Friday, June 25, 2010
Thursday, June 24, 2010
CYBERCRIME IS AFFECTING YOUR BUSINESS
A new study reveals spam, viruses, phishing and credit-card fraud have become serious issues for small- to medium-sized businesses in Ireland, costing approximately $300 million yearly, according to the Irish Examiner.
After conducting a survey of more than 600 companies, the Irish Small & Medium Enterprises Association concluded cyber crime has become a growing problem. Unless something is done to address the situation, companies will continue seeing a dramatic rise in business costs.
Nearly 70 percent of companies reported being a victim of cyber crime in the last year. Nearly all respondents had been affected by spam, almost half (54 percent) by phishing, 51 percent from virus infection, and 13 percent had experienced credit-card fraud.
Kenya and Africa at large are not far from this. Cybersecurity experts estimate that 80 percent of computers on the African continent are already infected with viruses and other malicious software, according to Foreign Policy. The combination of housing the world’s most vulnerable computers and a majority of a population lacking basic knowledge of IT makes the computers easy targets for skilled botnet operators and hackers.
Also, with the exception of Egypt and South Africa, most African countries lack the legal infrastructure to prosecute, or even stop the rise in cyber crime. Despite commitments made at a Regional Cybersecurity Forum for Africa and Arab states held last year, there is little coordination between countries on how to deal with cybersecurity.
While the continent as a whole is lagging behind in cybersecurity, there are a few countries that have made advancements. Tunisia, for example, has created the first national security institute in Africa, and Nigeria has developed a national cybersecurity initiative aimed at raising awareness and battling online fraud.
It is thus important to boost security in your cyber world using anti-virus software , spam-filtering software and hardware firewalls. It is also important for companies to hire IT professionals for guaranteed security.
After conducting a survey of more than 600 companies, the Irish Small & Medium Enterprises Association concluded cyber crime has become a growing problem. Unless something is done to address the situation, companies will continue seeing a dramatic rise in business costs.
Nearly 70 percent of companies reported being a victim of cyber crime in the last year. Nearly all respondents had been affected by spam, almost half (54 percent) by phishing, 51 percent from virus infection, and 13 percent had experienced credit-card fraud.
Kenya and Africa at large are not far from this. Cybersecurity experts estimate that 80 percent of computers on the African continent are already infected with viruses and other malicious software, according to Foreign Policy. The combination of housing the world’s most vulnerable computers and a majority of a population lacking basic knowledge of IT makes the computers easy targets for skilled botnet operators and hackers.
Also, with the exception of Egypt and South Africa, most African countries lack the legal infrastructure to prosecute, or even stop the rise in cyber crime. Despite commitments made at a Regional Cybersecurity Forum for Africa and Arab states held last year, there is little coordination between countries on how to deal with cybersecurity.
While the continent as a whole is lagging behind in cybersecurity, there are a few countries that have made advancements. Tunisia, for example, has created the first national security institute in Africa, and Nigeria has developed a national cybersecurity initiative aimed at raising awareness and battling online fraud.
It is thus important to boost security in your cyber world using anti-virus software , spam-filtering software and hardware firewalls. It is also important for companies to hire IT professionals for guaranteed security.
Saturday, June 19, 2010
Tuesday, June 15, 2010
FIFA WORLD CUP AND CYBERCRIME (BEWARE)
cybercriminals have already started showing their interest in taking advantage of the event, by launching targeted malicious PDFs/malware serving campaigns, blackhat SEO and fraudulent propositions, followed by lottery winning notifications/letters of claim themed scams.
Considering that, these threats and exploitation tactics are prone to intensify throughout the entire event, let’s review some of the most commonly used attack vectors, and discuss the risk mitigation strategies for each and every one of them.
The threats and the fraudulent schemes
The following list doesn’t aims to achieve conclusiveness, instead it would discuss the most prevalent threats based on the historical “performance” of malicious attackers, and scammers in general.
Targeted malware attacks serving client-side exploits -The combination of a recently announced zero day flaw affecting Adobe’s most popular products, and the global proportions of the FIFA World Cup, clearly offer a malicious attacker the opportunity to capitalize on the event. According to Symantec, based on the campaigns analyzed since April, malicious PDFs continue representing the highest percentage of malicious attachments - .pdf 41%.exe 18%.doc 14%.xls 7%.scr 4%.ppt 1%. Their findings confirm the findings from a related report, indicating that outdated Adobe flaws for which patches are available, represented 80% of all exploits for 2009. What’s driving the success of these malicious campaigns? With or without the recent Adobe zero day, the malicious attackers have realized that just because a patch is available, it doesn’t necessarily mean that hundreds of thousands of Internet users are patching themselves. And they should.
419/Lottery Scams - According to the 2009’s IC3 Internet Crime Report, advance fee fraud represented 9.8% of all complaints. The percentage is naturally much higher due to the unknown number of people that didn’t report the fraud. Largely underestimated as a serious threat, lottery scams usually cost a small fortune to the affected victim. And due to their targeted nature — the majority are sent manually and usually originate from Africa based IPs — the scammers often succeed in tricking the gullible user. Once the user, now victim, is hooked, the “Winning Notification” slowly transforms into a advance fee based fraud, where in order to obtain the millions that you never really won, you would need to send back a decent amount of money. Don’t.
Blackhat SEO (Search Engine Optimization) campaigns serving scareware - Blackhat SEO, involves the process of on purposely hijacking trending buzz story across the web, in order to capitalize on the hijacked traffic by serving client-side exploits, or most commonly scareware. There’s a common misunderstanding regarding blackhat SEO campaigns these days, with a large number of users thinking that a cybercriminal is manually monitoring these trending topics in order to hijack them. Which is not true, since the process is semi-automatic, in fact on the majority of occasions they aren’t even aware that they’re targeting a particular topic.
Spamvertised fraudulent offers, phishing attempts - According to the 2009’s IC3 Internet Crime Report, non-delivery of merchandise and/or payment represented 11.9% of all the complaints. Moreover, the scammers are also well known for keeping track of different promotions, which they can easily brandjack and attempt to obtain sensitive data from the affected users. One of these examples is Visa’s “Go Fans” campaign - “Phishing samples spammers are targeting the Visa brand, which is one of the six global FIFA partners. Visa announced a “Go Fans” promotion offer in which card holders get the chance to win a trip to South Africa to experience the 2010 World Cup matches. Aware of the fan frenzy involved with watching live World Cup games, phishers are in the right (albeit criminal) business of trying to make money out if it.“
Risk mitigation strategies
Targeted malware attacks serving client-side exploits - With malicious PDFs representing such a high percentage of the exploits used, perhaps an alternative PDF reader such as the Foxit Reader, is worth considering. As well as: taking care of outdated third-party applications in combination with NoScript and least privilege accounts, or complete sandboxing/isolated web browsing, in order to ensure that what happens in the sandbox, stays in the sandbox.
419/Lottery Scams - Although the professional layout of these messages is improving, perhaps the single most important mitigation strategy, one that no software vendor can provide you with, is the lack of gullibility when someone tells you that you’ve just won 1 million dollars. Don’t be naive, and once you spot the scam, consider reporting it.
Blackhat SEO (Search Engine Optimization) campaigns serving scareware - The protection tips for mitigating client-side exploits serving campaigns, fully apply to the scareware threat. For additional information on what exactly scareware/rogue security software is, and how to protect from it, consider going through the “The ultimate guide to scareware protection“.
Spamvertised fraudulent offers, phishing attempts - despite the fact that millions of people admit they click and interact with spam/phishing emails, these emails are not longer 100% fraud oriented, but often as the first touch point for a targeted client-side exploits serving campaign. Therefore, avoiding any interaction with them, next to reporting them as spam, is highly recommended.
Considering that, these threats and exploitation tactics are prone to intensify throughout the entire event, let’s review some of the most commonly used attack vectors, and discuss the risk mitigation strategies for each and every one of them.
The threats and the fraudulent schemes
The following list doesn’t aims to achieve conclusiveness, instead it would discuss the most prevalent threats based on the historical “performance” of malicious attackers, and scammers in general.
Targeted malware attacks serving client-side exploits -The combination of a recently announced zero day flaw affecting Adobe’s most popular products, and the global proportions of the FIFA World Cup, clearly offer a malicious attacker the opportunity to capitalize on the event. According to Symantec, based on the campaigns analyzed since April, malicious PDFs continue representing the highest percentage of malicious attachments - .pdf 41%.exe 18%.doc 14%.xls 7%.scr 4%.ppt 1%. Their findings confirm the findings from a related report, indicating that outdated Adobe flaws for which patches are available, represented 80% of all exploits for 2009. What’s driving the success of these malicious campaigns? With or without the recent Adobe zero day, the malicious attackers have realized that just because a patch is available, it doesn’t necessarily mean that hundreds of thousands of Internet users are patching themselves. And they should.
419/Lottery Scams - According to the 2009’s IC3 Internet Crime Report, advance fee fraud represented 9.8% of all complaints. The percentage is naturally much higher due to the unknown number of people that didn’t report the fraud. Largely underestimated as a serious threat, lottery scams usually cost a small fortune to the affected victim. And due to their targeted nature — the majority are sent manually and usually originate from Africa based IPs — the scammers often succeed in tricking the gullible user. Once the user, now victim, is hooked, the “Winning Notification” slowly transforms into a advance fee based fraud, where in order to obtain the millions that you never really won, you would need to send back a decent amount of money. Don’t.
Blackhat SEO (Search Engine Optimization) campaigns serving scareware - Blackhat SEO, involves the process of on purposely hijacking trending buzz story across the web, in order to capitalize on the hijacked traffic by serving client-side exploits, or most commonly scareware. There’s a common misunderstanding regarding blackhat SEO campaigns these days, with a large number of users thinking that a cybercriminal is manually monitoring these trending topics in order to hijack them. Which is not true, since the process is semi-automatic, in fact on the majority of occasions they aren’t even aware that they’re targeting a particular topic.
Spamvertised fraudulent offers, phishing attempts - According to the 2009’s IC3 Internet Crime Report, non-delivery of merchandise and/or payment represented 11.9% of all the complaints. Moreover, the scammers are also well known for keeping track of different promotions, which they can easily brandjack and attempt to obtain sensitive data from the affected users. One of these examples is Visa’s “Go Fans” campaign - “Phishing samples spammers are targeting the Visa brand, which is one of the six global FIFA partners. Visa announced a “Go Fans” promotion offer in which card holders get the chance to win a trip to South Africa to experience the 2010 World Cup matches. Aware of the fan frenzy involved with watching live World Cup games, phishers are in the right (albeit criminal) business of trying to make money out if it.“
Risk mitigation strategies
Targeted malware attacks serving client-side exploits - With malicious PDFs representing such a high percentage of the exploits used, perhaps an alternative PDF reader such as the Foxit Reader, is worth considering. As well as: taking care of outdated third-party applications in combination with NoScript and least privilege accounts, or complete sandboxing/isolated web browsing, in order to ensure that what happens in the sandbox, stays in the sandbox.
419/Lottery Scams - Although the professional layout of these messages is improving, perhaps the single most important mitigation strategy, one that no software vendor can provide you with, is the lack of gullibility when someone tells you that you’ve just won 1 million dollars. Don’t be naive, and once you spot the scam, consider reporting it.
Blackhat SEO (Search Engine Optimization) campaigns serving scareware - The protection tips for mitigating client-side exploits serving campaigns, fully apply to the scareware threat. For additional information on what exactly scareware/rogue security software is, and how to protect from it, consider going through the “The ultimate guide to scareware protection“.
Spamvertised fraudulent offers, phishing attempts - despite the fact that millions of people admit they click and interact with spam/phishing emails, these emails are not longer 100% fraud oriented, but often as the first touch point for a targeted client-side exploits serving campaign. Therefore, avoiding any interaction with them, next to reporting them as spam, is highly recommended.
Friday, June 11, 2010
CYBER CRIME AND THE WORLD CUP
Head butts and elbows to the face aren’t the only things getting red cards during the 2010 World Cup. Cybercriminals are taking advantage of the global popularity of the tournament by preying on computer users surfing the Internet for updates on their favorite teams. So, Symantec is interested in learning a little more about your Internet surfing and anything suspicious online you may have encountered involving the World Cup. A short survey on the subject can be found here: http://www.zoomerang.com/Survey/WEB22AS6UQSGEW.
To provide some perspective on what kinds of cons are circulating around, Symantec recently identified a new scam in which e-mails purporting to be from the promotions manager of the South Africa World Cup Lottery 2010 are making the rounds. Recipients are informed in an attachment that their e-mail address has been randomly selected by a specially designed computer program and that they have won US$2.5 million. Of course, none of it is real.
Our survey should only take one to two minutes to complete and is completely anonymous. So, if you’re up for it, please take just a couple minutes to answer our questions and help us understand a little more about how you’re planning on using the Internet to follow the World Cup and what kinds of nefarious activities you’ve encountered. By the way, stay tuned to this space as we’ll be reporting on the anonymous survey results as soon as everything is wrapped up.
This is also a good opportunity to reflect upon a few related online security best practices:
Don’t open unsolicited e-mails or social media messages purporting to contain special offers or extraordinary deals related to the World Cup, and especially don’t click on any links in such messages.
If an online offer appears to be too good to be true, it probably is. Scammers often try to make their bogus offers sound so great that they would be nearly impossible to pass up…if they were real that is.
Be careful about what “official” social networking accounts you follow, such as those that appear to be created by World Cup teams or players. Often, cybercriminals will create accounts posing to be someone they’re not.
When searching for online video of the World Cup, avoid sites you’ve never heard of before and if you’re told you must update your media player before viewing a video, be very cautious as this might be a ploy by attackers to get you to download malware.
And last, but not least…enjoy the tournament!
To provide some perspective on what kinds of cons are circulating around, Symantec recently identified a new scam in which e-mails purporting to be from the promotions manager of the South Africa World Cup Lottery 2010 are making the rounds. Recipients are informed in an attachment that their e-mail address has been randomly selected by a specially designed computer program and that they have won US$2.5 million. Of course, none of it is real.
Our survey should only take one to two minutes to complete and is completely anonymous. So, if you’re up for it, please take just a couple minutes to answer our questions and help us understand a little more about how you’re planning on using the Internet to follow the World Cup and what kinds of nefarious activities you’ve encountered. By the way, stay tuned to this space as we’ll be reporting on the anonymous survey results as soon as everything is wrapped up.
This is also a good opportunity to reflect upon a few related online security best practices:
Don’t open unsolicited e-mails or social media messages purporting to contain special offers or extraordinary deals related to the World Cup, and especially don’t click on any links in such messages.
If an online offer appears to be too good to be true, it probably is. Scammers often try to make their bogus offers sound so great that they would be nearly impossible to pass up…if they were real that is.
Be careful about what “official” social networking accounts you follow, such as those that appear to be created by World Cup teams or players. Often, cybercriminals will create accounts posing to be someone they’re not.
When searching for online video of the World Cup, avoid sites you’ve never heard of before and if you’re told you must update your media player before viewing a video, be very cautious as this might be a ploy by attackers to get you to download malware.
And last, but not least…enjoy the tournament!
ADVERNTAGES OF ENTERPRISE RESOURCE PLANNING
INFORMATION SYSTEMS have played an increasingly visible role for several years in improving the competitiveness of business. More than just tools for handling repetitive tasks, these are used to guide and advance all of a company’s daily activities. Today, integrated management software is very often the key source of significant competitive advantage.
The standard response to the need for responsiveness, reliability, and rapidly increasing expectations is to create an organisation based on departments with a clear linear structure, but integrated around your operating processes. To promote efficiency amongst your salespeople, accountants, logistics staff and everyone else you should have a common understanding of your problems.
For this you need a common language for shared references, policies and communication. An ERP (Enterprise Resource Planning) system makes the ideal platform for this common reference point.
Risks and integration costs are important counterweights to all the advantages you gain from such systems. That’s why, today, few small- and medium-sized companies use ERP. In addition, the larger ERP vendors such as SAP, Microsoft and Oracle haven’t been able to reconcile the power and comprehensive cover of an ERP system with the simplicity and flexibility wanted by the users. But this is exactly what small and medium enterprises are looking for.
OPEN ERP
The development processes of open source software, and the new business models adopted by its developers, provide a new way of resolving such problems of cost and quality for this kind of enterprise software.
To make an ERP system fully available to small and medium enterprises, cost reduction is the first priority. Open source software makes it possible to greatly reduce development costs by aggressive reuse of open source software libraries; to eliminate intermediaries (the distributors), with all of their expensive sales overhead; to cut out selling costs by free publication of the software; and to considerably reduce the marketing overhead.
Since there is open interaction among thousands of contributors and partners working on the same project, the quality of the resulting software benefits greatly from the scrutiny. And you can’t be everything at once: Accountant, software developer, salesperson, ISO 9001 quality professional, specialist in agricultural products, expert in the customs and habits of pharmaceutical vendors, just as a start.
The results are quite impressive. Tiny ERP, now OpenERP, is a management software that is downloaded more than any other in the world, with more than 600 downloads per day. It’s available today in 18 languages and has a world network of partners and contributors. More than 800 developers participate in the projects on the collaborative development system of Tiny Forge.
To our knowledge, Tiny ERP is the only management system, which is routinely used not only by big companies but also by very small companies and independent companies. This diversity is an illustration of the software’s flexibility: A rather elegant coordination between people’s functional expectations from the software and great simplicity in its use.
And this diversity is also found in the various sectors and trades, which use the software, including agricultural products, textiles, public auctions, IT, and trade associations.
Lastly, such software has arisen from the blend of high code quality, well-judged architecture and use of free technologies. In fact, you may be surprised (if you’re an IT person) to find that the size of Tiny ERP is less than four MB when you’ve installed the software. We’ve moved a long way from the days when the only people who could be expected to benefit from ERP were the owners of a widget factory on some remote industrial estate.
OPEN OBJECT
OpenObject allows you to develop, design or customise business applications within a few minutes. It can be used as a complete application framework for developers or a rapid application development tool for end-users. Each application or business module made with OpenObject is completely different from another and all those modules can be connected together to perform a powerful and complete application.
The standard response to the need for responsiveness, reliability, and rapidly increasing expectations is to create an organisation based on departments with a clear linear structure, but integrated around your operating processes. To promote efficiency amongst your salespeople, accountants, logistics staff and everyone else you should have a common understanding of your problems.
For this you need a common language for shared references, policies and communication. An ERP (Enterprise Resource Planning) system makes the ideal platform for this common reference point.
Risks and integration costs are important counterweights to all the advantages you gain from such systems. That’s why, today, few small- and medium-sized companies use ERP. In addition, the larger ERP vendors such as SAP, Microsoft and Oracle haven’t been able to reconcile the power and comprehensive cover of an ERP system with the simplicity and flexibility wanted by the users. But this is exactly what small and medium enterprises are looking for.
OPEN ERP
The development processes of open source software, and the new business models adopted by its developers, provide a new way of resolving such problems of cost and quality for this kind of enterprise software.
To make an ERP system fully available to small and medium enterprises, cost reduction is the first priority. Open source software makes it possible to greatly reduce development costs by aggressive reuse of open source software libraries; to eliminate intermediaries (the distributors), with all of their expensive sales overhead; to cut out selling costs by free publication of the software; and to considerably reduce the marketing overhead.
Since there is open interaction among thousands of contributors and partners working on the same project, the quality of the resulting software benefits greatly from the scrutiny. And you can’t be everything at once: Accountant, software developer, salesperson, ISO 9001 quality professional, specialist in agricultural products, expert in the customs and habits of pharmaceutical vendors, just as a start.
The results are quite impressive. Tiny ERP, now OpenERP, is a management software that is downloaded more than any other in the world, with more than 600 downloads per day. It’s available today in 18 languages and has a world network of partners and contributors. More than 800 developers participate in the projects on the collaborative development system of Tiny Forge.
To our knowledge, Tiny ERP is the only management system, which is routinely used not only by big companies but also by very small companies and independent companies. This diversity is an illustration of the software’s flexibility: A rather elegant coordination between people’s functional expectations from the software and great simplicity in its use.
And this diversity is also found in the various sectors and trades, which use the software, including agricultural products, textiles, public auctions, IT, and trade associations.
Lastly, such software has arisen from the blend of high code quality, well-judged architecture and use of free technologies. In fact, you may be surprised (if you’re an IT person) to find that the size of Tiny ERP is less than four MB when you’ve installed the software. We’ve moved a long way from the days when the only people who could be expected to benefit from ERP were the owners of a widget factory on some remote industrial estate.
OPEN OBJECT
OpenObject allows you to develop, design or customise business applications within a few minutes. It can be used as a complete application framework for developers or a rapid application development tool for end-users. Each application or business module made with OpenObject is completely different from another and all those modules can be connected together to perform a powerful and complete application.
Subscribe to:
Posts (Atom)