Tag Archives: cybercrime

How serious is Internet related crime in South Africa?

Posted on November 5, 2012 | 1 Comment

On Thursday, the 30th September 2012, Police Minister Nathi Mthethwa announced the South African Police Services (SAPS) Crime Statistics for the period between 31st March 2011 and 1st  April 2012. When one listens and reads through the debates on this releases, this quote  from unknown author –  “Facts are stubborn things, but statistics are more pliable.” –  brings solace to their pliability but still reminds us that cybercrime statistics are still not part of this release. This is a fact that will remain like a growing stubborn stain on a white cloth as we continue to see a wave of technological SAPS Crime Stats 2011-2penetration in a form of devices and services (cloud) into our homes, workplaces, schools, churches, stadiums, shebeens, etc.. The defence goes on about how difficult it is to do cybercrime statistics based on the intricacies involved. Surely, if you can’t define it – you can’t measure it.  Will measuring cybercrime in Mzantsi provide us with the basis of understanding improvements in the lives of the poor and ensuring that All People in South Africa Are and Feel Safe? Crime prevention and safety is a high priority of the SA government, and Statistics SA has begun with the Victims of Crime Survey (VOCS) 2012 to produce a VOCS series annually. Consumer fraud (26.3%) was the least likely crime to be reported, followed by robbery (excluding home robbery and carjacking) (33.1%), theft of personal property (34.4%) and assault (49.4%) in 2011. “Cybercrime” related fraud was experience due to Identity theft (10.9%) and Internet banking (3.5%).

In the quest to fill the gap left in these reportsCraig Rosewarne, MD of Wolfpack Information Risk, presented the findings of the The 2012/3 South African Cyber Threat Barometer report on Friday, the 28th September 2012. The event was hosted at Microsoft SA together with SecureData. The program was lined up with exciting speakers which included Susan Potgieter (General Manager: Commercial Crime Office – South African Banking Risk Information Centre (SABRIC)) and she talked with us about “South African banking industry’s response to the cyber threat”. This talk was preceded by Palesa Legoze (Department of Communication’s Chief Director of Cybersecurity) who shared with us how the department is addressing outcome three (3) on Safety and Security: “All People in South Africa Are and Feel Safe”.

SA Cyberthreat barometer 2012-3The 2012/3 South African Cyber Threat Barometer report is a strategic public–private partnership (PPP) research project to support initiatives that wish to address the growing cyber threat facing our nation. The official sponsors of this research-The British High Commission through Tim Moody (Second Secretary, Science & Innovation) shared with us the “UK’s response to the cyber threat”. The event’s keynote titled “Connectivity, Borders and Media” by Sarah Carter – CBS News Johannesburg Bureau Chief was just impressive considering the direction she took to introduce cybersecurity issues around the world from the eyes of a journalist. Sarah has covered a wide range of news events, including South Africa’s transition to democracy, the embassy bombings in Nairobi and Dar es Salaam, and the networks 9/11 coverage from the Middle East and Asia. She has interviewed newsmakers such as Nelson Mandela, Bill Clinton, Mobutu Sese Seko and Fidel Castro

One of the videos she shared was the “Amazing mind reader” below:

Dave is an extremely gifted clairvoyant who finds out specific financial information. This video reveals the magic behind the magic, making people aware of the fact that their entire life can be found online. And by doing so urging everybody to be vigilant.

The message in this video was very clear about protection of privacy and how we easily lose it through social media. Craig took us through “Take This Lollipop” – an interactive short video that turns Facebook fears into two minutes of horror. Visitors to the site are first presented with an image of a lollipop with a razor blade in it — don’t take candy from strangers, kids — and asked to grant access to their Facebook account. “Our privacy was dead a while back and will never be the same,” said the creator – Jason Zada. “Life as a whole has changed. If you look at the video, the scariest part is that your information is in the video. The piece is scary because a person is violating your privacy, not because it’s bloody or there’s anything jumping out.”

Financial Institutions Attacks

The 2012 SA Cyber Threat Barometer is a strategic public–private partnership (PPP) research project conducted by the Wolfpack Information Risk research team with the intention to provide ongoing strategic insight and opinion in support of Cabinet’s recently approved National Cyber Security Policy Framework for South Africa. In summary, this policy framework outlines policy positions that are intended to:

a) address national security threats in terms of cyberspace
b) combat cyber warfare, cybercrime and other cyber ills
c) develop, review and update existing substantive and procedural laws to ensure alignment;
d) build confidence and trust in the secure use of Information and Communication Technologies (ICTs)
e) establishing trusted forums for information sharing;
f) developing a cyber security curriculum;
g) raising cyber security awareness; and
h) encouraging the ICT security industry to increase research and development

  The key issues identified by the research are:

  • Denial of service (DoS), economic fraud and the theft of confidential information were cited as the main concerns for SA.
  • The top cyber services targeted are internet banking, e-commerce sites and social media sites.
  • Criminals are typically mainly after logon credentials, bank or credit card information and personally identifiable information (PII).
  • The most common attack methods are still phishing, the abuse of system privileges and malicious code infections
  • The internal monitoring of suspicious transactions and the general use of internal and 3rd party fraud detection mechanisms are still the most effective means of detecting cybercrime.
  • The common top cyber vulnerabilities are:
    • Inadequate maintenance, monitoring & analysis of security audit logs
    • Weak application software security
    • Poor control of admin privileges
    • Inadequate account monitoring & control
    • Inadequate hardware/software configurations

The Wolfpack research  pointed out that, of the R2.65 billion lost, about 75% was recovered. “Based on the government’s average recovery rate of 75% and similar case study recoveries, the estimated loss figure would be approximately R662.5 million,” noted Rosewarne.

image

The figure above shows that Internet banking clearly stands out as the most targeted cyber services in SA followed by e-commerce web sites. That includes enterprise web portals (Internet facing corporate websites) which are being targeted as more organizations and systems are dependent on the Internet. Bank customers, according to SABRIC, reported phishing related losses of R92.4 million in approximately 10 000 incidents reported industry wide. A conservative loss estimate based on other known incidents, makes up the balance. With no other reliable industry stats this is considered to be the minimum loss for this sector. See other statistics in the blog:  Microsoft Security Intelligence Report v13–South Africa’s Perspective

imageFair enough, let us give credit to the work done by the SAPS towards the release of the Crime Statistics Overview RSA 2011/2012 so far and as W.A. Wallis defined statistics  as “a body of methods for making wise decisions in the face of uncertainty.”, we also need to make wise decisions to address the negative impact Internet related crimes is having on our country’s economy. I’m talking about Cybercrime, CyberEspionage, and Hacktivism towards our government, financial institutions, online services, political organizations, law enforcement (LE), e-Commerce, etc. Let’s just focus on cybercrime for now and look at the work reported to see whether we will be able to identify the gaps. The figure above shows that bank robbery in RSA decreased by 65.7% over a period of three (3) years – an average decrease of 21.9% per annum.

South African Special Task Force participate in a sting operation in a Johannesburg bank

The video above is showing a sting operation in a Johannesburg bank. Clearly the Law Enforcement (LE) increased the pressure on the criminals through this operations hence a possibility of a diversion. A decrease of 10.3% in bank robberies was recorded in 2011/12.

image

Starting in the early 90s with South Africa’s most famous heist mastermind, Collin Chauke, Robbery Cash in Transit developed into extremely violent and bloody crimes. Cash-in-transit gangs turned their crimes into high-tech operations with groups purchasing high-powered weapons from foreign arms dealers and using hijacked or stolen vehicles to ram cash vans off the road. Operation Greed, operated by the Serious and Violent Crimes Unit, was established to combat cash-in-transit heist and bank robberies with detectives working closely with the banking council and SABRIC. This has resulted with the decrease by 52.8% over a period on three (3) years – an average decrease of 17.6% per annum.

The Special Task Force foils a heist. The video shows the shootout and the nature of the video footage is not suitable for minors.

A decrease of 17.5% in robbery cash-in-transit was hence realised due to the operations of the SA Special Task Forces as per the heist video above. The headlines reads “SA bank working on bombproof ATMs” as this type of attacks are still persistent. The latest ATM Bombing was reported on the 3rd Nov 2012 and LE are searching for a group of men that allegedly bombed two ATMs at Merrivale Spar –KwaZulu-Natal during the early hours of the morning. The ATM bombings incidents from SABRIC shows a pendulum motion type of fluctuation over years.  

image

It was reported during the Justice, Crime Prevention and Security (JCPS) cluster media briefing on the 25th June 2012 that a total of 155 cybercrime matters were finalised during the past financial year, FY11. They noted that the majority of cases appear to involve unlawful electronic fund transfers/fraud, etc. where the password of the complainant was obtained or cloned cards being used. The conviction rate on average stands at 89%. This gives hope to the fact that “cybercrime” had being measured in FY11 and hence I trust it will be included soon in the national crime statistics.  Below are two videos that shows how robbers bombed an ATM and at the end of the blog the video show how they cracked an ATM in less that a minute.

Citizens’ Attacks

The Victims of Crime Survey (VOCS) released by Statistics SA, showed that South Africans are feeling less safe in their homes despite reported decreases in house burglaries. Objectives of VOCS are to determine:

  • The nature, extent and patterns of crime in South Africa, from the victim’s perspective
  • Victim risk and victim proneness, so as to inform the development of crime prevention and public education programmes
  • People’s perceptions of services provided by the police and the courts as components of the criminal justice system

The figure below shows the percentage distribution on how consumer fraud took place in 2011. More than a quarter (27.4%) of the selected individuals indicated that the fraud they experienced had to do with sales persons, followed by shop related fraud (24.5%) and identity theft (10.9%). The least prevalent types of fraud had to do with insurance (2.6%) and mail-orders (0.8%).

image

Denial of service (DoS) attacks, economic fraud and theft of confidential information were cited as main concerns for SA and top cyber services targeted are Internet banking, e-commerce sites and social media sites as per the South African Cyber Threat Barometer 2012/13 report. “Criminals are typically mainly after log-in details, bank or credit card information, and personally identifiable information,” Rosewarne explained.

In Conclusion

While it is good to see that bank robbery and cash-in-transit has being going down due to the pressure from a collaboration of the law enforcement and financial sector, it’s evident from the Statistics SA data and the South African Cyber Threat Barometer 2012/13 report that the criminals are now focusing on the weaker link – the citizens. The year 2009 also saw an emergence of high-tech heist across the world targeting banks (see High-Tech Heist – 2,100 ATMs Worldwide Hit at Once) and we recently had our own in SA (see Can the financial sector bank on Cybersecurity?).

Output 8 of the Justice, Crime Prevention and Security talks to Cyber Crime being Combated.  Cyber-security remains key priorities for JCPS as they have detrimental effect on the economy and most vulnerable people of the country. A clear view of the cybercrime statistics will help us in understanding this emerging crime in SA and enable us to plan for its reduction. Awareness, training and proper management of security controls would therefore reduce the financial impact firstly at a Corporate level, Government and ultimately then for the national economy.

The developments around the establishment of the National CSIRT by Department of Communication in partnership with members of the JCPS are very encouraging. Collaboration with private sector establishment like SABRIC, The Internet Service Providers’ Association (ISPA), Telco’s (e.g. Telkom),The Information Technology Association (ITA), etc. will help in ensuring that we have a coordinated security incidents picture for South Africa. Awareness and skill development across the board is key and it’s good to see some tertiary institution already contributing to this course. Hopefully we should be able to “define this problem so that we can measure it” and enhance the Law Enforcement capabilities to curb this scourge. We need the 1011 data as one of the sources of cybercrime information and report like “ Police to investigate poor 10111 report” should be dealt with accordingly soon.

imageWe need to learn from international lessons quickly on taking down of botnets and start contributing effectively. A recent Microsoft’s study [PDF] behind Operation b70 found that PC consumers might be at risk of malware infection even with brand new computers, if the computers come pre-installed with counterfeit versions of Windows software. In order to improve the security of the Internet, governments and industry should engage in more methodical and systematic activities to improve and maintain the health of the population of devices in the computing ecosystem. These activities include detecting infected devices, notifying affected users, enabling those users to treat devices that are infected with malware, as well as taking additional actions to ensure that infected computers do not put other systems at risk. While the security benefits may be clear, it is important to achieve those benefits in a way that does not erode privacy or otherwise raise concern.

The Internet Health Model for Cybersecurity will only work if it’s accepted by society and people are assured their privacy is protected. With that in mind, the model must empower people by developing socially acceptable cyber health policies, laws, and international agreements.

To learn more about Microsoft’s proposal, download and read Collective Defense: Applying Public Health Models to the Internet (PDF), in which Microsoft proposes government and industry take action to help mitigate cyber threats today and ensure the long-term health of the Internet as it continues to grow and evolve.

→ 1 Comment

Posted in Cybercrime and Fraud

Tagged , , , , , , , , , , , , , , ,

Can the financial sector bank on Cybersecurity?

Posted on July 28, 2012 | 1 Comment

At the beginning of this year  we had an alarming incident in the financial sector involving the South Africa Post Bank (see . Postbank hacked for R42m).  This is alleged to have  happened while Postbank was closed for business (see How R42m was stolen from Postbank).  A successful arrest followed (see “Postbank hacker sent to jail”) after three months work by the justice cluster community (incl. State Security Agency & South African Police Services (SAPS)), a task team consisting of Minister’s seconded Department of Communications’ Director-General and Deputy Director-General for finance, the auditing firm KPMG and the South African Banking Risk Information Centre (SABRIC). In February 2012, the Johannesburg Magistrate’s Court has heard that banking clients were collectively robbed of R180 million in 2010 (See  “Banks clients lost R180m in fraud scam”) an increase by R120 million from 2009.

Today I had a conversation at the Banking Fraud and Security Conference, Indaba Hotel, Fourways, Johannesburg with the CIOs, Fraud experts amongst other participants. The presentation deck is here.  In this blog I’ll attempt to continually expand on the sub-topics as follows:

  • Threat landscape in the financial sector
  • Our IT environment infrastructure and protection
  • Technology trends
  • Government agenda and local relevance (regulation and
    policy)

I didn’t receive many questions this time around and the ones I got was about Windows 8 availability, Microsoft Security Essentials and Software Piracy. The answers seems quite easy although very critical if one considers the new security features in Windows 8 “Protecting you from malware”, the free offering for consumers in the latest version of Microsoft Security Essentials which is also available for small businesses with up to 10 PCs and finally – your software must be authentic. Avoid pirated software  – see “More pirated software leads to more malware infections, poorer countries at more risk” . Here is a video that talks to “Security Risks Associated with Unsecure Supply Chains

An animation demonstrating the security risks associated with unsecure supply chains by DCUMicrosoft

Threat landscape in the financial sector

The first systematic study of the cost of cybercrime “Measuring the Cost of Cybercrime” recommends that society should spend less on antivirus software and more on policing the internet. I commented in the article ““Good guys winning the crucial battle on cybercrime” – Microsoft” earlier that the battle with cyber-criminals is an ongoing one as the IT penetration and dependencies increase, “but if anything, the good guys are starting to win the crucial battles”. The South African Banking Risk Information Center (SABRIC), a wholly owned subsidiary of the Banking Association of South Africa, is responsible for fighting against banking crime. They have being continually tackling the banking crime since their formation, see “SABRIC – Phishing Scams Rising in South Africa” and last year, on the 16th of  March 2011, the BANKING INDUSTRY AGREED ON MILESTONE ID FRAUD PREVENTION PROJECT WITH HOME AFFAIRS -  a positive step towards the prevention of identity crime.  The South African Banking Risk Information Centre’s Commercial Crime Office estimates that R50 million is lost to phishing in SA each year. The Financial Services Information Sharing and Analysis Center (FS-ISAC), in collaboration with the American Bankers Association (ABA), surveyed large financial institutions to collect data on fraud attempts. The responding banks reported a combined 314 break-in attempts in 2011, up from 239 in 2010 and 87 in 2009. Roughly one third of these attempts were successful in fraudulently transferring money out of hacked customer accounts.  Flash note: EU cyber security agency ENISA; “High Roller” online bank robberies reveal security gaps

Cyber Threat Level for the Financial Sector 

The present (July/August 2012) issues of concern include an out-of-band Oracle Security Alert for CVE-2012-3132, the monthly Microsoft Security Bulletins, security updates for Adobe products (Reader, Acrobat, Flash, and Shockwave). Everyone should prioritize deployment of patches against Microsoft MS12-060 and Adobe APSB12-18 which are actively being exploited in the wild. Members should maintain a heightened level of awareness, apply all appropriate updates and update AV and IDS/IPS signatures, and ensure constant diligence in monitoring and quick response to any malicious events.

Scams and banking

The figure below shows the relative prevalence of the spam types that were detected in 2H11. These are inbound messages blocked by Forefront Online Protection for Exchange  FOPE filters in 2H11, by category.

image

Advertisements for pharmaceutical products accounted for almost half of the spam blocked by FOPE content filters in 2H11. The largest total category of spam by a wide margin involved nonsexual pharmaceutical products at 46.5% of the total, an increase from 28.0% in 1H11. Sexually related pharmaceutical advertisements accounted for 3.2% of the total, a decrease from 3.8% in 1H11. Financial accounted for 4.8% in 1H11. Advertisements for non-pharmaceutical products accounted for an additional 13.2% of messages blocked, a decrease from 17.2% in 1H11.

Spam messages associated with advance-fee fraud (so-called “419 scams”) accounted for 10.7% of messages blocked, a decrease from 13.2% in 1H11. An advance-fee fraud is a common confidence trick in which the sender of a message purports to have a claim on a large sum of money, but is unable to access it directly for some reason, typically involving bureaucratic red tape or political corruption. The sender asks the prospective victim for a temporary loan to be used for bribing officials or for paying fees to get the full sum released. In exchange, the sender promises the target a share of the fortune amounting to a much larger sum than the original loan, but does not deliver.

Phishing and banking

Phishing: A method of credential theft that tricks Internet users into revealing personal or financial information online. Phishers use phony websites or deceptive email messages that mimic trusted businesses and brands to steal personally identifiable information (PII), such as user names, passwords, credit card numbers, and identification numbers.
Phishing impression: A single instance of a user attempting to visit a known phishing page with Internet Explorer 7, 8, or 9, and being blocked by the Phishing Filter or SmartScreen Filter. Also see malware impression.

Phishing sites that targeted financial institutions accounted for an average of 70.4% of active phishing sites tracked from August to December 2011, although they accounted for just 34.8% of impressions. Financial institutions are relatively inefficient targets for phishers, because the number of possible institutions to target can number in the hundreds or more even within a relatively small population of Internet users. Nevertheless, the potential for direct illicit access to victims’ bank accounts make financial institutions a tempting target for many criminals, and they continue to receive the largest or second-largest number of impressions each month.

  • Win32/Bancos. A data-stealing trojan that captures online banking credentials and relays them to the attacker. Most variants target customers of Brazilian banks.
  • Win32/Banker. A family of data-stealing Trojans that captures banking credentials such as account numbers and passwords from computer users and relays them to the attacker. Most variants target customers of Brazilian banks; some variants target customers of other banks.
  • Win32/Banload. A family of trojans that download other malware. Banload usually downloads Win32/Banker, which steals banking credentials and other sensitive data and sends it back to a remote attacker.

Botnets and banking

image

Botnets are networks of infected computers that can be remotely controlled by an individual or organization, used to conduct a variety of attacks like: Spam, Distributed Denial of Service (DDOS), Click fraud, and more malware distribution (see the figure above). In the most complex effort to disrupt botnets to date, Microsoft’s Digital Crimes Unit – in collaboration with Financial Services – Information Sharing and Analysis Center (FS-ISAC) and NACHA – The Electronic Payments Association, as well as Kyrus Tech Inc. – has executed a coordinated global action against some of the worst known cybercrime operations fueling online fraud and identity theft today. See Microsoft and Financial Services Industry Leaders Target Cybercriminal Operations from Zeus Botnets for more details.

Cybercriminals have built hundreds of botnets using variants of Zeus malware. For this action – codenamed Operation b71 – we focused on botnets using Zeus, SpyEye and Ice-IX variants of the Zeus family of malware, known to cause the most public harm and which experts believe are responsible for nearly half a billion dollars in damages. Due to the unique complexity of these particular targets, unlike our prior botnet takedown operations, the goal here was not the permanent shutdown of all impacted targets. Rather, our goal was a strategic disruption of operations to mitigate the threat in order to cause long-term damage to the cybercriminal organization that relies on these botnets for illicit gain. 

As alleged in the complaint, Zeus malware uses a tactic called keylogging, which records a person’s every computer keystroke to monitor online activity and gain access to usernames and passwords in order to steal victims’ identities, withdraw money from their bank accounts and make online purchases.  Microsoft researchers found that once a computer is infected with Zeus, the malware automatically starts keylogging when a person types in the name of a financial or e-commerce institution, allowing criminals to gain access to people’s online accounts from that point forward. Zeus is especially dangerous because it is sold in the criminal underground as a crimeware kit, which allows criminals to set up new command and control servers and create their own individual Zeus botnets.

Our IT environment (infrastructure and protection)

image

With an estimated population figure of 49.32 million  and 4.6 million South African internet users measured in 2008, this translates to a relatively 9.3% internet penetration. Online banking has become a de facto standard for South African banks, and all the major banks have some type of online banking service. The business drivers of online banking included additional transaction revenues, savings from reduced transactional costs, opportunities to acquire new customers and the improved ability to retain customers. The estimated cost savings are significant, with a simple traditional bank transaction estimated to be 11 times more expensive than an online banking transaction.

Markets

image

South Africa is ranked 52nd this year, remaining the highest-ranked country in sub-Saharan Africa and the third-placed among the BRICS economies. Particularly impressive is the country’s financial market development (3rd), with number one ranking for both regulation of securities exchanges (1st) and legal rights index (1 out of the  best 10); 2nd ranking in availability of financial services and soundness of banks, and 3rd ranking in financing through local equity market.This indicates high confidence in South Africa’s financial markets at a time when trust is returning only slowly in many other parts of the world. This clearly make South Africa an attractive place for investment and hackers alike.

The country benefits from the large size of its economy, particularly by regional standards (it ranks 25th in the market size pillar). It also does well on measures of the quality of its institutions and on factor allocation, such as intellectual property protection (20th), property rights (26th), the accountability of its private institutions (2nd), and its goods market efficiency (32rd). South Africa also does reasonably well in more complex areas such as business sophistication (38th) and innovation (42nd), benefitting from good scientific research institutions (34th) and strong collaboration between universities and the business sector in innovation (30th).

Technology trends

The Information Security Forum (ISF), the leading, global authority on information security and information risk management published their research report “Threat Horizon 2013″. These imagereport mentioned five key trends that will impact our business. In the near future, the range and complexity of security threats is set to rise significantly, organisations that fail to prepare now are likely to be faced with a set of future challenges that will be complex to manage.The report used a PLEST (Political, Legal and Regulatory, Economic, Socio-Cultural and Technology) framework to consider the world of the future and how this may give rise to information security threats.

The five key trends ISF identifies along with the challenges for organisations are:

  1. Cyber (in-)security: Governments will soon take a more proactive role in cyberspace. While many of the initiatives will be beneficial, organisations need to take account of legislation and regulation that mandates procedures and behaviours in cyberspace, much of which may be disjointed along with an increase in cyber-defence activities. Organisations should plan ahead and prepare for the upcoming this kind of threat.
  2. An open knowledge society: Now, participation and innovation thrive, but organisations are left struggling to strike a balance between “transparency” and “confidentiality”. Organisations should be careful when promoting transparency without losing valuable information to the public domain.
  3. The Internet: a flat Earth? A host of new entrants, many from the developing world, will potentially increase instability. The business models adapt to new mass markets. Organisations should prepare to deal with those who exploit this as a cybercrime opportunity.
  4. The smart enterprise: The need to boost efficiency and optimise the use of assets will continue driving organisations to greater use of cloud computing, including both “public cloud”, “private cloud” and “hybrid cloud”. Organisations should make best use of these without increasing complexity and costs.
  5. Consumerisation: The rise of very capable consumer devices, such as smart phones and tablets, has added further momentum to the need to manage the use of such a “consumer technology” at work. Adopting a stance that completely prohibits such an approach is unlikely to be successful. Organisations should manage the risks and still lock in the benefits.

Government agenda and local relevance (regulation and policy)

The National TFIC Scamreasury which is responsible for managing South Africa’s national government finances and Financial Intelligence Centre (FIC) has recently release a warning to the public “Media Alert: Minister of Finance’s warning on letters or emails purporting to be from his office” on the 419 scams purporting to be from the Minister of Finance – Pravin Gordhan and other senior public officials, and use what looks like the logos of the FIC and other state institutions.

Laws and regulations governing core banking within banks

  • · The Banks Act
  • · National Credit Act (NCA)
  • · Basel Capital Accord: Basel II & III
  • · Banks Amendment Bill, 2010

 

In Conclusion

Bankers have to improve defenses against account takeovers through customer education, more use of multi-factor authentication, shutting down customers’ online access to a commercial system once anomalous behavior is detected, and to employ complex device identification.

We all have to work towards protecting consumers of financial services using the internet and devices as access mechanism:

Six rules for safer financial transactions online

    Whether you go online to check your bank balance, pay a bill, give money, shop, or sell something, these six rules can help you keep the risks to a minimum.

    • Defend your computer against Internet threats

      Help protect your online transactions by using firewall, antivirus, and antispyware software. Encrypt your wireless connection at home. Keep all software (including your web browser) current with automatic updates. For more information, see How to boost your malware defense and protect your PC.

    • Create strong passwords

      Strong passwords are easy for you to remember but difficult for others to guess. They are at least 14 characters long (the longer the password, the better) and include numbers, symbols, and upper and lower case letters. For more information, see Learn how to create strong passwords. If you already have a password in mind, check your password strength.)

      • Keep passwords and PINs (personal identification numbers) secret. Do not share them in email, instant messages, or over the phone.

      • Use unique passwords for bank accounts and other important financial information. Avoid using the same password everywhere. If someone steals that password, all the information that the password protects is at risk.

    • Find the web address yourself

      Links in email messages, text messages, instant messages, or pop-up ads can take you to websites that look legitimate but are not. To visit websites, type the address yourself or use your own bookmark or favorite.

    • Look for signs that your information is safe

      Before you enter sensitive data on a web page, ensure that:

      • The site uses encryption, a security measure that helps protect your data as it traverses the Internet. Signs of encryption include a web address with https (“s” stands for secure) and a closed padlock beside it. (The lock might also be in the lower right corner of the window.)

        Image of green address bar in Internet Explorer

      • You are at the correct website—for example, at your bank’s site, not a fake one. If you are using Internet Explorer, one sign of trustworthiness is a green address bar like the one above.

    • Save financial transactions for your home computer

      Never pay bills, bank, shop, or do other financial business on a public or shared computer or on devices such as laptops or mobile phones that are on public wireless networks. The security is unreliable.

    • Use common sense

      To protect yourself against fraud, watch out for scams. For example, be wary of deals that sound too good to be true, alerts from your “bank” that your account will be closed unless you take some immediate action, notices that you have won a lottery, or a refusal to meet in person for a local transaction.

      Typically this kind of message, whether sent by computer or phone, is designed to entice you to visit a phony website where criminals collect your financial data. (If you doubt the message’s authenticity, call the company.) Learn to spot phishing scams and defend against them.

    What to do if there are problems

    Online shopping problem? First, ask the seller to make things right. If that doesn’t work, contact the web service for help.

    Report scams, fraud, identity theft, or other abuse:

    • To the web service, South African Police Services (SAPS), and other financial institution like SABRIC.

    • To report any card fraud or ATM related crime

      • ABSA -  0800 111 155
      • CAPITEC BANK -  0860 102 043
      • NEDBANK -  0800 110 929
      • FNB – 0800 110 132
      • STANDARD BANK -  0800 020 600
      • TEBA BANK -  0800 005 311
      • MERCANTILE BANK -  0860 119 925
      • INVESTEC -  011 286 9663
      • AFRICAN BANK – 0861 000 555
    • For identity (ID) theft in South Africa, report suspected incidents to the Southern African Fraud Prevention Service (SAFPS) helpline: 0860 101 248 and Email: safps@safps.org.za

→ 1 Comment

Posted in Cybercrime and Fraud, Industry, Information Security, Technology

Tagged , , , , , , , , , , , , ,

The Impact and Effects of Cybercrime on the Society.

Posted on December 12, 2011 | Leave a comment

Some weeks back I had a conversations with amongst others – the legal minds, at the 2nd Annual South African Cybercrime Conference on the topic “Embed Cybercrime in an overall Cyber security Agenda”. The event discussed Cybercrime in South Africa and Africa as a region including the EU Convention on Cybercrime which celebrated its 10th year anniversary.  Here are  the topics discussed which I will allude to some in this blog:

  • Exploitation of children and trafficking in human beings (Cyberbullying)
  • Legislation and policies
  • International cooperation
  • Law enforcement – service provider cooperation in the investigation of cybercrime
  • Financial investigations
  • Training of judges and prosecutors
  • Data protection and privacy
  • Insurance Against Cyber Attacks

This conference came in the background of two reports:

The 2011 PwC Global Economic Crime Survey (GECS) addresses various forms of economic crime, but puts the spotlight on cybercrime. The South African edition of the GECS in its key findings noted that Cybercrime has emerged as a significant contributor to economic crime losses in South Africa and is now the fourth most common economic crime in South Africa and globally.

AND

Gartner’s Top Predictions for IT Organizations and Users for 2012 and Beyond predicting that through 2016, the financial impact of cybercrime will grow 10% per year, due to the continuing discovery of new vulnerabilities.

The surveys and predictions are worth to note amongst other published documents and a proper analysis and planning need to be done to try and circumvent the high probability of cybercrime and secure the society.

Cyber-bullying

Cyber-bullying is a fast growing trend that experts believe is more harmful than typical schoolyard bullying. Nearly all of us can be contacted 24/7 via the internet or our mobile phones. Victims can be reached anytime and anyplace. For many children, home is no longer a refuge from the bullies. “Children can escape threats and abuse in the classroom, only to find text messages and emails from the same tormentors when they arrive home”. Please watch as a father of a young man who committed suicide after being cyber bullied, tells his sons story and the pain he has to live with for the rest of his life.

Cyberbullying suicide story

Are these cases prevalent in South Africa? The Mail & Guardian carried an article on 21 January 2011 highlighting the dangers of cyber bullying and sexting, emphasizing that they are realities in our schools.

“In February/March 2006, three high school boys aged 15- to 17-years-old were charged with crimen iniuria after publishing an alleged defamatory image of the deputy principal of their school. One of the boys created the defamatory image electronically by attaching the heads and faces of the principal and deputy principal on to a picture of two naked men sitting next to each other in a sexually suggestive and intimate manner. The boy took the school badge from the school website and used it to obscure the men’s genitals. He then sent the image to a friend’s mobile phone, who forwarded it to other learners at the school. One of the accused printed the image and placed it on the school’s notice board.” – Le Roux and Others v Dey (Freedom of Expression Institute and Restorative Justice Centre as Amici Curiae) 2011 (3) SA 274 (CC).

“Two boys, aged 14- and 16-years-old, were arrested on 8 November 2010 for the alleged rape of a 15-year-old school girl. The alleged rape took place at the Jules High School in Jeppestown, and the boys had allegedly filmed the incident on their mobile phones.” – Jules High sex pupils in court

Investigation, Prosecution and legislation

A detailed summary of  issues relating to offences, legislation, legal aspects and jurisdiction in cyber crime cases in South Africa has being well captured by the article “Cyber Crime In South Africa”. Most of the Cybercrime provisions in the Electronic Communications and Transactions (ECT) Act, 2002 (No. 25 of 2002) are noble endeavourers; however, their enforceability is still to be tested in our South African Courts. Responses to both cyber bullying and sexting are fragmented and rely on various pieces of legislation, common law definitions of criminal offences and civil law remedies in cases. CHAPTER XIII of the  ECT Act is about cybercrime and talks to unauthorised access to, interception of or interference with data. Hacking including phishing, as it happens in South Africa (see Hackers hit SA web users) should clearly be confronted by this piece of legislation.

The study by F. Cassim “FORMULATING SPECIALISED LEGISLATION TO ADDRESS THE GROWING SPECTRE OF CYBERCRIME: A COMPARATIVE STUDY” reveals that the inability of national laws to address the challenges posed by cybercrime has led to the introduction of specialised cyber legislation. He advocated that countries should amend their procedural laws to include intangible evidence of cybercrime, as opposed to tangible evidence of traditional crimes.

Judgements on cases involving cybercrime in South Africa reported by the media are dominantly on the evidence provided through usage on digital and internet applications like email, SMS, and video captured through cell/smart phones rather than conviction of cybercrimals who used methods like phishing, smishing or botnets. In my last blog “How safe are we on social networks?” I touched on typical cases in South Africa which earned themselves titles like “MXit child porn ‘horrific’” and “ “Facebook rapist” Thabo Bester was sentenced to 50 years imprisonment on Friday for raping and robbing two women”.

Here are some media abstracts about other cases:

The witness, a sergeant who works in the Cyber Crime Unit, had downloaded the clip of the two cars believed to be Maarohanye and Tshabalala’s from the phone of an eyewitness who had taken the video” – Drama, anger at Jub Jub trial

State prosecutor Ian Cooke read a series of emails and text messages which he said proved Sheryl Cwele was part of arranging for Tessa Beetge to collect drugs.” – Cwele case not dismissed

“Pretoria High Court judge Nkola Motata has lost a round in his drunken driving battle when the high court ordered that video recordings allegedly made on the scene where Motata crashed his car could be played in court during a trial-within-a trial to test their admissibility.” – Judge Motata’s bid to block recordings fails – South Africa | IOL …

Some of the issues the victims of cybercrime have with the justice systems that doesn’t have frameworks ready to implement legislation whenever it exist are:

  • They don’t trust police and don’t have any faith that anything will be done if they do report it.
  • They don’t want to spend even more of their time filling out forms and talking to law enforcement personnel and generally dealing with the “hassle factor” involved in reporting.
  • They don’t think the crime is serious enough or significant enough or their losses large enough to warrant taking up the time of law enforcement.
  • Or simply, they just don’t know where to report due to lack of awareness.

The Security and Exchange Commission in the US issued a new guidance requiring that companies disclose “material” cyber attacks and their costs to shareholders. The guidance specifically requires companies to disclose a “description of relevant insurance coverage.” When this trend is adopted worldwide – the cost of the insurance might have to be passed to the consumers of services.  The implementation of such legislation or regulatory frameworks will also require extensive training and clear audit processes.

Why clear audit processes? We do have issues around IT professionals within the private and public sectors and those from the civil society when they have being attacked or are victims of cybercrime:

  • They don’t want to think of themselves as victims and are in denial.
  • They don’t want others to know they were victimized because they think it makes them look weak;  in the case of businesses, will cause them to lose clients because the clients won’t trust them to be able to adequately protect client data – this discussion “ The Disclosure Debate: When Should Companies Reveal Cyber Attacks?” allude to this fact; and we also have IT departments personnel in Government department that don’t want to loose their jobs.
  • They blame themselves for not having bought that firewall or anti-malware program or for clicking on that link or visiting that web site or lowering their computer’s security settings to make it easier for them to access what they wanted.

As promised – there has being some continual activities on “Battling Botnets for Control of Computers”. The Microsoft Digital Crimes Unit (a worldwide team of lawyers, investigators, technical analysts and other specialists whose mission is to make the Internet safer and more secure through strong enforcement, global partnerships, policy and technology solutions) have done some excellent work with regard to bringing down botnets in collaboration with different governments agencies. This collaboration resulted in the second botnet (Rustock ) being brought down:

Microsoft Digital Crimes Unit wiping out the notorious spambot and how the takedown will impact you

There is a lot of lessons to learn from this exercises as per this article: “Microsoft passes Rustock botnet baton to FBITake-down and command disruption reduces botnet by 74% since March”. The passing of the baton resulted in this government law enforcement agency bringing down Coreflood botnet: Botnet Operation DisabledFBI Seizes Servers to Stop Cyber Fraud.

Forensics, Protection and Prevention

Constant knowledge and training on digital forensics is key to an information security strategy. It gives assurance to the consumers/citizens that they can be protected through solid evidence proof type of investigations and be protected from future attackers including the “insider”.  Electronic evidence discovery (EED), and the use of third-party computer forensic experts has gained wide-spread use in most forms of litigation, see Forensic Lifecycle and the following articles:

You can learn how Family Safety can help you manage your children’s computer activity, including websites, games, and programs through Windows Live Family Safety 2011.  Here is a government site for Child Online Protection and a community site “Cyber bullying: When all else fails” in South Africa. Parents can do the following to protect their children from cyberbullying: (www. stopcyberbullying.org)

  • Bing your child
    Make sure that the cyberbully isn’t posting attacks online. When you get an early warning of a cyberbullying campaign, it is essential that you keep an eye on your child’s screen name, nick names, full name, address, telephone and cell numbers and Web sites.
  • Block the sender
    Someone who seems aggressive, or makes you uncomfortable and does not respond to verbal pleas or formal warnings should be blocked. This way, they will not be able to know when you are online or be able to contact you through instant messaging. Even if the communications are not particularly aggressive or threatening, if they are annoying, block the sender. (Most ISPs and instant messaging programs have a blocking feature to allow you to prevent the sender from getting through.)
  • “Warn” the sender
    If the cyberbully uses another screen name to avoid the block, otherwise manages to get through or around the block or communicates through others, “warn” them, or “notify” the ISP. (This is usually a button on the IM application.) This creates a record of the incident for later review, and if the person is warned enough, they can lose their ISP or instant messenger account. (Unfortunately, many cyberbullies use “warning wars” or “notify wars” to harass their victims, by making it appear the victim is really the cyberbully. This is a method of cyberbullying by proxy, getting the ISP to be an unwitting accomplice of the cyberbullying.)
  • Report to ISP
    Most cyberbullying and harassment incidents violate the ISP’s terms of service. These are typically called a “TOS violation” (for a “terms of service” violation, and can have serious consequences for the account holder. Many ISPs will close a cyberbully’s account (which will also close their parents’ household account in most cases.) You should report this to the sender’s ISP, not yours.

An article “Legal responses to cyber bullying” suggest the legal responses to cyber bullying and sexting. Its recommendations focuses mainly on the way in which role players in the criminal justice system (CJS) can contribute to dealing with these behaviours including amongst:

“Cyber safety, education and awareness raising
about cyber bullying and sexting
should form part of the school
curriculum. The Department of Basic
Education should ensure that schools
have clear policies on how to deal with
such incidents.”

Efforts to enable judges and prosecutors to prosecute and adjudicate cybercrime and make use of electronic evidence through training, networking and specialisation are on-going and there is a project of cybercrime for judges currently funded by contributions from the Government of Romania, Microsoft and McAfee (through the Silicon Valley Community Foundation) which complement Council of Europe funding. Here is a training document you can download:  “Cybercrime training for judges and prosecutors: a concept

Project MARS (Microsoft Active Response for Security) disrupted botnets and began to undo the damage the botnets have caused by helping victims regain control of their infected computers. We can learn from this project, adopt and improve according to our countries present level of readiness.

FBI Seizes Servers to Stop Cyber Fraud

If you believe your computer may be infected by Rustock, Coreflood or other type of malware, we encourage you to visit support.microsoft.com/botnets for free information and resources to clean your computer.

In conclusion

Sooo…, we have crime cutting across almost all forms of our normal societal lives through the technological means existing to enhance our potential for a better living. It is time that we (in particular governments) start collecting incidents (through National CERTs amongst other means) and  measuring the impact of this crime and report it regularly as part of the Crime Report/Statistics – whenever it is reported (Weekly, Monthly, Quarterly or Yearly). In terms of addressing cybercrime, the “Take Back the Tech” campaign (www.takebackthetech.net) is one excellent example of civil society taking up the initiative to educate the civil society about protecting themselves from cyber violence.

→ Leave a comment

Posted in Cybercrime and Fraud, Education, Industry, Information Security, Technology

Tagged , , , , , , , , , , , , , , , , , ,

Malware Trends in South Africa –MS SIRv11

Posted on October 31, 2011 | 7 Comments

On the 11th October 2011, volume 11 of the Microsoft Security Intelligence Report (SIRv11) was released, covering the period January to June 2011. With detailed analysis on 105 countries, it is the largest and most in-depth report on cyber-threats ever developed thus far. One of the SIRv11 Key Finding - less than 1% of all vulnerability attacks were against zero-day vulnerabilities; 99% of attempted attacks impacted vulnerabilities for which an update was available. image

Customers had a good sense of what zero-days are (situations where an exploit is released before the vendor has issued a security update), but don’t always know how to prioritize them. Zero-days are real, and we don’t want to diminish the risk they represent. But this data suggests that IT professionals can prioritize their security work on the more prevalent threats that they already know how to defend.

Malware detection

Looking at the malware detection regionally or per country and zooming specifically into South African whose report can be found here, consider the heat map below:

image

Second Quarter of 2011 (2Q2011) – April, May June 2011

As noted in Tim Rains blog “The Threat Landscape in Africa & the Internet Governance Forum”, Africa is one area where it has been difficult to obtain reliable, long-term trend data on the threat landscape for specific locations. The heat maps above, shows that insufficient data exists for many regions in Africa.  Microsoft Windows Malicious Software Removal Tool (MSRT) was downloaded and executed over 4.7 billion times in the first half of 2011 (1H11) alone. The number of systems that runs this tool changes from month to month, although there has being some consistency in some countries like South Africa, Egypt and Kenya on the African continent.

The most common category in South Africa in 2Q11 was Worms, which affected 45.4% of all infected computers, down from 46.3%  in 1Q11. The second most common category in South Africa in 2Q11 was Miscellaneous Potentially Unwanted Software, which affected 28.3% of all infected computers, up from 27.0% in 1Q11. The third most common category in South Africa in 2Q11 was Adware, which affected 23.1% of all infected computers, down from 26.5 % in 1Q11

image

South Africa generally performed below the worldwide average with the exception of exploits, adware and spyware.  The top two identified malware families driving worms were Win32/Autorun (20.3% of detected computers) and Win32/Rimecud (a.k.a. Mariposa botnet – 15.5%). Both of these threats spread using multiple techniques and have been observed spreading via mapped drives, removable media like USB drives, instant messaging and by abusing the Autorun feature in Windows.

image

Worldwide cybercriminals abuse Autorun to install malware such as malicious and potentially unwanted software.  Autorun was the 2nd most common malware propagation method cybercriminals were using to swindle money from their victims. Some of the most prevalent malware threats over the past couple of years have misused a feature in Windows commonly called Autorun to execute code and attack systems.

  • To protect users, AutoRun is more locked down now by default in Windows 7.
  • For users of Windows XP and Windows Vista we released updates in February to make the AutoRun feature more locked-down from being enabled automatically for most media.
  • By May, the number of infections related to the most prolific Autorun-abusing families found by the MSRT per scanned computer was reduced by almost 60% on XP and by 74% on Vista in comparison to the 2010 infection rates.

But it’s still a problem that persists for those that have not turned off the feature or click unknown things on their USB drives. Threats that use Autorun-feature abuse, like Win32/Autorun and Win32/Rimecud, have being addressed in this blog post: Defending Against Autorun Attacks.  

Cybercriminals are also trying to do business in South Africa using the following:

  • Phishing sites (per 1000 hosts) has increased from 0.06 in 1Q11 to 0.07 in 2Q11 – worldwide 0.38
  • Malware hosting sites (per 1000 hosts) has increased from 0.04 in 1Q11 to 0.06 in 2Q11 – worldwide 2.02
  • Percentage of sites hosting  drive-by downloads has increased from 0.056% in 3Q10 to 0.726% in the second quarter of 2011 (2Q11) way above the worldwide rate of 0.273%.
  • In 2Q11, Forefront Online Protection for Exchange (FOPE ) determined that 0.519% of all spambot IP addresses were located in South Africa; this figure is down from 0.554% in 1Q11.

Protect Your Environment

Challenges and constraints

So the obvious question is if the majority of threats can be mitigated against, why do they still exist? The reality is that although the sophistication of cybercriminals continues to be a challenge, old techniques of infecting users continue to succeed. For consumers and corporations alike, creating and maintaining a fully-threat proof system is not easy.

Consumers -For the vast majority of people, the scope of the security problem far exceeds their will and ability to keep up with it. People want to spend their time and money on using the technology for enjoyment and to help them be productive. Generally, they want to spend minimal time and money keeping pace with the latest security threats.

Businesses – On the other hand, for the vast majority of businesses, the scope of the problem has become exceedingly complex. Businesses have many competing security challenges. Regulatory compliance, application testing and compatibility, incident response and expectations around the everyday threat-du-jour. There may also be competing demands for resources, budget, or skill. That can be a hard call for many companies to make.

Despite these challenges and constraints, this data shows us that, in most cases, with a “back to basics” kind of approach customers can be more secure.

So, what can we do?

Build products and services with security in mind – from the ground up

  • Microsoft has to work harder to continue to make our products and services more secure – our unique responsibility in that regard is never far from our minds. But so too has the broader industry. And there is progress.
  • SIRv11 shows the number of vulnerabilities tracked by CVE declined ~24% when comparing the past 12 months to the year prior – a trend that has been declining since we started tracking it in 2006. Progress, but more work to be done.
  • See the following blog – “Science inside the SDL” – Microsoft SDL Progress Report (2004 – 2010).

Education and Best Practices

  • IT PROFESSIONALS – Companies need to look at educating their employees on their responsibility to security and back that up by developing and enforcing strong security policies around things like passwords.
  • CONSUMERS - Leverage best practices to protect your PC:
Install updates regularly
(February 2011 – Updates released for XP and Vista to make the Autorun feature more locked-down, as it is by default in Windows 7.)
Use strong passwords for security
Install and enable anti-malware software
Click links after verifying the source
Avoid downloading pirated software
Use caution with attachments and file transfers
Protect yourself from social engineering attacks

Improving Security. Newer Products, Better Protections

In the video below Tim Rains, Frank Simorjay and Vinny Gullotto discuss how newer products and services offer better protection.

Newer Software is Better Protection

You can better protect yourself from malicious attacks by upgrading to the latest software version available irrespective of the vendor.

Infection rate (CCM) by operating system and service pack in 2Q11

SIRv11 shows that people who use Windows 7 and IE9 are significantly less likely to be the victim of an attack. It’s a simple matter of innovation. Years ago banks put big padlocks on their safes. As robbers became more advanced so too did the locks and security measures used by banks. When it comes to keeping your data safe from cyber criminals, don’t put your faith in old technology.

For example, Windows 7 and Windows Server 2008 R2, the most recently released Windows client and server versions, respectively, have the lowest infection rates of any prior operating systems. Additionally, Office 2010 proved to be the most effective at blocking exploits when compared to all prior versions.

Security and Privacy Technologies

Internet Explorer 7

Internet Explorer 8

Internet Explorer  9

Security by default

X

X

X

SmartScreen – Phishing Filter

X

X

X

SmartScreen – Antimalware protection

 

X

X

InPrivate Browsing

 

X

X

Cross-site scripting filter

 

X

X

SmartScreen – Application Reputation

 

 

X

Tracking Protection

 

 

X

ActiveX Filtering

 

 

X

Newer products have less computers cleaned per thousand. In fact, the latest version of Windows 7 32 bit is three times less likely to get infected than Vista and 6 times less than XP. As you can see from the chart above, IE incorporates the latest security and privacy technologies. In fact, according to NSS labs, IE9 blocked 96% of socially engineered malware worldwide. More than 7 times any other browser measured. I blogged about this earlier here  – Windows Internet Explorer 9 (IE9) caught an exceptional 99.2% of live threats.

It is important to migrate to the latest products and services to keep protected from the changing threat landscape. Download the Windows 7 Security Deep Dive Report here:  Windows 7 Security Deep Dive

In conclusion, South Africa might need to look into the lessons learned from some of the least malware infected countries in the world. This information was blogged  here. Implementation of the national CSIRT as one of the recommendation by the Cybersecurity policy of South Africa will bring a lot of improvement in how we can respond to this threats. While zero-days do pose a serious risk, it’s important that organizations know that the vast majority of attacks can be mitigated by following the best security practices.

→ 7 Comments

Posted in Cybercrime and Fraud, Education, Information Security

Tagged , , , , , , , , , , , , , , ,

RICA and Cybercrime linked in South Africa

Posted on June 14, 2011 | Leave a comment

This morning, the Deputy Minister of Communication  – Obed Bapela – during the SABC News interview,  reiterated and made an appeal for users of SIM card technology to comply with Regulation of Interception of Communications Act (RICA) by registering their cards by the end of this month. SIM cards enable users to communicate and transact using mobile devices.  This technologies are unfortunately used by criminals in acts of fraud, considering the reach of cell phones in South Africa and their usage for telephony banking amongst other transactions, hence requires regulation. Approximately 7 million are still outstanding according to the Deputy Minister. This Act, which came into effect on 1 July 2009,  requires mobile operators, service providers and sellers to register the identities, physical address and cellular phone numbers of new and existing customers who purchase or have purchased SIM cards. All cell users, both prepaid and contract, will be required to show proof of identity and to present a utility bill to show proof of residence in order to be registered.

You can help make South Africa and the rest on the international community a safer place as this law was introduced to help fight illegal activities, particularly organised crime, where the criminals buy cheap pay-as-you-go SIM cards that cannot be traced. Not every Act will accommodate everyone but this is a good intervention from the point of Cybercrime prevention and we looking forward to speedy intervention from Government to facilitate Cyber-Security at large.

→ Leave a comment

Posted in Cybercrime and Fraud, Identity and Privacy, Information Security

Tagged , , , ,

Microsoft Security Update Guide

Posted on March 28, 2011 | 1 Comment

“Technological progress is like an axe in the hands of a pathological criminal.” — Albert Einstein. This can’t be further from the truth as we continually see computing threat landscape evolving parallel to the progress made with new technological innovations to enable citizens. The need to remain diligent in our efforts to combat cybercrime and those who choose to use technology for illegal purposes is ever increasing.

Reducing security threats is a key component of the Microsoft® End to End Trust vision for a safer, more trusted Internet. The Microsoft Security Update Guide should help IT Professionals to protect their IT infrastructures, and create a safer and more secure computing and Internet environment.

Microsoft Security Update Guide 01

The Guide is organized according to the following stages of the security update process:

  • Stage 1: Receive Microsoft Security Release Communications
  • Stage 2: Evaluate Risk
  • Stage 3: Evaluate Mitigation
  • Stage 4: Standard or Urgent Update Deployment Timeline
  • Stage 5: Monitor Systems, and
  • On-going Stage: Watch.

Each section outlines the purpose and objective for that stage, as well as the expected target outcomes upon that stage’s completion.

→ 1 Comment

Posted in Cybercrime and Fraud, Information Security, Technology

Tagged , , , ,