OpManager: A single console to manage your complete IT infrastructure. Click here for a 30-day free trial.
Welcome Guest | Sign In
LinuxInsider.com

Trusteer Ventures Into the Chinese Hackers' Den

Trusteer Ventures Into the Chinese Hackers' Den

If your jobs is to take on international hackers, then you want to go where the action is. For U.S. security company Trusteer, that means setting up shop in China, where hackers with designs on global mischief tend to first test out their cybernastiness on local markets. China has become hacker central thanks to highly publicized incidents and reports, so Trusteer is simply following the malware.

By John P. Mello Jr. TechNewsWorld ECT News Network
04/08/13 9:59 AM PT

China has a reputation as a center for international hacking, so why would a U.S. security company want to set up shop there?

Before hackers launch their international escapades, they typically cut their teeth in their local markets, explained Rakesh Loonkar, president of Trusteer, which announced last week that it was opening an office in China.

"What we're seeing in China, as well as in Russia and Eastern Europe, many of the fraudsters are trying all their techniques out locally before expanding internationally," he told TechNewsWorld.

A local office can not only provide protective services for native targets of cyberbandits, Loonkar said, but it can gather data that will be useful when those miscreants go multilateral.

That's because Trusteer's security products improve with use. Once an attack is identified, it can be used to update the company's database and protect its global customer base.

"So a local office can serve as an early warning system to protect everyone around the world," Loonkar said.

Spammers Exploit Google

An intriguing spam scheme that uses Google Translate as a proxy server for junk mail was revealed last week by Barracuda Networks.

Google Translate links are embedded in spam messages to fool spam filtering systems into thinking the missives contain legitimate links -- and to an extent, they do.

The links go to Google Translate, but they do more. They also instruct the site to translate a page in Russian on a server in France that sends link-clickers to a spam site hawking bootleg pharmaceuticals.

"We've seen this on a small scale for a long time," Chet Wisniewski, a security advisor for Sophos, told TechNewsWorld.

"I've seen them trying to use Google Translate to bypass spam filters," he said. "I've just never seen it on any scale."

According to Barracuda, the technique is being used in a number of large volume spam attacks.

"It is something that works particularly good for bypassing filters," Wisniewski noted. "We don't automatically think that something like Google Translate are suspect."

That's not always the case, however. Schools often turn off Google Translate because students discovered early on how to use the site to get around content filters.

The site was also used in the past by Chinese web surfers who wanted to skirt their country's Net filters, he added.

"Using Google Translate to get around a blockage isn't new," Wisniewski said, "but if it's being used on a large scale for spam purposes, that's new."

An Event Every Minute

FireEye released its Advanced Threat Report for the second half of 2012 last week, and among its findings was this tidbit:

"On average, a malware event occurs at a single organization once every three minutes. Malware activity has become so pervasive and attacks so successful at penetrating legacy defenses -- network firewalls, intrusion prevention systems, and anti-virus -- that once every three minutes organizatons on average will experience a malicious email file attachment or Web link as well as malware communication -- or callback -- to a command and control server."

That number varies across industries, the report said, with technology Visit the VMware Tech Center companies experiencing the highest volume of malware events -- one every minute.

Malware writers are increasing their efforts to evade detection by sysem defenders, the report said.

Among the evasion innovations spotted by researchers are malware that performs operations only when a mouse is moved, and some strains that remain dormant on a virtual machine. Both tactics are designed to subvert detection by sandboxing.

This obsession with covering their tracks is a disturbing trend, according to Tom Kellermann, vice president of cybersecurity at Trend Micro.

"What worries me most today is that elite hackers are beginning to use destructive payloads as part of cleanup or anti-incident response," he told TechNewsWorld. "These payloads include MBR wiping- logic bombs and crypto."

Breach Diary

  • April 2. South Carolina governor's office reports that 38 percent of the state's citizens affected by massive data breach at revenue department have signed up for free credit monitoring program. Breach affected 3.8 million taxpayers, 1.9 million dependents and 700,000 businesses.
  • April 2. American Chamber of Commerce poll reveals that 25 percent of U.S. companies doing business in China have experienced a data breach or theft of data.
  • April 2. California bill that requires companies upon request to disclose to consumers the data collected about them and to whom it was shared during the past year is referred to Assembly Judiciary Committee. Hearing scheduled for April 16.
  • April 2. Two major Internet portals in Japan hacked. Goo, a portal owned by network operator NTT, locks 100,000 accounts to prevent illicit logins. Yahoo Japan discovers data for 1.27 million users exfiltrated from portal's systems. There was apparently no immediate connection between the two incidents.
  • April 3. United HomeCare Services, which services Dade County, Fla., is notifying 13,617 patients that their personal information may have been compromised when a laptop was stolen from the car of an employee. Information includes names and addresses, dates of birth, Social Security numbers, service dates, health plan numbers, diagnoses and diagnostic or treatment service codes. United is offering those affected by the breach two years of free credit monitoring.

Upcoming Security Events

  • April 9. Mobile Devices and Identity and Access Control Applications. Sands Expo & Convention Center, Las Vegas, Nev. Sponsored by Smart Card Alliance. Registration: US$470-$590.
  • April 12. Art of Deception: Are YOU in Danger of Being Conned? Lecture by Kevin Mitnick. 3 p.m. Tom Steed Community Learning Center, 6191 Tinker Diagonal, Midwest City, Okla.
  • April 18. A Tale of Mobile Threats. 2 p.m. ET. Black Hat webcast. Free.
  • April 23-24. Black Hat Embedded Security Summit. McEnery Convention Center in San Jose, Calif. Registration: Before Feb. 9, $999; Feb. 9-Apr. 18, $1,099; Apr. 19-25, $1,199.

  • April 23-25. Infosecurity Europe. Earls Court, London, UK. Registration: By Apr. 19, free; After Apr. 19, Pounds 20.
  • May 15-16. NFC Solutions Summit. Hyatt Regency San Francisco Airport. Registration $760-$1,020.
  • June 11. Cyber Security Brainstorm. 8 a.m.-2:30 p.m. ET. Newseum, Washington, D.C. Registration for non-government attendees: Before March 3, $395; Mar. 3-Jun. 10, $495; Onsite, $595.
  • June 14-22. SANSfire 2013. Washington Hilton, 1919 Connecticut Ave. NW, Washington, D.C. Course tracks range from $1,800-$4,845.
  • July 24. Cyber Security Brainstorm. 8 a.m.-2:30 p.m. Newseum, Washington, D.C. Registration: government, free; non-government $395, before April 10; $495, April 10-July 23; $595 July 24.


John Mello is a freelance technology writer and former special correspondent for Government Security News.


Facebook Twitter LinkedIn Google+ RSS