Archive for January, 2011

Hacker Statistics

In the year 2010, there was an apparent growth in hacking and computer crimes according to security reports by the RSA and the cyber crime department of the Department of Justice and the FBI. Some of the worst threats come from phishing scams, which may lead to identity theft and other online fraud.

All of these threats are coming from several sources worldwide. What kind of hacker statistics are there to show the rise of How Much Hacking Is Going On?According to a report released by the RSA, there was a 7% increase in the amount of phishing attacks worldwide between the months of July and August 2010. The United States currently leads as the country that suffered the most attacks in regards to online cyber threats with 35% of these aimed at citizens of the US; the US was also the country that hosted the most attacks, with 60% of phishing attacks starting from the US.

The recent November report that was released by the RSA noted that there was a slight decrease in cyber attacks between August 2010 and September 2010, with total attacks decreasing by one percent. The reasoning is that there haven’t been as many noticeable attacks against larger corporations, such as banking and financial institutions. This doesn’t necessarily translate to greater online safety.

A recent PBS special revealed that the Pentagon receives over six million hacking and security threats a day and that some of departments, such as the Department of Energy, also suffer from vulnerabilities with their online security.

Another report, this one released by Verizon’s Business 2010 Data Breach Investigations for the previous year of 2009, notes that hacking attempts and malware held the number 2 and 3 spots in regards to data breaches that companies experienced (the number 1 cause was the abuse of priviledges). About 40% of data breaches happened due to hacking, while 38% were the results of malware.

What the Statistics State

Hackers are becoming dilligent at trying to find ways to break into computer systems. The November 2010 report from the RSA goes over the new Zeus 2.1 trojan, which can in essence mask its signature in order to avoid being removed by anitvirus or other programs that protect and secure a computer system.

While many strides and advances have been made to make sure that our online privacy is secure, the above statistics outline that we still have a ways to go in order to ensure that all personal and private data can not and will not be compromised. Keeping operating systems, antivirus and antispyware programs up-to-date are one key in keeping information safe. Other ways include making your password hard to guess and being aware of suspicious links or offers that may come to you via the Internet.

Source: RSA Anti-Fraud Command Center, RSA Online Fraud Report, November, 2010

Image content @ Stock.Xchng

Read more:

IPv6 Now.

The Internet’s IPv4 clock keeps ticking down. As Robert Cannon, the FCC’s senior counsel for Internet law, observed recently, “The original [Internet] address space, IPv4, is nearly exhausted.” He’s so right.

Still, I’ll bet most of you are still scared to death of having to learn IPv6, never mind actually deploying it. I know I would be if I were an overworked network administrator. Fortunately, there is help.

The National Institute of Standards and Technology (NIST) has just released Guidelines for the Secure Deployment of IPv6 (PDF Link). This is an excellent and free 188 page guide to IPv6. Besides covering the basics, it also does an excellent job of covering IPv6 security issues and how to deploy and management dual IPv4/IPv6 networks. Frankly, it’s the best guide I’ve seen to date on how to actually put IPv6 to work on a network.

Color me green with envy, I’d planned on writing my own e-book on IPv6 sometime this year, and now I have a very high standard to shoot for. This isn’t just a network administrator’s manual, it’s also, to quote NIST’s Evelyn Brown, “a guide for managers, network engineers, transition teams and others to help them deploy the next generation Internet Protocol (IPv6) securely.”

That last word, “securely” is an important one and it’s another reason I highly recommend that you download a copy of this NIST document. As lead author Sheila Frankel said, “Security will be a challenge, however, because organizations will be running two protocols and that increases complexity, which in turn increases security challenges.” These challenges will “include fending off attackers that have more experience than an organization in the early stages of IPv6 deployment and the difficulty of detecting unknown or unauthorized IPv6 assets on existing IPv4 production networks.”

I know. Just what you needed: deploying a new network stack and a new set of network security problems. That’s why I can’t recommend enough that anyone getting ready to deal with IPv6, read this document. You’ll be glad you did.