According to new research, around ten percent of all malware is designed to use portable storage media, such as removable USB drives, to attack and propagate.
The research found that the most common type of malware on USB sticks was INF/Autorun, a generic identification for malware that tries to use the autorun.inf file as a way of compromising a PC.
Security researchers have unveiled a hardware-based hacking tool which can take over a ‘locked’ Windows PC by connecting directly to the machine’s Firewire port.
The tool, called Winlockpwn, bypasses Windows’s authentication system and lets an attacker take over a “locked” Windows machine without even stealing its password.
With Winlockpwn, the attacker connects a Linux machine to the Firewire port on the target machine. He can then get full read-and-write access to memory and the tool deactivates Windows’s password protection that resides in local memory.
Thankfully, some endpoint security solutions such as Centennial DeviceWall offer protection against such attacks by blocking potentially dangerous communication devices such as Firewire ports, which have little if any legitimate business use.
More than you might think, according to new research which suggests that the average business laptop has £260,000 ($500,000) of data stored on it. The survey also found that the average value of personal data on a laptop totalled £160,000 and nearly 40 percent of travellers had been affected by some form of malware.
According to a report released by the US Computing Technology Industry Association (CompTIA), the severity of security breaches has risen from 2.3 (out of 10) to 4.8 in 2006. Although the overall number of attacks decreased slightly, IT security managers are increasingly worried about the integrity of their systems and data.
Over half of respondens cited handheld devices as a major security concern, with the enforcement of security policies still a significant problem for many organizations.
A man in Seattle, WA has been arrested by police in what they are describing as the first case of someone using peer-to-peer file sharing programs to commit identity theft.
According to the indictment released last Thursday, Gregory Thomas Kopiloff used “peer-to-peer” file-sharing programs to troll other computers for financial information that he then used to open credit cards for an online shopping spree.
“If you are running file-sharing software, you are giving criminals the keys to your computer,” said assistant U.S. attorney Kathryn Warma. “Criminals are getting access to incredibly valuable information.”
And it’s not just private individuals who are at risk. With research showing that more staff see company-supplied PCs and laptops as their own, P2P applications and other security risks are increasingly finding their way inside the corporate network. As such, the ability for IT staff to accurately identify instances of ‘greyware’ on the network is becoming more important to protecting the integrity of company-sensitive information.