Join us each month on https://www.brighttalk.com/channel/6331 for the Symantec Website security threat update webinar a short 25 mins of web threats and security update news.
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Symantec Website Security Threats: March 2014 update.
1. Andrew Horbury
Product Marketing Manager
andy_horbury@symantec.com
Andrew Shepherd
EMEA Marketing Manager
andrew_shepherd@symantec.com
WEBSITE SECURITY THREATS:
MARCH 2014 UPDATE
Thursday 13th March 2014
Website Security Threats: March 2014 Update
2. Agenda
Website Security Threats: March 2014 Update
1
2
3
4
5
6
Month in Numbers
Tech Support Scam
A Bad Risk
Vulnerable States
Grayware/Greyware
Stranger than Fiction
7 Good news
3. The month in numbers
• 360 million stolen credentials found on black market
• "Pony" botnet steals US$200k worth of virtual
currencies
• 60,000 security alerts were set off by Neiman
Marcus attackers
• 5 new malware families and 272 new variants
targeting Android devices each month
• The overall rate of encountering mobile malware in
Russia is 63 percent
• Over 300k user credentials leaked on Pastebin
• With over 800 million records lost 2013 was a big
big year for data breaches
Website Security Threats: March 2014 Update
4. The month in numbers cont.
• 400Gbps DoS attack hits the net, largest the world has seen...so
far
• Hackers steal 12 million customer records from South Korean
telco
• 1 in 30 have been hit by CryptoLocker and 40% pay the ransom
• 4 out of 5 pressured to roll out IT projects despite security
worries
Website Security Threats: March 2014 Update
5. Tech Support Scam
• Fake Netflix accounts “frozen”
• New tactic featuring real-time
response when you call
• Stealing data, installing
malware and charging for
non-required health check
and bogus AV
• Not a new tactic but a ‘classic’
that has morphed into a new
and effective one
• http://vimeo.com/88296385
Website Security Threats: March 2014 Update
6. Energy companies refused insurance due to doubts
over cybersecurity
• Power companies are being
refused insurance for cyber-
attack cover
• Underwriters at Lloyd's of London
have seen a ‘huge increase’ in
demand for cover from energy
firms
• Insurers have been hit hard by
data breach clean up costs from
the growth in cybercrime attacks.
Website Security Threats: March 2014 Update
7. Vulnerable States
• Parliament.uk website
vulnerabilities highlighted
– XSS vulnerability
• 5000 NHS sites had over 2000
security bugs
– Older WordPress version
– Older web server OS
– Vulnerable to XSS
• Abandoned sites are a major
issue
• shkspr.mobi/blog/
Website Security Threats: March 2014 Update
8. Mobile Grayware/Greyware…..
• Apps from unofficial marketplaces can be risky….
• Grayware is not new but is taking advantage of the growth of
mobile smartphones and our hunger for apps.
• Malware as a Service: A new RAT toolkit is available for Android
• Malicious apps such a ‘fake’ Flappy Bird is a prime example and
is being used to send premium SMS messages from
unsuspecting users phones
Website Security Threats: March 2014 Update
9. Stranger than fiction
• Northern Ireland Department of
Justice fined £185,000 for selling filing
cabinet
– ….what was in it?
• Dehli police ignored more than 600
complaints passed onto them from
anticorruption agency over 8 years
– …why?
• Ransonware with a conscience?
• Pay up in 30 days or your money back (or maybe
not)
Website Security Threats: March 2014 Update
10. Good News
• US woman wins $500K in
revenge-porn suit against ex-
boyfriend
• Six out of ten US firms boost
security spending after
Target breach
• @N Twitter handle returned
to rightful owner
• Man found guilty of
tampering with three
women's computers so he
could spy on them through
their webcams.
Website Security Threats: March 2014 Update
11. Link Glossary
• Netflix Tech support scam
– http://bit.ly/1erYBHb
– The Future of Mobile Malware
– http://bit.ly/1kinSs4
• 4 out of 5 pros pressured to roll out
IT projects
– http://bit.ly/1g901pJ
• Security in the energy sector
– http://bit.ly/PtcWhd
• Parliament/NHS Vulnerabilities
– shkspr.mobi/blog/ or
http://bit.ly/1i63NEH
• Norton Spot
– http://bit.ly/1cT9x00
• Grayware/Greyware
– http://bit.ly/1iAFUbF
• Android RATS
– http://bit.ly/1lWcu8i
• @N Twitter handle stolen
– http://bit.ly/1cxJtwz
• Download this months slides
– http://slidesha.re/1lWdEAC
Website Security Threats: March 2014 Update