those doing business in the U.S. a possibility for additional controls relative to the Internet.
The DHS Daily Open Source Infrastructure Report (DHS) covers the publicly reported material for the preceding day(s) not previously covered. This weekly summary provides a selection of those items of greatest significance to the InfoSec professional.
Should you not be aware of even one of the items discussed below it would be wise to familiarize yourself with it. The headline above each entry will take you directly to the DHS report which presented the item for ten business days from the date of inclusion. The Source link will take you to the original source cited by DHS.
Week Ending: Friday, October 30, 2009
Is it possible your firm is one suffering from this vulnerability?
37. October 22, DarkReading – (International) Major secure email products and services miss spear-phishing attack. A spear-phishing experiment conducted during the past few days by a researcher has netted some disturbing results: Most major enterprise email products and services were unable to detect a fake LinkedIn invitation on behalf of a very well known philanthropist which landed successfully in users’ inboxes. Source: http://www.darkreading.com/insiderthreat/security/app-security/showArticle.jhtml?articleID=220900191
Could such a hack happen to your firm?
40. October 26, IDG News Service – (International) Guardian jobs site falls victim to ‘sophisticated’ hack. A major U.K. newspaper has notified 500,000 people that details they posted to the newspaper’s employment site may be in the hands of hackers. Source: http://www.networkworld.com/news/2009/102609-guardian-jobs-site-falls-victim.html?hpg1=bn
Suffering Internet performance issues? It could be due to the H1N1 virus!
40. October 27, Washington Post – (National) Internet networks unable to handle H1N1 telework traffic: GAO. As concerns rage over the spread of the H1N1 flu, a federal report showed that a pandemic that would keep millions of Americans at home could also overload Internet networks. Source: http://voices.washingtonpost.com/posttech/2009/10/as_concerns_grow_over_the.html
Midsize companies seem to be the target. Are you at risk?
38. October 28, CNET – (International) More security breaches hit midsized companies. More midsized companies are being attacked by cybercriminals at the same time they are spending less on security, says a McAfee report released on October 28. Source: http://news.cnet.com/8301-1009_3-10384916-83.html
Federal standard for reporting data breaches? No matter where you stand on the issue, this is a matter of concern!
12. October 28, Nextgov – (National) Federal, industry reps call for national standards to report data breaches. The Homeland Security Department should establish a national standard to encourage companies and individuals to report data breaches to federal authorities, helping them gauge the intensity of cyberattacks and investigate cybercrime, security professionals said on October 28. Source: http://www.nextgov.com/nextgov/ng_20091028_3572.php?oref=topnews
Note: The DHS only maintains the last ten days of their reports online. To obtain copies of earlier reports or complete summaries, go to: