Network Endpoint Security News - Watch Your End

With the most expensive time of the year looming, several reports are currently doing the rounds which suggest that the ‘grooming’ of employees by criminal gangs is growing faster than ever. Why? Because criminals intent on commiting ID and financial fraud are realizing that it is easier to get information from insiders than it is to hack into networks from the outside.

Some experts even warn of KGB-style recruitment tactics where targets are identified and groomed over a period of years in order to provide an effective and reliable source of sensitive data from banks, call centers and other organizations that hold our most private information.

For some organizations, regular vetting of employees can help identify potential data leaks, but the main worry has to be the ease with which the majority of staff can access confidential records and then copy them off the network through local PC connections such as USB and wi-fi ports. Only when these ports are secure against misuse can the company have some confidence that network users are not putting their customers’ data at risk.

While ID theft is well publicized, with several high-profile prosecutions now underway, it seems some individuals will always be susceptible to the lure of cash for information. And when there are gifts to be padi for, what’s stopping your staff from giving in to temptation?

According to new research, Britons will buy 2.5 million mobile phones, 1.25 million MP3 players and 2.5 million digital cameras over the next six months. Great news for the manufacturers electronic gadgets, but perhaps not so welcome for IT managers who are trying to stop these devices being connected to the corporate network.

Thanks to their plug and play abilities, it has never been easier for computer users to get information off the network or to introduce unwanted content (whether it is ‘innocent’ content like holoiday snaps and music, or more malicious spyware and viruses) onto company-owned PCs.

And while some organizations employ a total ban on these kinds of devices in the workplace, few can find it a workable solution - especially when they are now so prolific. For those companies without armed guards and x-ray machines on the door, a much more sensible solution is to automatically allow or block the connection of different devices according to the individual’s security privileges. Then IT managers won’t need to worry if employees buy one million or ten million new MP3 players, they’ll still be kept safely at arm’s length from the network.

News last week from the US-based Privacy Rights Clearinghouse (PRC) suggests that 100 million Americans - that’s around a third of the entire population - are now at risk of identity theft. The news follows Boeing’s recent admission that some 382,000 employee records were stolen on an unencrypted laptop.

Worse still, the PRC believes that 100 million is just the tip of the iceberg, with only breaches made public being included in the statistics. The PRC maintains a list of the worst breaches on its website, dating back to the ChoicePoint data theft in February 2005.

In the UK, research suggests there have now been four million confirmed victims of identity theft (up 500% in the last seven years), although experts argue the actual figure is much higher.

More on VNUnet

Employees connecting portable media players could be putting networks at risk, with the discovery of a new vulnerability that could allows hackers to take remote control of users’ machines and execute malware.

According to Microsoft, a specially-crafted .asx could be copied to the target computer, either from a html file or from a portable device connected to the PC. As such, there is the potential for unauthorized users to connect devices to PCs in the office which then allows hackers outside the building to access confidential files on the network.

Security consultants, Secunia, have rated the vulnerability as ‘highly critical’.

Researchers at anti-virus vendor, McAfee, claim to have found the first ‘in the wild’ spyware application for Symbian mobile phones. The malware tracks text messages and copies log files with the phone number of incoming and outbound phone calls.

While the AV boffins claim this first spyware example is not particularly sophisticated, it does point the way to increasing volumes of more dangerous applications being target specifically at mobile devices.

However, for organizations, the risk doesn’t stop at the individual device. With more and more devices communicating freely with one another and being connected to company-owned PCs on a daily basis, there is an increasing threat that hackers will forego attempts to hack the network directly and will instead target the less protected mobile devices used by workers. It’s not beyond the realms of imagination to envisage files being copied from the network and instantly sent out of the office by a PC-connected phone - all without either the device’s owner or network managers ever knowing.

More on vnunet.com