Web Browsers Under Siege From Organized Crime 168
An anonymous reader writes "IBM has released the findings of the 2007 X-Force Security report, a group cataloging online-based threat since 1997. Their newest information details a disturbing rise in the sophistication of attacks by online criminals. According to IBM, hackers are now stealing the identities and controlling the computers of consumers at 'a rate never before seen on the Internet'. 'The study finds that a complex and sophisticated criminal economy has developed to capitalize on Web vulnerabilities. Underground brokers are delivering tools to aid in obfuscation, or camouflaging attacks on browsers, so cybercriminals can avoid detection by security software. In 2006, only a small percentage of attackers employed camouflaging techniques, but this number soared to 80 percent during the first half of 2007.'"
Re:Explains the odd attempted breakins.. (Score:5, Informative)
original report (Score:3, Informative)
Re:If you know there's a hole . . . (Score:1, Informative)
Re:Explains the odd attempted breakins.. (Score:5, Informative)
Re:Explains the odd attempted breakins.. (Score:5, Informative)
It will automatically detect and block the attackers and optionally add them to a gobal block list.
This does not surprise me at all... (Score:3, Informative)
Some people believe the largest botnets out there are ones built with the Storm Worm or other similar exploits. My bet would be that there are plenty larger out there, undetectable because they hide behind rootkits and don't do stupid stuff like turn the box into a spam cannon. And for people who think that the C&C (Command and Control) would be detected, think again: if a rootkit can conceal a file then it can also conceal a process, a named pipe, an interrupt handler, you name it.
Re:That's not the worst of it. (Score:3, Informative)
If you are paranoid like me you will have already called one of three major credit companies (not the free score but Equifax, Experian, or TransUnion) and put a freeze on your credit every 90 days with a fraud alert. Or you can pay one of their subsidaries a monthly fee for any notifications via email or SMS of any changes or requests in your credit (yeah it kind of feels like I'm paying them to solve a problem that is their fault).
On the downside you won't be able to get new credit lines easily while your account is locked so do this after you get your mortgage or car loan. On the upside... No one can do anything with your information without causing some major red flags. Also it seems that the junk mail has ceased.
Just a suggestion for those paranoid types.
... which is why it's a good idea to ... (Score:4, Informative)
Re:That's not the worst of it. (Score:3, Informative)
I call BS on this one. I've done a couple of POS implementations for restaurants and all they all used WPA encryption on the devices and the access points were setup to only accept connections from a pre-defined list of MAC addresses. Ya ya, MAC addresses can be spoofed but it is going to take an attacker a long time to hit a restaurant wireless network. The majority of restaurants still swipe the card at the hard wired terminal anyway. The restaurant industry has been dealing with confidential credit card information for a long time. The major POS vendors are up to date on what it takes to keep the data safe.