In case you didn’t already know, October is National Cyber Security Awareness Month. Since its inception in 2001 by the National Cyber Security Division, the NCSAM encourages cybersecurity vigilance, education, and awareness for U.S. citizens and businesses.
This year, the White House issued a press release on October 1st proclaiming CSAM by President Obama. The release discusses how our nation’s growing dependence on cyber and information-related technologies, coupled with an increasing threat of malicious cyber attacks and loss of privacy, has given rise to the need for greater security of our digital networks and infrastructures. Therefore, during CSAM, we must “rededicate ourselves to promoting cyber security initiatives that ensure the confidentiality of sensitive information.”
Obama also reiterated how his administration is committed to treating our digital infrastructure as a strategic national asset and protecting this infrastructure is a national security priority.
The President followed up this proclamation in his weekly web address. “The lesson is clear. This cyber threat is one of the most serious economic and national security challenges we face as a nation,” citing how millions of Americans are victimized by identity theft and cybercriminals cost U.S. companies billions of dollars.
Obama proposed a joint effort by the government and private sector to ensure cybersecurity but also reminded us of individual responsibility.
It’s no wonder the president is so gung ho about cybersecurity since his own campaign servers fell victim to hackers when he was running for office.
Other than reaffirming his stance on the importance of cybersecurity and providing some obvious simple tips, the address did not contain much in the way of specific plans of actions to enhance it. Still, it was the most the president has had to say about the topic since his 16-minute speech in May when he declared he would create a new cyber security office at the White House.
This office still has no appointed coordinator. The cyber czar would coordinate with disconnected agencies that cannot pool their resources on this issue, including the CIA, the FBI, the NSA, and the Department of Defense. Maybe NCSAM is a good excuse to finally choose that cyber czar we have been hearing about for so long.
I was chatting about shortened URLs, did some research and found out something I didn’t know was happening.
Here’s a test for you. Let’s say you are linked to eBay from a suspicious source. The page looks identical to ebay.com – all the graphics are the same and even the url in your address bar even reads www.ebаy.com. You’re pretty up to speed on phishing attempts, so what about this page should make you suspicious?
The answer? The “a” in ebay here may not be the Latin “a” you are used to seeing but a Cyrillic “a” that looks identical. However, since this is a different character, ebay.com with a Cyrillic “a” is a completely different website – one that could utilize old phishing scams.
ICANN, the body responsible for regulating the domain name system for web addresses, has moved ahead with this plan to internationalize domain names. While many countries are happy to see their native languages in their address bars, this creates an opportunity for age-old phishing scams to resurface.
This is a problem that we are now presented with now that domain names are now becoming internationalized. Regional top-level domains are including Russian, Chinese, and Arabic characters. As I’ve shown you, this creates an opportunity for phishing attacks that steal usernames and passwords of users of ebay or paypal.
In the past, phishing sites used common misspellings of legitimate sites to fool users. Now they can use the Cyrillic “a,” “B,” “m,” “e,” or the Arabic “l” to confuse even the most phishing-savvy users with identical spoofs. Of course, the scam also works in reverse – substituting Latin letters into Cyrillic addresses. New opportunities present themselves with the proliferation of international web addresses.
At least, so far, this trick has not been used in high frequency. But experts expect cybercriminals to catch on. This will lead to reputation problems for companies like paypal, ebay, yahoo, and other major websites that use look-alike letters in their domains.
About $5. That’s how much your malware infected computer, or botnet, is selling for at the moment if you live in the US – but its stock could go up or down. It’s worth $10 if you live in Australia.
Although I didn’t get enough time to put this report into my new book, Hacking Exposed: Malware and Rootkits, it is very interesting. Everyone is talking about this new report from the Finjan Malicious Code Research Center and it’s a doozy. The report reveals a highly organized and sophisticated trading platform for cybercriminals called the Golden Cash Network. The Golden Cash Network gives anyone the ability to buy or sell malware infected computers by the thousands – as well as provides an exploit toolkit with obfuscated code and an attack toolkit to distribute malware.
Say, for example, you want to advertise to thousands of users, or steal their identity for whatever insidious purposes. Golden Cash makes it easy for you. Just select the country and how many PCs you wish to control. You can even specify the geographical area, and avoidance of firewalls or AV solutions. Once you place your order, you are given access to detailed instructions on what you can do with your new botnets and how to do it. The whole ordering process is done through simple, elegant, and easy to use forms – you’d almost think you were ordering from Amazon.
But what if you’re not an expert cyber criminal? Can you still get in on the Golden Cash Network?
Absolutely, Golden Cash’s partner program makes it easy to contribute to their collection of botnets for easy cash. Golden Cash again provides detailed instructions on how to distribute the Golden Cash bot into legitimate websites by using Iframes or inline frames. These frames points to a malicious website that infects visitors with malware that is already integrated into the Golden Cash platform.
Depending on a number of factors, like geographic location, the value of botnet PCs constantly goes up or down in value. Users try to buy low and sell high. It’s just like Wall Street.
Finjan’s report concludes by describing how botnets are no longer a “one-time asset for an individual cybercriminal.” Now they have “evolved into a digital asset that cybercriminals can trade online – over and over again!”