Month: March 2014

HackSurfer just released a summary on malware development for 2013 based on the formal report from Panda Labs. Here are some of the key points from the summary:

• Almost 32% of computers across the world found infected with malware.
• There were 82,000 different malware strains that emerged in 2013.
• Android Platforms remained the primary target for cyber criminals with nearly two million android based malware being created in the year of 2013.
• Trojans were the biggest contributor in 2013 with 71.11% of all new malware.
• The growth of new malware strains rose to 13.3% versus 9.67% in 2012 year.
• China remained the most infected country in 2013 with 54.0% ratio.
• Sweden was on the last position with least malware-infected countries.
• 20% of all malware were created in the year of 2013.
• The most popular virus families were Sality and Xpiro.
• 30 million new malware variants were created in 2013.

2014 Prediction about Imminent Threats:

• New malware variants can hit the market in 2014 that will compel to implement strong security parameters in organizations.
• Java vulnerability will remain in 2014 due to countless security flaws and its high usage in the world.
• Users will fall victim to cyber culprits due to social engineering techniques.
• Android platform will remain on the top in malware spreading.
• Ransomware malware will be on the top position in 2014 than Trojans and Botnets.
• Corporate culture has to think beyond traditional antivirus product.
• Hackers can target internet-connected device (Internet of Things) for attack purpose.

Amid deepening corruption scandals in Turkey, the Turkish Government has shut down access to a number of social media outlets, most recently Twitter, after Twitter failed to comply with their demands to censor links to wiretapped conversations of the inner circle which seem to provide evidence of corruption. Prime Minister Erdogan was unfazed by condemnation of this move, saying “the international community can say this, can say that. I don’t care at all. Everyone will see how powerful the Republic of Turkey is”.

The US Government is winding down their participation in the Internet Corporation for Assisgned Names and Numbers (ICANN). ICANN’s duties include setting policies for domain names, top level domains, and controlling the root nameservers that are the backbone of the Domain Name Service, which is a distributed registry that translates addresses entered into a web browser from something like www.google.com to a machine readable address (in this case 74.125.239.146). While much hay has been made by certain political personalities, among them Moonbase Commander Newt Gingrich, about this loss of control by the US to an undefined international community, this move has been planned for a significant amount of time, and the transition of ICANN towards a more global regulatory system will occur under a planned framework.

There was another possible path for the governance of the DNS and addressing systems, that being the ITU, which would have been overseen by the UN. However, as every nation would have had a vote in that situation, and the number of nations which would like to see substantial control instituted and widespread surveillance authorized is almost certainly greater than those who (at least publicly) would like to see a free and open internet. Many nations saw this as problematic, among them the US and Russia, which has lent significant weight to the process being adopted now of reforming ICANN and reducing US Government influence. That said, the existing system was no longer sustainable, especially in the wake of the Snowden leaks which revealed wide ranging activities by the US Government, activities which have done significant damage to the moral authority which is the foundation of governance.

Pursuing ICANN as a regulatory body for the future is an example of the use of the Multistakeholder governance model, which will essentially give regulatory control to a number of major internet and technology companies, and Internet civil society groups. A presentation on the application of this model in ICANN may be found here.

Dan Gifford, MCySec Media Manager