Conficker worm threat spread by basic password failure

A recent report by software leader Microsoft has found that the threat posed by the Conficker worm has continued to grow in 2012.The Security Intelligence Report volume 12 issued by the Trustworthy Computing division shows that the malware has been detected over 220 million times in the past two years.This is especially troubling for enterprises, as the Conficker worm has been noted to make use of common or weak administrative passwords to gain access to a system where it can begin to infect every machine on a network.The malware carries with it a set of hard-coded examples of simple codes and terms – including ‘admin’, ‘12345’, ‘coffee’ and ‘password’.Perhaps the most tragic side to the botnet dilemma is that it could be avoided with the use of a basic security audit, according to the head of Microsoft’s Trustworthy Computing division Tim Rains, who said that many organisations “are running on weak passwords” and failing to patch their systems regularly.”Conficker is one of the biggest security problems we face, yet it is well within our power to defend against,” asserted Mr Rains.”It is critically important that organisations focus on the security fundamentals to help protect against the most common threats

Red cell testing takes on mobile security

When considering an organisation’s digital security, it is commonplace for workers to take into account common features such as password strength and regular updates of antivirus software. While these certainly help to form part of a strong security plan, these components do not constitute a complete suite of protection. This is because malicious parties are constantly evolving the way they seek out information that can be used in a penetration attack. As an example, the 2012 Threat Report by Websense Security Labs analysed over 200,000 smartphone apps and found what it calls “a noticeable percentage” of the mobile programs were containing elements of malware and non-essential permissions.The report states: “The popularity of mobile devices is creating a large target installed base and cybercrime is actively innovating to harvest information for profit.”On top of this, researchers found that 51 per cent of mobile users turn off password permissions and security protections on their devices – making a lost or stolen phone a valuable commodity for malicious parties.This is just one of the avenues that red cell testing teams could use when helping to examine possible exploitation routes – making use of the same methodologies and processes as real-world hackers and data thieves, but without the danger of losing control of proprietary information

Cautious IT behaviour highlighted in 2012

A new survey from Gartner has shown that 2012 may be set to become the year of cautious IT behaviour, as companies face economically turbulent market conditions. For many chief executive officers (CEO), the uncertain financial situation presented by their competitors and stakeholders presents a powerful argument towards investing in new developments.

Gartner’s survey of over 220 CEOs published on April 16 found that – while fiscal responsibility and cost control had grown in priority – IT investment was to grow over the remainder of the year. Vice president at Gartner Jorge Lopez explained that the drive to produce additional value from technology investment was “comparatively healthy”.Mr Lopez asserted: “The newer trends, such as mobile and cloud, are rising to the foreground of CEOs attention.”However, CRM remains CEOs’ favourite IT capability because marketing is a never-ending competitive quest for customer retention.”While the value generated from effective use of data mining and long-term relationship management activities, due diligence demands that the level of online security needs to reflect the value represented by the material kept on hand.Ideally, vulnerability management measures should be an integral part of the planning process – with the costs and benefits factored into additional IT project planning.

CIOs focus on mobility and intelligence

Australian firms are focusing more on mobility and business intelligence than ever before, according to a recent report. The Chief Information Officer Agenda survey performed by Gartner as part of its Executive Programs 2012 initiative covered over 2,000 CIOs around the world – 132 of which were in Australia.

Researchers found that the main drive for these professionals for projects in 2012 was related to extracting value from mobile technologies and business intelligence (BI) operations.

While areas such as cloud services and virtualisation were still ranking well in terms of future planning, the survey found that the increase in adoption rates for smartphones and personal tablets made them less of an immediate priority.Vice-president of Gartner Andy Rowsell-Jones explained that the new ranking was something of an anomaly for researchers to find.

He asserted: “BI has had a chequered history in Gartner’s annual CIO survey. Is it new ideas, new tools, or the triumph of hope over experience that has propelled BI back into the limelight? We will find out over the course of the year.”However, the added amount of information collected and stored by businesses involved in data mining and mobile access also necessitates an increase in security audits and compliance certification, as the value generated by the collection of client details is also widely recognised by malicious online parties.