A proper TSCM / Information Security inspection can help in all areas of concern. |
Showing posts with label survey. Show all posts
Showing posts with label survey. Show all posts
Friday, February 12, 2016
Physical Security a Growing Threat to Organizations
Physical security is seen as growing concern for business continuity professionals, according to the fifth annual Horizon Scan Report published by the Business Continuity Institute, in association with BSI. Among the ranks of potential threats that organizations face, acts of terrorism gained six places from 10th in 2015 to 4th this year, while security incidents moved from 6th place to 5th place. more
Wednesday, November 18, 2015
A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps
A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps
Tested - 110 popular, free Android and iOS apps to look for apps that shared personal, behavioral, and location data with third parties
73% of Android apps shared personal information such as email address with third parties, and 47% of iOS apps shared geo-coordinates and other location data with third parties
93% of Android apps tested connected to a mysterious domain, safemovedm.com, likely due to a background process of the Android phone
A significant proportion of apps share data from user inputs such as personal information or search terms with third parties without Android or iOS requiring a notification to the user more
Click to Enlarge |
73% of Android apps shared personal information such as email address with third parties, and 47% of iOS apps shared geo-coordinates and other location data with third parties
93% of Android apps tested connected to a mysterious domain, safemovedm.com, likely due to a background process of the Android phone
A significant proportion of apps share data from user inputs such as personal information or search terms with third parties without Android or iOS requiring a notification to the user more
Wednesday, February 18, 2015
Is Your Home Security System Putting You at Risk? ...news at eleven.
HP has released results of a security testing study revealing that owners of Internet-connected home security systems may not be the only ones monitoring their homes. The study found that 100 percent of the studied devices used in home security contain significant vulnerabilities, including password security, encryption and authentication issues.
Home security systems, such as video cameras and motion detectors, have gained popularity as they have joined the booming Internet of Things (IoT) market and have grown in convenience... The new HP study reveals how ill-equipped the market is from a security standpoint for the magnitude of growth expected around IoT...
The HP study questions whether connected security devices actually make our homes safer or put them at more risk...
(more)
Home security systems, such as video cameras and motion detectors, have gained popularity as they have joined the booming Internet of Things (IoT) market and have grown in convenience... The new HP study reveals how ill-equipped the market is from a security standpoint for the magnitude of growth expected around IoT...
The HP study questions whether connected security devices actually make our homes safer or put them at more risk...
(more)
Friday, February 13, 2015
Study - 16 Million Smartphones Infected with Spyware / Malware
About 16 million mobile devices are infected by malicious software that is secretly spying on users, stealing confidential information and pilfering data plans.
That’s the word from Alcatel-Lucent’s Motive Security Labs, which in a study found that malware infections in mobile devices rose a full 25% in 2014, compared to a 20% increase in 2013. In fact, the uptick is so spectacular that Android devices have now caught up with Windows laptops, which had been the primary workhorse of cybercrime, with infection rates between Android and Windows devices split an even 50/50 in 2014.
“With one billion Android devices shipped in 2014, the platform is a favorite target of cybercriminals who can have lots of infection success without a lot of work,” said Kevin McNamee, director of Motive, in a blog. “Android is more exposed than rivals because of its open platform and by allowing users to download apps from third-party stores where apps are not always well-vetted.”
The mobile infection rate in 2014 was 0.68%. Fewer than 1% of infections come from iPhone and Blackberry smartphones.
(more)
That’s the word from Alcatel-Lucent’s Motive Security Labs, which in a study found that malware infections in mobile devices rose a full 25% in 2014, compared to a 20% increase in 2013. In fact, the uptick is so spectacular that Android devices have now caught up with Windows laptops, which had been the primary workhorse of cybercrime, with infection rates between Android and Windows devices split an even 50/50 in 2014.
“With one billion Android devices shipped in 2014, the platform is a favorite target of cybercriminals who can have lots of infection success without a lot of work,” said Kevin McNamee, director of Motive, in a blog. “Android is more exposed than rivals because of its open platform and by allowing users to download apps from third-party stores where apps are not always well-vetted.”
The mobile infection rate in 2014 was 0.68%. Fewer than 1% of infections come from iPhone and Blackberry smartphones.
(more)
Thursday, October 23, 2014
...which left us wondering about the clowns in business and government who spy.
A new study finds that more Americans fear spying from corporations than the government (but only slightly).
In total, 82 percent of Americans fear corporations, while 74 percent fear the government.
The data comes from a new Chapman University survey of everything that freaks Americans out. In addition to Internet fears, around 65 percent of Americans also fear public speaking — meaning that more Americans are concerned about Internet privacy than speaking in public.
Interesting, but unrelated: 20 percent of Americans are at least somewhat afraid of clowns. (more)
In total, 82 percent of Americans fear corporations, while 74 percent fear the government.
The data comes from a new Chapman University survey of everything that freaks Americans out. In addition to Internet fears, around 65 percent of Americans also fear public speaking — meaning that more Americans are concerned about Internet privacy than speaking in public.
Interesting, but unrelated: 20 percent of Americans are at least somewhat afraid of clowns. (more)
Sunday, July 27, 2014
Cost of Corporate Espionage in Germany Today
Every year, industrial espionage costs German businesses around 11.8 billion euros ($16 billion), according to a survey released Monday by the German security firm Corporate Trust.
Every second company in Germany has faced attacks - whether successful or not - with more than three-quarters of those surveyed registering financial losses as a result.
Corporate Trust said the survey reflected answers from 6,767 companies, some 40 percent of which estimated the damage from espionage had cost them anywhere from 10,000 euros to 100,000 euros.
Twelve percent said they lost more than 100,000 euros, and 4.5 percent said they lost more than 1 million euros. (more)
Every second company in Germany has faced attacks - whether successful or not - with more than three-quarters of those surveyed registering financial losses as a result.
Corporate Trust said the survey reflected answers from 6,767 companies, some 40 percent of which estimated the damage from espionage had cost them anywhere from 10,000 euros to 100,000 euros.
Twelve percent said they lost more than 100,000 euros, and 4.5 percent said they lost more than 1 million euros. (more)
Wednesday, July 16, 2014
See Threat, Ignore Security - IT = Idocracy Time
In a study, most IT execs at critical infrastructure companies revealed that their organization was compromised in the last year, but only 28 percent of them said that security was a top priority across their enterprise.
Nearly 600 global IT and IT security execs across 13 countries were polled for the “Critical Infrastructure: Security Preparedness and Maturity” report, released Thursday. And of those respondents, 67 percent said they had dealt with at least one security compromise, leading to the loss of confidential information or disruption to operations, at their companies.
In an interview with SCMagazine.com, Dave Frymier, CISO of Unisys, found it concerning that so many respondents seemed to be knowledgeable of threats to their organizations, but that this awareness hadn't translated to a heightened focus on security. (more) (10 things "Idocracy" predicted that came true.)
Time to yank some of that IT "security" budget and put it back where it was doing some good - traditional information and intellectual property security measures. Call us.
Nearly 600 global IT and IT security execs across 13 countries were polled for the “Critical Infrastructure: Security Preparedness and Maturity” report, released Thursday. And of those respondents, 67 percent said they had dealt with at least one security compromise, leading to the loss of confidential information or disruption to operations, at their companies.
In an interview with SCMagazine.com, Dave Frymier, CISO of Unisys, found it concerning that so many respondents seemed to be knowledgeable of threats to their organizations, but that this awareness hadn't translated to a heightened focus on security. (more) (10 things "Idocracy" predicted that came true.)
Time to yank some of that IT "security" budget and put it back where it was doing some good - traditional information and intellectual property security measures. Call us.
Thursday, July 3, 2014
Infographic - NSA Interactive Spy Chart
This is a plot of the NSA programs revealed in the past year according to whether they are bulk or targeted, and whether the targets of surveillance are foreign or domestic. Most of the programs fall squarely into the agency’s stated mission of foreign surveillance, but some – particularly those that are both domestic and broad-sweeping – are more controversial.
Just as with the New York Magazine approval matrix that served as our inspiration, the placement of each program is based on judgments and is approximate.
For more details, read our FAQ or listen to our podcast. Also, take our quiz to test your NSA knowledge. (more)
Click to see whole chart. |
Just as with the New York Magazine approval matrix that served as our inspiration, the placement of each program is based on judgments and is approximate.
For more details, read our FAQ or listen to our podcast. Also, take our quiz to test your NSA knowledge. (more)
Tuesday, June 17, 2014
Survey: People's Beliefs about Cell Phone Spying
Only a tenth (12 per cent) of people in the UK believe that calls on a mobile phone and texts are private, research from Silent Circle has found following Vodafone revealing secret wires that allow state surveillance.
The research of 1,000 employed Brits found that over half (54 per cent) believe ‘anyone with the right equipment’ has the ability to listen in on their mobile calls and texts.
Respondents named the government as the group most likely to have the ability to listen in on calls and texts (54 per cent), while 44 per cent believe the police can eavesdrop and a third think mobile phone providers could listen in.
Criminals (28 per cent) and jealous spouses (17 per cent) also raise suspicions for eavesdropping. (more)
The research of 1,000 employed Brits found that over half (54 per cent) believe ‘anyone with the right equipment’ has the ability to listen in on their mobile calls and texts.
Respondents named the government as the group most likely to have the ability to listen in on calls and texts (54 per cent), while 44 per cent believe the police can eavesdrop and a third think mobile phone providers could listen in.
Criminals (28 per cent) and jealous spouses (17 per cent) also raise suspicions for eavesdropping. (more)
Thursday, May 8, 2014
Verizon's 2014 Data Breach Investigations Report
Gain fresh insight into cyber espionage and denial-of-service attacks in the 2014 Data Breach Investigations Report (DBIR).
This year’s report features nine common incident patterns, bringing together insights from 50 global organizations, from around the globe, and more than 63,000 confirmed security incidents.
Discover how attackers can affect your business, and learn the steps you need to take to counter threats and protect your reputation. (download)
This year’s report features nine common incident patterns, bringing together insights from 50 global organizations, from around the globe, and more than 63,000 confirmed security incidents.
Discover how attackers can affect your business, and learn the steps you need to take to counter threats and protect your reputation. (download)
Thursday, December 19, 2013
Mobile Devices Will Pose The Biggest Risk In 2014, Survey Says
IT professionals are troubled by the risk of data leakage associated with employee smartphones and are focusing on bolstering endpoint security, according to a new study.
Mobile devices will pose the biggest threat in 2014, according to a survey of 676 IT and IT security professionals conducted recently by the Ponemon Institute. About three-quarters of those surveyed cited the risk posed by mobile devices as their biggest concern, up from just 9 percent in 2010.
Meanwhile, targeted attacks, designed with custom malware that can maintain a lengthy presence on corporate systems, is close behind as a troubling trend, the survey found. About 40 percent of those surveyed said their firm was the victim of a targeted attack in the past year, according to the survey, which was commissioned by vulnerability management vendor Lumension Security. (more)
Mobile devices will pose the biggest threat in 2014, according to a survey of 676 IT and IT security professionals conducted recently by the Ponemon Institute. About three-quarters of those surveyed cited the risk posed by mobile devices as their biggest concern, up from just 9 percent in 2010.
Meanwhile, targeted attacks, designed with custom malware that can maintain a lengthy presence on corporate systems, is close behind as a troubling trend, the survey found. About 40 percent of those surveyed said their firm was the victim of a targeted attack in the past year, according to the survey, which was commissioned by vulnerability management vendor Lumension Security. (more)
Friday, November 22, 2013
REPORT: Corporate Espionage Against Nonprofit Organizations
How common is corporate espionage against nonprofits?
Most of the cases of corporate espionage we know about in recent years have been uncovered by accident. There has been no comprehensive, systematic effort by federal or state government to determine how much corporate espionage is actually occurring, and what tactics are being used. It is likely that corporate espionage against nonprofits occurs much more often than is known.
Who actually conducts the espionage?
When a nonprofit campaign is so successful that it may impair a company’s profits or reputation, companies may employ their own in house espionage capabilities, or they may retain the services of an intermediary with experience in espionage...
The intermediary may hire a private investigations firm that either has multiple espionage capacities or that specializes in the particular kind of intelligence needed – such as human intelligence and the infiltration of nonprofits, or electronic or physical surveillance. These private investigations firms may subcontract out espionage to experienced operatives, which gives corporations access to specialized talent while further increasing the level of plausible deny-ability...
Corporations may also hire the services of experienced nonprofit infiltrators who may pose as volunteers, to scout out workplaces and to steal documents left unattended or unguarded. Corporate spies may also plant bugs to obtain and transmit verbal communication. Both offices and homes may be targeted for the gathering of physical intelligence. (more)
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
Most of the cases of corporate espionage we know about in recent years have been uncovered by accident. There has been no comprehensive, systematic effort by federal or state government to determine how much corporate espionage is actually occurring, and what tactics are being used. It is likely that corporate espionage against nonprofits occurs much more often than is known.
Get the "T" |
When a nonprofit campaign is so successful that it may impair a company’s profits or reputation, companies may employ their own in house espionage capabilities, or they may retain the services of an intermediary with experience in espionage...
The intermediary may hire a private investigations firm that either has multiple espionage capacities or that specializes in the particular kind of intelligence needed – such as human intelligence and the infiltration of nonprofits, or electronic or physical surveillance. These private investigations firms may subcontract out espionage to experienced operatives, which gives corporations access to specialized talent while further increasing the level of plausible deny-ability...
Corporations may also hire the services of experienced nonprofit infiltrators who may pose as volunteers, to scout out workplaces and to steal documents left unattended or unguarded. Corporate spies may also plant bugs to obtain and transmit verbal communication. Both offices and homes may be targeted for the gathering of physical intelligence. (more)
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
Sunday, November 10, 2013
Corporate espionage: The spy in your cubicle
Corporate espionage from a German perspective...
At a trade fair, the head of a company discovers a machine developed by his own employees - but at the stand of a competitor, where the new item is proudly displayed. Looking through his company's inventory, he sees four new printers, even though he in fact ordered five. And to top things off, he's having problems with the state prosecutors, who say his firm is implicated in a bribery charge. His company, in short, has fallen victim to industrial espionage - three times over.
Since 2001, some 61 percent of German companies have fallen prey to these or similar crimes. In 2013, by comparison, just 45 percent of German firms were entangled in such an affair. Those were the conclusions of a study conducted by business consulting giant PricewaterhouseCoopers (PCW) together with Martin Luther University in Halle-Wittenberg (MLU). For the study, more than 600 German companies, each with at least 500 employees, were examined every two years...
...in the areas of "industrial espionage, economic espionage and the leaking of work and business secrets," there have been frighteningly high numbers of suspected cases. And there could be far more, the analyst added, since being spied upon doesn't necessarily mean that you know it's happening. Corruption ends with prosecutors knocking at the door; an inventory check usually clears up theft. But with spying, "Nothing is gone." (more)
Part of the Security Scrapbook's reason for being is that last sentence. Tracking some of the business espionage stories per year indicates the size of the problem.
Example: If 1% of business espionage is discovered, and 1% of discovered business espionage becomes news, then 50 business espionage news stories equals 500,000 business espionage attacks — 499,950 of which were successful. Adjust the percentages to suit yourself, but you get the idea.
The point is, you won't know when your intellectual and strategic pockets are being picked. Especially, if you are not checking regularly.
Call me. I can help.
At a trade fair, the head of a company discovers a machine developed by his own employees - but at the stand of a competitor, where the new item is proudly displayed. Looking through his company's inventory, he sees four new printers, even though he in fact ordered five. And to top things off, he's having problems with the state prosecutors, who say his firm is implicated in a bribery charge. His company, in short, has fallen victim to industrial espionage - three times over.
Since 2001, some 61 percent of German companies have fallen prey to these or similar crimes. In 2013, by comparison, just 45 percent of German firms were entangled in such an affair. Those were the conclusions of a study conducted by business consulting giant PricewaterhouseCoopers (PCW) together with Martin Luther University in Halle-Wittenberg (MLU). For the study, more than 600 German companies, each with at least 500 employees, were examined every two years...
...in the areas of "industrial espionage, economic espionage and the leaking of work and business secrets," there have been frighteningly high numbers of suspected cases. And there could be far more, the analyst added, since being spied upon doesn't necessarily mean that you know it's happening. Corruption ends with prosecutors knocking at the door; an inventory check usually clears up theft. But with spying, "Nothing is gone." (more)
Part of the Security Scrapbook's reason for being is that last sentence. Tracking some of the business espionage stories per year indicates the size of the problem.
Example: If 1% of business espionage is discovered, and 1% of discovered business espionage becomes news, then 50 business espionage news stories equals 500,000 business espionage attacks — 499,950 of which were successful. Adjust the percentages to suit yourself, but you get the idea.
The point is, you won't know when your intellectual and strategic pockets are being picked. Especially, if you are not checking regularly.
Call me. I can help.
Friday, November 1, 2013
Mobile Phone Use a Significant Security Risk for Companies
New research suggests that companies are leaving themselves open to potentially serious security and legal risks by employees’ improper use of corporate mobile devices.
Experts from the University of Glasgow looked at a sample of mobile phones returned by the employees from one Fortune 500 company and found that they were able to retrieve large amounts of sensitive corporate and personal information. The loss of data such as this has potential security risks, inviting breaches on both an individual and corporate level.
A University of Glasgow release reports that the data yielded by this study on thirty-two handsets included a number of items that could potentially cause significant security risks and, lead to the leakage of valuable intellectual property or exposed the company to legal conflicts. (more)
Buy them the Cone of Silence. |
A University of Glasgow release reports that the data yielded by this study on thirty-two handsets included a number of items that could potentially cause significant security risks and, lead to the leakage of valuable intellectual property or exposed the company to legal conflicts. (more)
Thursday, September 5, 2013
IT Industry Admits ‘Losing Battle’ Against State-Backed Attacks
More than half of senior IT security professionals believe the industry is losing the battle against state-sponsored attacks, according to a survey.
Nearly 200 senior IT security professionals were surveyed by Lieberman Software Corporation at the Black Hat USA 2013 conference in Las Vegas, with 58 per cent of saying they believe the profession is losing the battle against state-sponsored attacks.
And 74 per cent of respondents were not even confident that their own corporate network has not already been breached by a foreign state-sponsored hacker, while 96 per cent believe that the hacking landscape is going to get worse over time. (more)
FutureWatch: Look for a migration of sensitive information away from Internet connectivity, followed by a rise in traditional espionage techniques. This shift will amplify the need for traditional security countermeasures, such as TSCM.
Nearly 200 senior IT security professionals were surveyed by Lieberman Software Corporation at the Black Hat USA 2013 conference in Las Vegas, with 58 per cent of saying they believe the profession is losing the battle against state-sponsored attacks.
And 74 per cent of respondents were not even confident that their own corporate network has not already been breached by a foreign state-sponsored hacker, while 96 per cent believe that the hacking landscape is going to get worse over time. (more)
FutureWatch: Look for a migration of sensitive information away from Internet connectivity, followed by a rise in traditional espionage techniques. This shift will amplify the need for traditional security countermeasures, such as TSCM.
Wednesday, July 24, 2013
Business Secrets Leak via Personal Devices
The smartphone revolution opened the floodgates to the BYOD (bring your own device) trend among workers...
More than half of information workers own the devices they use for work, according to Forrester Research, which surveyed almost 10,000 people in 17 countries, and that proportion is likely to increase, says David Johnson, a senior analyst at Forrester.
The groundswell caused many IT directors to simply throw up their hands. A study published last November by Kaspersky Lab, a digital-security firm, found that one in three organizations allowed personal cellphones unrestricted access to corporate resources—with troubling consequences. One in five companies in the same survey admitted losing business data after personal devices were lost or stolen. (more)
The pressure is on manufacturers to come up with better security features.
"Certified for Business Use" has a nice value-added ring to it.
More than half of information workers own the devices they use for work, according to Forrester Research, which surveyed almost 10,000 people in 17 countries, and that proportion is likely to increase, says David Johnson, a senior analyst at Forrester.
The groundswell caused many IT directors to simply throw up their hands. A study published last November by Kaspersky Lab, a digital-security firm, found that one in three organizations allowed personal cellphones unrestricted access to corporate resources—with troubling consequences. One in five companies in the same survey admitted losing business data after personal devices were lost or stolen. (more)
The pressure is on manufacturers to come up with better security features.
"Certified for Business Use" has a nice value-added ring to it.
Android Phones - The New Corporate Espionage Tool
Alcatel-Lucent’s Kindsight subsidiary has released figures that show an increase in malicious software (malware) used by hackers to gain access to devices for corporate espionage, spying on individuals, theft of personal information, generating spam, denial of service attacks on business and governments and millions of dollars in fraudulent banking and advertising scams.
“Malware and cybersecurity threats continue to be a growing problem for home networks and mobile devices, particularly for Android smartphones and tablets which are increasingly targeted,” said Kevin McNamee, security architect and director of Alcatel-Lucent’s Kindsight Security Labs.
“A third of the top 15 security threats are now spyware related, up from only two spyware instances the last quarter,” said McNamee. “MobileSpy and FlexiSpy were already in the top 15 list, but SpyBubble moved up to take the 4th spot, while SpyMob and PhoneRecon appeared for the first time, ranking 5th and 7th respectively.
“Mobile spyware in the BYOD context poses a threat to enterprises because it can be installed surreptitiously on an employee’s phone and used for industrial or corporate espionage.”
McNamee said it is “surprisingly easy” to add a command and control interface to allow the attacker to control the device remotely, activating the phone’s camera and microphone without the user’s knowledge.
“This enables the attacker to monitor and record business meetings from a remote location. The attacker can even send text messages, make calls or retrieve and modify information stored on the device – all without the user’s knowledge.
“The mobile phone is a fully functional network device. When connected to the company’s Wi-Fi, the infected phone provides backdoor access to the network and the ability to probe for vulnerabilities and assets. (more)
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
“Malware and cybersecurity threats continue to be a growing problem for home networks and mobile devices, particularly for Android smartphones and tablets which are increasingly targeted,” said Kevin McNamee, security architect and director of Alcatel-Lucent’s Kindsight Security Labs.
“A third of the top 15 security threats are now spyware related, up from only two spyware instances the last quarter,” said McNamee. “MobileSpy and FlexiSpy were already in the top 15 list, but SpyBubble moved up to take the 4th spot, while SpyMob and PhoneRecon appeared for the first time, ranking 5th and 7th respectively.
“Mobile spyware in the BYOD context poses a threat to enterprises because it can be installed surreptitiously on an employee’s phone and used for industrial or corporate espionage.”
McNamee said it is “surprisingly easy” to add a command and control interface to allow the attacker to control the device remotely, activating the phone’s camera and microphone without the user’s knowledge.
“This enables the attacker to monitor and record business meetings from a remote location. The attacker can even send text messages, make calls or retrieve and modify information stored on the device – all without the user’s knowledge.
“The mobile phone is a fully functional network device. When connected to the company’s Wi-Fi, the infected phone provides backdoor access to the network and the ability to probe for vulnerabilities and assets. (more)
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
Friday, July 19, 2013
Mobile Security Apps Perform Dismally Against Spyware
via Josh Kirschner at Techlicious...
Mobile spyware can have a devastating effect on your life; the
constant fear that a spouse, significant other or even employer is
following your every move, knows everything about your life and has
completely removed any vestige of privacy...
And spyware is not as rare as you may think. According to mobile security company Lookout, .24% of Android phones they scanned in the U.S. had surveillance-ware installed intended to target a specific individual. Sophos reports a similar .2% infection rate from spyware. If those numbers hold true for Android users in general, that would mean tens of thousands could be infected.
I set out to test the leading Android anti-malware vendors to see how they fared at protecting us against the threat of spyware...
The results, generally speaking, were dismal. Of twelve products I tested, none was able to detect more than two-thirds of the samples. Many missed half or more of the spyware apps. And, surprisingly, the potential spyware apps least likely to be detected were those widely available in Google Play. (more)
Josh did an excellent job researching this topic and we thank him for publicly exposing the flaws.
Now, what can be done about really detecting spyware?
Murray Associates was approached by two clients several years ago who had come to the same conclusion as Josh via their own research. They asked us to develop a solution – based on the following conditions:
1. The solution must make quick and reasonable spyware evaluations.
2. No special forensic tools should be required.
3. No special skills should be necessary.
4. No assistance should be necessary once the initial training is over. The phone owner must be able to conduct the test him- or herself—anytime, anyplace.
5. Advancements in spyware software and cell phone hardware should not render the test ineffective.
The results of this project are published in the book, "Is My Cell Phone Bugged?", and are used in SpyWarn 2.0, a unique Android spyware detection app.
And spyware is not as rare as you may think. According to mobile security company Lookout, .24% of Android phones they scanned in the U.S. had surveillance-ware installed intended to target a specific individual. Sophos reports a similar .2% infection rate from spyware. If those numbers hold true for Android users in general, that would mean tens of thousands could be infected.
I set out to test the leading Android anti-malware vendors to see how they fared at protecting us against the threat of spyware...
The results, generally speaking, were dismal. Of twelve products I tested, none was able to detect more than two-thirds of the samples. Many missed half or more of the spyware apps. And, surprisingly, the potential spyware apps least likely to be detected were those widely available in Google Play. (more)
Josh did an excellent job researching this topic and we thank him for publicly exposing the flaws.
Now, what can be done about really detecting spyware?
Murray Associates was approached by two clients several years ago who had come to the same conclusion as Josh via their own research. They asked us to develop a solution – based on the following conditions:
1. The solution must make quick and reasonable spyware evaluations.
2. No special forensic tools should be required.
3. No special skills should be necessary.
4. No assistance should be necessary once the initial training is over. The phone owner must be able to conduct the test him- or herself—anytime, anyplace.
5. Advancements in spyware software and cell phone hardware should not render the test ineffective.
The results of this project are published in the book, "Is My Cell Phone Bugged?", and are used in SpyWarn 2.0, a unique Android spyware detection app.
Saturday, July 6, 2013
Living in La La Land - Where Nobody Spies
Canada's top corporate executives remain relatively unconcerned that their businesses are vulnerable to cyber attacks.
The latest C-Suite survey of business leaders shows that cyber-security is not a serious worry for a majority of those sitting in the nation’s corner offices.
Only 40 per cent say they are very or somewhat concerned about cyber-security threats to their companies. Even fewer say they think that businesses like theirs will likely be a target of an attack on the corporate computer system.
And more than 90 per cent of those who responded are confident in their organization’s efforts to protect their business from these threats... (more)
A voice in the wind...
Greg Hawkins, CEO of Yellowhead Mining Inc., agrees that companies should not be complacent... Firms that think they have the situation completely under control “are living in la la land,” he said.
The latest C-Suite survey of business leaders shows that cyber-security is not a serious worry for a majority of those sitting in the nation’s corner offices.
Only 40 per cent say they are very or somewhat concerned about cyber-security threats to their companies. Even fewer say they think that businesses like theirs will likely be a target of an attack on the corporate computer system.
And more than 90 per cent of those who responded are confident in their organization’s efforts to protect their business from these threats... (more)
A voice in the wind...
Greg Hawkins, CEO of Yellowhead Mining Inc., agrees that companies should not be complacent... Firms that think they have the situation completely under control “are living in la la land,” he said.
Friday, May 17, 2013
Your Smartphone - The Quickest Route to Your Bank Account
Many consumers simply don't realize how vulnerable their Androids, iPhones and other devices can be.
An April study by the Federal Reserve Bank of Atlanta said threats are proliferating, ranging from "phishing" -- where consumers click a phony email or text message and are tricked into handing over personal information -- to consumers' reluctance to use security protections they normally have on home computers, like a password...
Organized crime operations see smartphones as the most vulnerable entry point into the electronic financial system, according to the Federal Reserve...
Vikram Thakur, principal security response manager for security software giant Symantec, said attackers can get complete control of a phone simply by getting people to click on a link. Without actually having the phone in their hands, the hackers can access messages, phone calls and personal information. (more)
Spybusters Tip #734:
• Password protect your phone. Keep it turned on.
• Don't click on anything 'iffy'.
• Keep Bluetooth and Wi-Fi turned off unless needed.
• Avoid sensitive transaction over public Wi-Fi hot spots.
An April study by the Federal Reserve Bank of Atlanta said threats are proliferating, ranging from "phishing" -- where consumers click a phony email or text message and are tricked into handing over personal information -- to consumers' reluctance to use security protections they normally have on home computers, like a password...
Organized crime operations see smartphones as the most vulnerable entry point into the electronic financial system, according to the Federal Reserve...
Vikram Thakur, principal security response manager for security software giant Symantec, said attackers can get complete control of a phone simply by getting people to click on a link. Without actually having the phone in their hands, the hackers can access messages, phone calls and personal information. (more)
Spybusters Tip #734:
• Password protect your phone. Keep it turned on.
• Don't click on anything 'iffy'.
• Keep Bluetooth and Wi-Fi turned off unless needed.
• Avoid sensitive transaction over public Wi-Fi hot spots.
Subscribe to:
Posts (Atom)