It's that time of year again. The weather is turning cooler, football season has begun, Halloween is fast approaching. That can only mean one thing--it's National Cyber Security Awareness Month!
Just in case you aren't really sure what the big deal is, or why you should care, here are five recent security threats that highlight why we need an entire month to raise awareness and promote better computer and network security.
1. Zeus Botnet. Last week law enforcement agents around the world swooped down and arrested dozens involved in a bank fraud scheme built around a Zeus botnet. Unfortunately, the Zeus malware is much more pervasive than this one band of cyber criminals, so there is no reason not to expect such attacks to continue occurring.
2. Stuxnet Worm. The Stuxnet worm seems specifically designed to target and infiltrate power facilities--with some suggesting that it was developed by the West with the intent of compromising Iranian nuclear power capabilities. Regardless of the motives for creating the worm, Stuxnet is a malware masterpiece--exploiting four different zero-day vulnerabilities in Microsoft Windows and demonstrating why users shouldn't pick up and use random USB thumb drives.
3. E-vites Scam. Everyone likes to be wanted, and who doesn't love a good party? The latest AppRiver Threat and Spamscape Report says, "By leveraging these two bits of human nature, social engineers used "E-vites" to invite victims to the Annual Fall Fling. Be careful RSVP'ing to this one." Clicking on the attached "invitation" will install the malware and compromise your PC.
4. Pushdo Botnet. The Pushdo Botnet was all but killed. Unfortunately, botnets are resilient in nature and have a way of rebounding if not completely extinguished. During September, the Pushdo Botnet re-emerged with its trademark malware spam campaign designed to look like Facebook messages.
5. "Here you have" Worm. The AppRiver Threat and Spamscape Report explains, "The "Here You Have" mass-mailing e-mail worm caused quite a stir when it rolled through early September as it was said to have been sent from a Lybian hacker using the moniker Iraq Resistance. The attack accounted for 9 percent of all spam traffic during its run, and spurred an FBI investigation."
Of these five security threats, perhaps none makes the case for user awareness and National Cyber Security Month better than the "Here You Have" worm. This attack used a poorly worded subject line stolen from the decade-old Anna Kournikova virus. Of course, it could also be debated that the success of this threat--a decade later and following years of annual National Cyber Security Month efforts--indicates that user awareness isn't enough and signals a need for a new security strategy.
However, you simply can't have too much user awareness, common sense, or cautious skepticism. Besides, even if the computer and network security experts of the world come up with a revolutionary approach to guarding against attacks like these, end users will still be the weakest link in that chain.
So Happy National Cyber Security Awareness Month. I'm sorry I didn't get you a card. Apparently Hallmark isn't on board yet with this event.