- Email: [email protected]
Phishing down, Zeus up
CALENDAR ...Continued from page 2 The Black Hat 2010 archives can be found at: The Defcon 18 archives can be found at:
Did malware cause Spanair crash?
R
eports that malware contributed to the 2008 crash of Spanair flight 5022 have greatly overstated the case. The malware did not bring down the MD-82, which crashed shortly after take-off from Madrid and resulted in 154 deaths. But the case may emphasise the dangers of over-reliance on computer systems.
Authorities in Spain say they have determined that a head office computer that is responsible for logging and monitoring technical faults on the company’s aircraft was affected by a trojan. They haven’t yet revealed exactly how this affected the computer’s operation (a full report is due in December). The aircraft rolled and crashed after take-off. The US National Transportation Safety Board – which usually gets involved in the investigation of any crash involving US-manufactured aircraft – produced a preliminary report stating that flaps and slats normally used for take-off were not deployed. This was pilot error. The pilots were not warned because a fault in the aircraft meant that the warning system was not receiving power. All airlines have a process of reporting technical faults (known as ‘squawks’). This was the third time this problem had occurred with this aircraft and, normally, the head-office computer would have raised an alarm that would have meant a grounding until the problems were rectified. Somehow, the faults were not communicated to those responsible for dispatching and flying the aircraft. In fact, some reports state that the faults were not entered on the computer system until after the crash. This raises questions about the value of a centralised squawks database and also about the airline’s dispatching processes,
20
Network Security
given that the aircraft had a known, recurrent problem. Automatic alarms are generally provided only as a backup to manual procedures. So this was a failure in processes rather than technology – and, indeed, a mechanic and an airport maintenance chief have been indicted as part of the investigation.
Phishing down, Zeus up
T
he number of phishing attacks is falling, says Internet security firm Internet Identify (IID). But this is due in part to a switch to Zeus-based malware attacks and a greater focus among phishers on specific target sectors.
IID’s ‘Second Quarter Phishing Trends Report’ for 2010 shows a 10% drop compared with the same quarter in 2009. The firm puts some of this down to the Avalanche group, which was responsible for two-thirds of phishing activities in the second half of 2009, having switched its efforts to distributing Zeus malware and botnet building. Others have stepped in to fill the gap a little. Phishing attacks not originating from Avalanche increased by 12%. Phishing attacks aimed at e-commerce, gaming, web services and social networking sites also increased, and so did the proportion of phishing attacks that targeted the US, although it was already in first place. Canada moved up from seventh place to second. Phishing attacks that involved spoofing bank websites accounted for half of all attacks, although this was down from 60% in 2009. “While significant strides have been made in fighting phishing, cybercriminals are continuing to invent new methods for their attacks,” said IID president and CTO Rod Rasmussen. “This has become apparent with the most prolific phishers we’ve ever tracked now concentrating almost solely on the distribution of Zeus malware – with great effect. However, it’s imperative that organisations keep their phishing guard up in the coming months, because we’ve seen plenty of new phishing campaigns launched against an even wider range of target organisations.”
EVENTS CALENDAR September 7-9 SecureComm 2010 – 6th international ICST conference on security and privacy in communication networks Location: Singapore Web: www.securecomm.org/
September 14 VizSec 2010 – Symposium on Visualization for Cyber Security Location: Ottawa, Canada Web: www.vizsec2010.org/
September 14-16 NSA Trusted Computing Conference and Exposition Location: Orlando, Florida, US Web: www.ncsi.com/nsatc10/index.shtml
September 19-27 SANS Network Security 2010 Location: Las Vegas, Nevada, US Web: http://bit.ly/CSSeventsSANS2010
September 21-22 The Summit on IT Governance, Risk and Compliance Location: Boston, US Web: http://bit.ly/CSSeventsMisti
September 23-24 STM’10 – The 6th International Workshop on Security and Trust Management Location: Athens, Greece Web: www.isac.uma.es/stm10/
September 27-29 6th Annual IT Security Automation Conference Location: Baltimore, US Web: scap.nist.gov/events/
August 2010
Did malware cause Spanair crash?
R
eports that malware contributed to the 2008 crash of Spanair flight 5022 have greatly overstated the case. The malware did not bring down the MD-82, which crashed shortly after take-off from Madrid and resulted in 154 deaths. But the case may emphasise the dangers of over-reliance on computer systems.
Authorities in Spain say they have determined that a head office computer that is responsible for logging and monitoring technical faults on the company’s aircraft was affected by a trojan. They haven’t yet revealed exactly how this affected the computer’s operation (a full report is due in December). The aircraft rolled and crashed after take-off. The US National Transportation Safety Board – which usually gets involved in the investigation of any crash involving US-manufactured aircraft – produced a preliminary report stating that flaps and slats normally used for take-off were not deployed. This was pilot error. The pilots were not warned because a fault in the aircraft meant that the warning system was not receiving power. All airlines have a process of reporting technical faults (known as ‘squawks’). This was the third time this problem had occurred with this aircraft and, normally, the head-office computer would have raised an alarm that would have meant a grounding until the problems were rectified. Somehow, the faults were not communicated to those responsible for dispatching and flying the aircraft. In fact, some reports state that the faults were not entered on the computer system until after the crash. This raises questions about the value of a centralised squawks database and also about the airline’s dispatching processes,
20
Network Security
given that the aircraft had a known, recurrent problem. Automatic alarms are generally provided only as a backup to manual procedures. So this was a failure in processes rather than technology – and, indeed, a mechanic and an airport maintenance chief have been indicted as part of the investigation.
Phishing down, Zeus up
T
he number of phishing attacks is falling, says Internet security firm Internet Identify (IID). But this is due in part to a switch to Zeus-based malware attacks and a greater focus among phishers on specific target sectors.
IID’s ‘Second Quarter Phishing Trends Report’ for 2010 shows a 10% drop compared with the same quarter in 2009. The firm puts some of this down to the Avalanche group, which was responsible for two-thirds of phishing activities in the second half of 2009, having switched its efforts to distributing Zeus malware and botnet building. Others have stepped in to fill the gap a little. Phishing attacks not originating from Avalanche increased by 12%. Phishing attacks aimed at e-commerce, gaming, web services and social networking sites also increased, and so did the proportion of phishing attacks that targeted the US, although it was already in first place. Canada moved up from seventh place to second. Phishing attacks that involved spoofing bank websites accounted for half of all attacks, although this was down from 60% in 2009. “While significant strides have been made in fighting phishing, cybercriminals are continuing to invent new methods for their attacks,” said IID president and CTO Rod Rasmussen. “This has become apparent with the most prolific phishers we’ve ever tracked now concentrating almost solely on the distribution of Zeus malware – with great effect. However, it’s imperative that organisations keep their phishing guard up in the coming months, because we’ve seen plenty of new phishing campaigns launched against an even wider range of target organisations.”
EVENTS CALENDAR September 7-9 SecureComm 2010 – 6th international ICST conference on security and privacy in communication networks Location: Singapore Web: www.securecomm.org/
September 14 VizSec 2010 – Symposium on Visualization for Cyber Security Location: Ottawa, Canada Web: www.vizsec2010.org/
September 14-16 NSA Trusted Computing Conference and Exposition Location: Orlando, Florida, US Web: www.ncsi.com/nsatc10/index.shtml
September 19-27 SANS Network Security 2010 Location: Las Vegas, Nevada, US Web: http://bit.ly/CSSeventsSANS2010
September 21-22 The Summit on IT Governance, Risk and Compliance Location: Boston, US Web: http://bit.ly/CSSeventsMisti
September 23-24 STM’10 – The 6th International Workshop on Security and Trust Management Location: Athens, Greece Web: www.isac.uma.es/stm10/
September 27-29 6th Annual IT Security Automation Conference Location: Baltimore, US Web: scap.nist.gov/events/
August 2010