Archives For stuxnet

We completed our first day of Making Money w/ Security on Monday with a group here in downtown Melbourne.  As we were discussing some of the global security trends, one of the attendees pointed me to this ted video which does an excellent job of breaking down the Stuxnet technology – I would encourage anyone selling security technology to take time to view this.  It provides some in-depth understanding on what’s really possible out there.

Also, don’t forget to check out the upcoming May workshop – Making Money w/ Security – a public offering delivered online.  Seating is limited and it’s filling up quickly…here’s the link.

http://securitysalesworkshop.eventbrite.com/

© 2013, David Stelzl

Advertisements

New Breed of Malware

August 20, 2012 — Leave a comment

Shamoon

The August 17th article from PCWorld read, “…Next generation malware takes insidious to a whole new level.”  I recently listed three big threats you should know about, Stuxnet, Flame, and Gauss…now add Shamoon to the mix.  This one apparently wipes our your hard drive and master boot record to keep you from performing any meaningful forensics.

From PCWorld’s analysis, all four (Stuxnet, Duqu, Flame, and Gauss) “…are believed to be sophisticated, state-sponsored malware developed for the purpose of cyber espionage against specific targets.”  This may affect larger organizations, and may seem irrelevant to the SMB market, but it’s the technology advancements behind these tools that concern me.  Over time the technology used here will likely be incorporated into malware readily available online to just about anyone.

While this may not drive additional products and services right now, I recommend knowing about these things as your client’s adviser.  Consider setting up briefings with local business executives to educate them on what is going on, and what steps their organizations should be taking to protect their customers and internal sensitive data from data security threats in general.

Educational marketing is the best way to reach out to business owners, executives, and anyone in that “Asset Owner” position.

© 2012, David Stelzl

Cybercrime Update

 

Are you up to date on cybercrime trends?  Security continues to move…last year Anonymous dominated the Wall Street Journal security news,…this year there are some important technologies to be following: Stuxnet, Flame, and more recently, Gauss.

Stuxnet

If you are selling security technology, you should know what Stuxnet is…Here is a great article providing an overview of this unique approach to cyber-warfare.  Stuxnet has been around for a couple of years now, but I find that few people recognize the name.

Flame

The Flame virus has been likened to Stuxnet, but indications are this is a more complex malware that is also capable of taking over mechanical systems and creating havoc.  There’s a short description here to get your started.

Gauss

The Gauss virus is a new discovery and located mostly in the middle east at this point.  Kaspersky has published some statistical data on this worm showing where it is attacking…”Kaspersky said that by July 31, 2012, it had counted 2,500 unique PCs as being infected by Gauss since May, and traced 1,600 of those infections to PCs in Lebanon. The next most-infected countries were Israel (483 PCs infected), the Palestinian Territory (261), the United States (43), the United Arab Emirates (11), and Germany (5).”

This malware seems to have targeted bank customers, but also has a connection to the Stuxnet program.  Check out all three of these as the news is building. Even though your clients may not be affected at this point, all three represent a significant change in technology advancements being made in the cybercrime world.
Two articles to get you started:

7 Key Facts

Unable to Crack Computer Virus

© 2012, David Stelzl

Photo taken by David Stelzl

Heading home from New York this afternoon after a great two day trip.  I spent day one working with sales people on effectively presenting security strategies to their clients in a series of one-on-one meetings.  Day two, I was invited by Symantec and one of their top partners, to speak to a group of executives over lunch at Jack’s Steakhouse.  A couple of things that make this particular time in history interesting….

If you’re not up to date on Stuxnet and how malware evolved to a new level over the past 18 months, you need to be.  It’s rare that I read Vanity Fair, but this a linked article is worth a read to catch up on over a year of analysis and developments – cyberwar is finally a reality!  But just as important – this kind of technology poses an entirely new level of threat to your clients.  (Read it!)

Secondly – while Wikileaks and the fiasco involving Pvt. Mannings is not new news, the implications are significant.  Reading through the developments between the Anonymous group, Mastercard, Paypal, and Amazon demonstrate that groups like this do have the power to affect large corporate networks at will.  Add Gawker in there and you see that stealing the account database and decrypting it is not that difficult when dealing with real hackers.

Most of my audience didn’t know our power girds, airforce traffic control, and F-35 databases have been hacked over the past year.  Why?  These are important events that demand companies take action and start thinking seriously about securing data.  This is not a simple task…learn to articulate this and you may find yourself advising these firms at the highest levels.

© 2011, David Stelzl