DSD's top 4 infosec strategies now mandatory for Australia government
The Australian Defence Signals Directorate has made its top four information security mitigation strategies mandatory for all Australian government agencies. Its top 35 strategies were updated in October last year, seeing very little change among the top four that it had marked as "essential".
These four strategies are employing application whitelisting, patching applications, patching operating system vulnerabilities, and minimising the number of users that have administrative rights. At the time of the last update to the strategies list, it states that 85 percent of all intrusions it dealt with in 2011 could have been mitigated had the top four strategies been followed.
The choice to make the top four mandatory stems from an update to the Australian government's Protective Security Policy Framework (PSPF). The PSPF has three core mandatory tenets covering the confidentiality, integrity, and availability of data. To achieve these requirements, it has set out seven "Infosec" requirements.
In particular, Infosec 4 requires that all agencies document and implement procedures and measures to protect their systems and networks, and specifically notes that it "includes implementing the mandatory 'Strategies to Mitigate Targeted Cyber Intrusions' as detailed in the Australian government Information Security Manual [ISM]".
This means that the ISM will also need to be updated to reflect the changes to the PSPF. DSD expects to make these changes this month.
As a mandatory measure, there will also be changes to government agencies' compliance and reporting procedures.
From August 1, agencies must provide annual PSPF compliance reports, including its status in implementing Infosec 4, to the relevant minister.
If a government wants to peek into your Web-based e-mail account, it is surprisingly easy, most of the time not even requiring a judge’s approval
Ever wonder what Google has planned for all of the information it's collecting on its users? Well, their intentions may be completely irrelevant. As it turns out, Google has been compelled to give over their user data by law enforcement at an increasing and alarming rate.
In the second half of 2012, the tech giant received more than 21,000 requests for information, which represents a 70-percent increase over three years. The majority of the requests came from the federal government, who was hoping for a peek into users' email accounts. In most cases, the Feds didn't need a judge's okay.
Google is fighting back, trying to rally support against government access to personal data. In this professional's opinion, however, that's a bit ironic considering Google's own policies on collecting user information.
Just remember, anytime you are using a webmail site like Gmail for communication, understand your email is absolutely not protected and is not private.
Do not send sensitive information or conduct business using these types of free webmail services.
If you must use these sites, gather the emails through an off-cloud software system, like Microsoft Outlook. Then, configure your Outlook settings to delete the emails from Gmail, Yahoo, Hotmail or whatever cloud email service they are coming from, as soon as Outlook downloads them.
Online Dangers AlertAnti-virus firm Symantec has launched a cybercrime tracking service in a bid stop computer users from becoming complacent about online threats.The Free www.nortoncybercrimeindex.com service names the most threatening viruses for the day, where most identities were stolen in the previous day, and if hacker activity is higher or lower than average. The data is compiled via Symantec's Norton software and internet monitoring.According to the service, hackers were today responsible for stealing 78 percent of online identities and 21 percent were accidentally made public. About two-thirds of stolen identities were taken from the manufacturing industry, while 18 percent were nicked from communications or public relations business.The threat of identity theft has doubled in the past two days and "translator" is the most popular word being inserted on infected websites to lure in search engine users. 1314.QQ[dot]com remains the world's most dangerous website.
Norton 360 version 5.0 will provide quick access to the index data and reveal how many attacks are detected in which suburbs. Anti-virus company AVG said: "Cybercriminals were increasingly using phones to rob people". The company found more than one-third of smartphone owners were unaware of the increasing security risks associated with using mobiles to buy goods or store personal data.
Malicious Search Suggestions with Google InstantGoogle launched its streaming search engine yesterday called Google Instant, which provides people with instant, real-time search results, and also opens the doors to search engine optimisation (SEO) poisoning and other problems.
The problem comes from hackers who create malware or fake antivirus programs and then manage to poison Google's search results in order to get their software high on the list. This is often called blackhat SEO, as it will use traditional SEO tactics but for malicious reasons.All search engines, but Google in particular, are at risk of blackhat SEO and that is not a new problem.
However, because Google Instant literally searches for everything as you type, you could be forced into a situation where you are unwittingly searching for rogueware. “As a test, I thought I'd search for 'antivirus' and see what suggestions came up. Lo and behold, Antivir Solution Pro, a well-known rogueware infection was amongst the suggested search terms,” said Sean-Paul Correll, threat researcher at Pandalabs and founder of the Malware Database.For those who are not familiar with the rogueware, they may consider it legitimate, download and install it, resulting in their computer being infected. The fact that the rogueware was second on the list of suggested terms makes this a worrying possibility, as it amounts to Google's search engine recommending malware. It is also interesting to note that the fourth suggested search term is for the removal of that same rogueware.
A Look Inside How It WorksOne of the biggest risks that users run across during their everyday Internet browsing at the moment is from what security researchers call search engine optimization poisoning or SEO poisoning. Criminal hackers are taking advantage of our blind trust in popular search engines such as Google and Bing to trick us into clicking into malicious links.The bad guys use blackhat SEO techniques to boost the page rankings of their bogus sites. As these higher ranked sites start breaking into the top ten and top 20 results of a popular search term, users are lured into trusting the links.Capitalizing on anything from the Haiti earthquake to Mel Gibson’s rants to the World Cup, these hackers use the links to bait users and then reel them in with malicious downloads. They unwittingly click into a malicious link due to their trust in the search engine. Channel Insider examines just how SEO poisoning is carried out by these bad guys and how common it is to see malicious links within legitimate search results.Step 1: Compromise legitimate web sitesThese will be used to form the foundation of the attack.Step 2: Create SEO-friendly fake pages related to popular search topics on compromised sitesIn the past year hackers have taken advantage of user curiosity about the Olympics, the Haiti earthquake, Corey Haim's death, the World Cup and Mel Gibson's recent craziness to formulate their SEO poisoning attacks.Step 3: Use Google Hot Trends to search for popular termsHackers leverage the hottest search terms and then stuff their fake pages with additional relevant key phrases that track well with the most common way users phrase their searches.Step 4: Crosslink with other SEO poisoned pages to boost page rankingsHackers work on scale, with a web of hundreds of crosslink pages to ensure that their malicious sites make it to the top of the page rankings for any given search term.Step 5: Cloak malicious content from spiders and security researchersThe reason SEO poisoning attacks have been difficult to stymie is because the hackers are shielding their attacks from search engine detection and security do-gooders. Poisoned pages serve up an alternative non-malicious page with relevant keywords and links to other poisoned pages when crawlers view a page and direct traffic to non-malicious content when it doesn't come from a search engine.Step 6: Deliver payloadIf traffic does come from a website, hackers will serve up the bad content. Right now, researchers report that the bulk of SEO poisoning attacks are used to send users to a fake AV scan page to convince them to install bogus AV 'scareware.'SEO Poisoning By The NumbersSymantec found that on average 115 of the 300 most popular search terms contained at least 10% malicious links.SEO Poisoning By The Numbers Users have a 1 in 3 chance of coming across a malicious link via searches, according to Symantec.SEO Poisoning By The Numbers Typically, 15 links out of the first 70 results were malicious for search terms that were found to be poisoned, according to Symantec researchers.
Ensure you have up-to-date virus protection
The Google trends are once again a mix of hot trends, including the Gulf Oil Spill, Michael Jackson, Miley Cyrus, Microsoft and Microsoft Kinect.
Unfortunately, those who are searching for more information on a trending topic are being lured in by hackers who don't provide anything more than an unhealthy dose of malware, a term used for malicious software.
By using clever SEO (Search Engine Optimization) techniques, websites are created that look as if they are filled with information on news topics such as the Gulf oil crisis or supposed pictures of Miley Cyrus in the buff. Unfortunately, the sites can cause a virus to attack your computer and will provide you with absolutely none of the information you are looking for.
Pop-up warnings that inform you that your computer is in danger of facing security issues will often show up when you land on these spammy sites. The warnings are not real and if you click on them, you will download dangerous software on your computer.
There is often a fee for these services and that will threaten the safety of your credit card information as well as your computer if you use it to pay for these fake services.
It is important to have up-to-date virus protection on your computer to help protect against malware.
The ads served by Bing and Google along with your search results are linking more and more often to sites trying to infect your machine.
Neither Bing nor Google effectively prescreens these bogus advertisers, so it's up to us to detect and avoid them.
You may recently have used either Google or Microsoft's new Bing search engine to find the popular Malwarebytes Anti-Malware utility or something similar. If so, chances are good that the sponsored ads alongside your search results contained links to the very malware that the security tool is designed to remove.
The three largest search sites — Google, Yahoo, and Bing — regularly sell security-related keywords to criminals looking to trick you into downloading and installing fake anti-malware products. The crooks then steal your personal information or hold your system for ransom before letting you remove their malware from your machine.
The search providers have been aware of this for years. To their discredit, they've done little to end the practice, even though it's in their power to do so. The reason? They're making money hand over fist from those sponsored text ads and don't want to kill the goose that lays the golden eggs.
Unfortunately, balancing the scales of justice takes time. What can you do in the meantime to help protect yourself from these malicious ads?
Don't expect flawless protection from your Web browser of choice. Internet Explorer, Firefox, and other browsers now support bad-sites lists, but every malicious ad server may not be known. Nor are browser security add-ons perfect. McAfee SiteAdvisor, for instance, may include results that are up to one year old.
If you're not sure, verify the URL. Microsoft and Google have large payrolls, but the search giants don't employ literal armies to review ad submissions. If you're at all suspicious of an ad's legitimacy, check the URL via a service such as hpHosts, which tracks domain names that researchers have reported as malicious.
Help vendors by reporting malicious advertisers. To report bogus ads on Google, e-mail security at google.com. This is likely to be more effective than reporting the site via the search giant's online form. If you discover malware purveyors advertising in Bing's results, e-mail secure at microsoft.com. Yahoo, however, offers only a Security Phishing Report Form. I beleive Microsoft or Google should come up with the similar solution.
I do hope that Google, Microsoft, and Yahoo can put their differences aside and correct this situation. In the meantime, be careful when you search and be suspicious of sponsored links. Too many of them are fictitious these days — and dangerous.
