The top source of Web attacks is Myanmar!?



When you think about which country is the world’s biggest source of Internet attacks, the usual suspects first come to mind.

The United States, perhaps, because it has the most individual IP addresses and such free-flowing Web traffic. China is always a candidate, since it has so many users and has often been accused of being behind attacks. Russia is another traditional source of attacks.

But Myanmar?

According to Akamai’s first quarter report for 2011, Myanmar was the source of 13 percent of the attack traffic during that period, ahead of the U.S. (10 percent), Taiwan (9.1 percent), Russia (7.7 percent) and China (6.4 percent).

Myanmar, aka Burma, has 55 million people, but it was under military rule from 1962 until earlier this year and is one of the least-developed countries in the world.

So how does it wind up leading the Internet in anything?

Read More To Find Out

Top Online Risks

London – The number of Britons targeted by cybercrime is expected to overtake conventional crime for the first time next year.

Internet security experts claim that up to 19 million people will come under attack from hi-tech criminals, generally involved in identity theft.

While at one time, the biggest threat was a burglary or someone smashing a car window to grab a radio, today’s Britons are facing up to the growing menace of internet crime which can be carried out from thousands of miles away.

The success of “hacktivists” in targeting big businesses, such as the Visa and Mastercard credit card companies in the wake of the Wiki-Leaks furore, has highlighted concerns about cyber security.

A survey of UK police officers specialising in hi-tech crime found that 79 percent have noticed a steep increase in cybercrime activity within the past six months.

Identity theft and so-called malware attacks, in which spying software is inadvertently downloaded onto a home computer, are considered among the greatest threats.


Social media identity theft

On Facebook many people display a huge amount of personal information which can be used against them by criminals.

Smartphone and tablet hacking

Criminals can set up temporary, and apparently innocent, wi-fi hotspots, which will capture the details of people who log on to the web via this link.

Hijacking social fads

Spying software Ð malware Ð can be attached to websites and forums. Clicking on an infected link will download spying software on to the home computer or smartphone.

Shortened Web addresses

Clicking on shortened web addresses, known as URLs, can direct users to a site that installs spying malware.


This infects a computer or smartphone with software designed to direct the user to a bogus website that can capture identity information. – Daily Mail


CRIME: West Aussies Added To List Of ‘Microsoft Scam’ Victims

SEVERAL West Aussies are out of pocket by hundreds of dollars after they were targeted by over-the-phone scammers posing as Microsoft computer technicians.

Consumer Protection said it had received more than 155 enquiries in the last three months about the Microsoft scam, where scammers can remotely access the victim’s computer after given access.

Commissioner for Consumer Protection Anne Driscoll said the victims are putting themselves at risk of identity theft and it was time to issue a fresh warning.

“Despite previous warnings by consumer protection agencies and Microsoft themselves, people in WA are still falling victim to this scam,” she said.

“You may be asked to log onto a website which allows the cold-caller to gain remote access to your computer. Or you could be encouraged to supply information like the IP address and then see the cursor begin to move when you’re not touching your mouse or keyboard.

“We have also heard of a random pop-up which falsely claims to offer a Microsoft system upgrade and then installs unwanted software.”

Ms Driscoll said the scam involves phishing and potential extortion.

“The scammer can alter security or anti-virus software settings, or add a key-stroke recorder to the PC. This means that when you enter personal or secure details, during online banking or internet trading for example, those details can be used fraudulently.

“Some consumers have been asked to pay between $125 and $220 by credit card, for a system upgrade available for free online. Those who refuse may have their passwords changed or be locked out of their computers. There’s also a risk of unwanted software being installed and scammers asking for payment to remove it.

WA ScamNet advises:

  • Never let unknown third parties access your computer.
  • Regularly scan PCs with an up to date virus detection program.
  • Do not be fooled by legitimate sounding organisation names like “Windows Security” or “Windows Service Centre”.

If you have let a potential scammer access your computer you should consider having it inspected by a reputable technician to ensure it can no longer be logged onto remotely and is free from malicious software.

If you’ve paid money to these scammers via credit card seek a charge back from your financial institution.

Via Perth Now; Related Fake Phone Scams Targeting PC Users

CRIME: Stuxnet, The World’s First Cyber Superweapon

BEIJING — A computer virus dubbed the world’s “first cyber superweapon” by experts and which may have been designed to attack Iran’s nuclear facilities has found a new target — China.

The Stuxnet computer worm has wreaked havoc in China, infecting millions of computers around the country, state media reported this week.

Stuxnet is feared by experts around the globe as it can break into computers that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like pumps, motors, alarms and valves.

It could, technically, make factory boilers explode, destroy gas pipelines or even cause a nuclear plant to malfunction.

The virus targets control systems made by German industrial giant Siemens commonly used to manage water supplies, oil rigs, power plants and other industrial facilities.

“This malware is specially designed to sabotage plants and damage industrial systems, instead of stealing personal data,” an engineer surnamed Wang at antivirus service provider Rising International Software told the Global Times.

“Once Stuxnet successfully penetrates factory computers in China, those industries may collapse, which would damage China’s national security,” he added.


The European Union’s European Networkand Information Security Agency will start working with the European Police Office, the EU’s criminal intelligence agency, to track down hackers, officials said.

In addition, new laws will criminalize the creation of malicious botnets that turn computers into “zombies” that attack vital computer systems.

“To anyone thinking that cyberattacks are an abstract concept, I would say that for millions of people each year there are already direct practical consequences,” European digital-agenda Commissioner Neelie Kroes said at a news conference.

“When your money is quietly stolen from your bank account or your country is shut down, as happened to Estonia in 2007, the threat suddenly becomes very real,” she said.

Of particular concern are the Conficker botnet that takes over computers and commands them remotely by its authors, and the Stuxnet computer worm, which sabotages industrial computer systems, including at nuclear power plants.

Conflicker can steal money and classified information. It prevented French jet fighters from taking off last year and shut down British and German army Web sites, EUobserver reported.

Stuxnet is reported to have affected nuclear facilities in China and Iran, prompting speculation secret Israeli and U.S. intelligence services were involved, EUobserver said.

Researcher and former U.S. National Security Agency officer Charlie Miller told EUobserver last month a hostile power could devastate the EU for slightly more than $100 million and a team of 750 spies and hackers.

A result could be all EU countries suddenly without power, telephone and Internet service and air, rail and road transportation. Stock-exchange and bank transactions could be frozen, government data scrambled and military units cut off from central command or sent fake orders, Miller said.

Via AFP, CNN, Post Chronicle

Social Media Popular Even With Phishers


Don't Let Others Phish Your Account


A growing number of internet criminals are shifting their focus from email to social media, new research suggests.

Panda Security’s third quarterly report of 2010 has found that clickjacking attacks employed by criminals to coax users into clicking on Facebook’s ‘Like’ button were particularly widespread during the period.

The study also found that 77 per cent of employees admitted to visiting social media websites at work and that consequently, 33 per cent of companies had been infected by malware through this channel.

Sebastian Zabala, Panda’s country manager for the UK and Sweden, suggested a combination of increasingly spam-savvy email users and an ever-expanding number of potential targets on social networks had led to the change in focus.

‘We are schooled when it comes to email, so most people are able to identify, for example, a phishing email or a spam email,’ he said.

‘But in the form of social media, it is harder for users to separate what is a phishing attack from a message. You are more inclined to click on everything, because you want to see everything and you want to see what is happening.’

Via BCS News

CRIME: The Sophisticated Hackers

Sophisticated attackers have eclipsed hackers as the largest threat to organisations, as protecting the amount of data in an organisation proves to be more challenging. Speaking at the Symantec Vision conference in Barcelona, Francis deSouza, senior vice president of the enterprise security group at Symantec, said that there are four key trends when it comes to the threat landscape: attackers; complex heterogeneous infrastructure; information explosion; and the increasing cost of a security breach.

He commented that it was clear from analysis of the Stuxnet worm that such a sophisticated threat was not written by casual hackers. He said: “This was written by a very sophisticated team that has deep skills that crossed a number of different areas and that invested a number of man years into creating this piece of malware.”

Looking at the first key trend, De Souza said: “The hackers have really changed over the past few years, four years ago I would have talked about the primary drivers were that hackers were trying to take down infrastructure. But today hackers have dropped out of the top three in terms of factors driving security attacks, the number one group driving security attacks today are the sophisticated attackers.

“Hackers have dropped to number four, number two and number three driving attacks today are actually insiders, the number two group are well-meaning insiders such as employees or contractors or customers who have legitimate access to a corporate network, but inadvertently do things that put an organisation at risk.

“The third group are actually malicious insiders who have legitimate access to the network but are actually deliberately stealing information. They are doing it because they are disgruntled, or have discovered a profit motive to be had in stealing corporate information.”

He went on to claim that the second big trend was around the infrastructure that organisations have to protect, specifically as sophisticated attackers use evolved attacks. He said that the techniques being used are very different from those of hackers, particularly with the emergence of ‘custom malware’ to create an attack.

He said: “Custom malware means that you have never seen that file before. Some of the old methods of doing security around signature-based security just won’t work because you will not have seen that file before so you will not have a signature for that file and will not be able to block it.”

He said that CIOs have more to protect in their environment than ever before, such as more equipment in the data centre, more endpoints and more people to protect because suppliers and contractors reach into the network.

“Also the amount of information that they have to protect is growing expedentially, almost across industries, organisations are telling us that the amount of information that they have to protect is doubling every two years, that is a massive amount of growth,” he said.

“In addition to the amount of information, they are realising that the amount of confidential information is growing. They are seeing an information explosion and more that they need to protect.”

Via SC Magazine

Childish Prank Is Now DoJ’s Nightmare

The U.S. Department of Justice said it may have been the most sophisticated computer fraud ever. For Viktor Pleshchuk, it was the chance to buy a brand new BMW and an apartment in his hometown of St. Petersburg.

The 29-year-old last month pleaded guilty to participating in a worldwide hacking scheme that led to the illegal withdrawal of more than $9 million from cash machines worldwide operated by RBS WorldPay Inc., the U.S. payment-processing division of Britain’s Royal Bank of Scotland Group Plc.

The conviction shed light on a growing trend from Russia. Just as President Dmitry Medvedev seeks to persuade investors his country is a safe place, more technology graduates are turning to cybercrime. The FBI last week charged 37 suspects from Russia, Ukraine and other eastern European countries of using a computer virus to hack into U.S. bank accounts.

“The number of hackers reflects how many good engineers we potentially have in this country,” Vladimir Dolgov, the president of Google Inc. in Russia, said in a Bloomberg Television interview in Moscow.

Russians committed more than 17,500 computer-related crimes last year, or 25 percent more than in 2008, according to the Interior Ministry’s latest statistics.

‘Childish Prank’

While cybercrime is proliferating, Russian laws against it were written in 1998, when hacking was often perceived as a “childish prank,” Boris Miroshnikov, the head of the ministry’s anti-cybercrime department, said in a report posted on the agency’s website.

A ministry spokeswoman said the department has advised Russian lawmakers to impose stiffer penalties on hackers. She declined to be identified, citing department policy.

“We are working on that, but so far we haven’t moved beyond discussions,” she said.

Businesses around the world lose more than $1 trillion in intellectual property due to data theft and cybercrime annually, according to a report in January 2009 by McAfee Inc., the technology security company based in Santa Clara, California.

Seeking to thwart the attacks, U.S. legislators in March proposed to use trade restrictions to penalize countries that provide safe haven to hackers.

Via Bloomberg