Security roundup for week ending Nov. 18: Facebook, Norway oil-industry cyberattacks, and why virtualization and mobile devices mean security stress

Last week's flood of pornographic and violent images that hit Facebook was a coordinated spam attack that caught the attention of the world. But less remarked-upon and perhaps more sinister was what may have been a denial-of-service attack on many organizations' DNS servers, based on an exploit of the BIND 9 protocol, temporarily knocking their networks offline. The Internet Systems Consortium (ISC), which maintains several software products essential for Internet infrastructure, released a patch that's something of an interim fix for this and said it would conduct an investigation. This kind of attack -- which incapacitates entire networks, as it did in this case -- is truly worrisome.

And now we hear of what appears to be an "advanced persistent threat" against Norway's oil industry to steal business secrets. The BBC has reported that Norway's National Security Agency said that oil, gas and defense firms there had been targeted by sophisticated attacks in which industrial secrets and information about contract negotiations were stolen. About 10 companies are deemed to have been subject to these attacks, and at least some of them were fooled by "customized emails with viruses attached which did not trigger anti-malware detection systems," according to the BBC report. This email was sent to specific individuals in the targeted firms and was crafted to appear as though it came from legitimate sources. The BBC report says the Norwegian security agency indicated this was the first time Norway has revealed this type of wave of cyber-espionage, though it did not identify a source.

IN OTHER NEWS: 11 cool robots you may not have heard of

In other news, Romanian authorities arrested a 26-year-old hacker accused of breaking into multiple NASA servers and causing $500,000 in damages to the U.S. space agency's systems. Robert Butya was arrested in the city of Cluj, following an investigation by the Romanian Directorate for Investigating Organized Crime and terrorism. He's expected to be tried in Romania.

What the Ponemon survey on "State of the Endpoint" tells us

In trying to size up the main pressures coming to bear on the enterprise IT and security divisions right now, the Ponemon Institute polled 688 information and security managers on where they see their greatest risks. Their responses clearly indicate they are struggling with the security associated with virtualization software they deployed that has become the foundation for their organizations. It's mainly based on the VMware or Microsoft Hyper-V platforms, though Citrix Xen is also there, and IT and security managers are turning to their virtualization software vendors and security vendors with virtualization expertise for help. It appears that virtualization has become a classic case of a transformational technology that everyone rushed to get for its benefits, such as server consolidation, before really understanding or caring about the security and networking management consequences.

And the disturbing aspect of the Ponemon survey is that 41% of the 688 respondents said the responsibility for virtualization security isn't clearly defined by department or function. In other words, maybe no one is really in charge? 40% in the survey also admit collaboration between the IT operations and IT security overall is "poor or nonexistent."

Other aspects of the Ponemon survey reflect how mobile devices, especially smartphones, are now staples of business communications, with the added twist that employee-owned devices are gaining ground. 17% of respondents said more than 75% of their organization's employees use personal devices in the workplace; 20% said more than half did. The priority is establishing the appropriate security and management, but this survey at least suggests there's more focused resolve on this than there is for the security issues in virtualization.

Speaking of lack of resolve, a Symantec survey of what 1,900 managers in small to midsize businesses think indicates a fair number of these SMBs think they're somehow immune to threats such as keystroke logging, DDoS, website vulnerabilities and targeted attacks. Exactly half said, "We are a small business and are not targets for these types of attacks."

They seem to think this stuff only happens to the big guys. No, there are SMBs with nice healthy bank accounts that attackers with financial motives that gotten into time and time again by commandeering compromised computers used for bank funds transfers.

Security for the cloud popping up all over

Gartner thinks SMBs, which sometimes lack substantial IT and security departments, will be a driver in the next few years for the rise of cloud-based security services since these may be easier to deploy and operate than hardware-based on-premise equipment. Two of these kind of services debuted last week -- from IBM with a managed security service for smartphones, and from Symantec with a cloud-based security service for Microsoft Lync.

The business of security

In business news, the enterprise Wi-Fi vendor Aruba announced it will buy Avenda to gains its technology for authentication and authorization, with one goal playing a bigger role in supporting employee-owned devices in enterprises. Aruba expects the Avenda acquisition to close during the second quarter of next year.

In other news, Huawei Technologies said it is buying out Symantec's share in the Hong Kong-based Huawei Symantec Technologies joint venture for $530 million. Symantec owns 49% and Huawei owns 51% of the joint venture, which was formed in 2008 to integrate Symantec storage and security software into appliances built with Huawei telecommunications equipment. Expected to be completed by the first quarter of 2012, Symantec will receive royalties from Huawei for seven years for the technology it contributes to the appliances, and Symantec will maintain its own business in China, which includes two research and development centers, and its own appliances business, according to Symantec CEO Enrique Salem. Huawei is expected to continue to invest in the venture. The reason given for the split? Not much Symantec is willing to disclose right now, except there are "issues on which the partners saw differently," according to Salem. Of course, we can hope to hear more about this if Salem ever writes a tell-all memoir.

Read more about wide area network in Network World's Wide Area Network section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email CIO
• Follow CIO on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark