Study finds spear phishing at heart of most targeted attacks

Spear phishing attacks that target specific people at enterprises with the aim of gaining a foothold into the corporate network, often contain malicious file attachments and are at the core of most targeted attacks, according to a new report.

In an analysis of targeted attack data collected between February and September, Trend Micro found that 91% of targeted attacks involved spear phishing. Malicious file attachments were contained in 94% of emails, according to the report "Spear Phishing Email: Most Favored APT Attack Bait" (.pdf).  

The custom malware is usually embedded deep within a document, such as a phony business report, spreadsheet or resume, Trend Micro said. "Employees in large companies or government organizations normally share files via email since downloading materials straight off the Internet is regarded as insecure," the security firm said.

Phishing is at the heart of many publicly reported data breaches, according to a variety of industry studies.  A caseload review conducted by Verizon, which served as a preview to the 2012 Verizon Data Breach Investigations Report, noted that social tactics, such as phishing, were tied to over half of all data loss in the 90 breaches investigated by Verizon in 2011.

A computer forensics team also noted recently that a phishing attack sparked the massive South Carolina data security breach, but it is unclear whether it was a spear phishing attack or a run of the mill phishing campaign that gave a lucky attacker account credentials into the state's sensitive databases.  Last year, spear phishing was technique used by the attacker that infiltrated the U.S. Chamber of Commerce breach. China-based hackers are believed to have carried out the attack.

Enterprises most at risk

The Trend Micro report found that .exe files are no longer popular among cybercriminals, since most enterprises filter out the file type with email filtering technology. The most abused file type: .RTF files, according to the report.  Rich Text Format (RTF) is harder for organizations to block, because it is used to exchange text files between Microsoft Word and other programs and operating systems.

Government agencies and activist groups are most at risk of a spear phishing attack, according to the report. The public nature of the employees in the two sectors makes it easy for an attacker to find victim email addresses and target them with a convincing email containing a malicious file attachment. Companies in the heavy equipment, aviation and aerospace and financial industries are also at an elevated risk level.

Experts advocate user education, tighter social media policies, strong antimalware and email filtering technologies to mitigate the risk posed by spear phishing attacks. Employees can also undergo spear phishing drills to test the effectiveness of education.

Mac Planet: Samsung and Apple\'s never-ending battle

After extensive litigation and decisions in different territories going to one company or the other, Samsung remains unbowed by the struggle. Samsung's mobile and IT division head told reporters that the Korean company doesn't intend to negotiate with Apple.

This is despite the recent example of HTC signing a ten-year cross-licensing agreement with Apple that will end all legal battles between the two companies. It will also lead to at least a little HTC money going Apple's way. Terms of the deal were not disclosed, but analysts estimate that HTC will send Apple between $6 and $8 per phone in a deal that'll net Apple over $200 million each year.

OK, well, I guess that's not much of an incentive to deal. But it's not just Samsung being intransigent: Apple has further distanced itself from rival Samsung by switching to different suppliers for iPad and MacBook batteries. Apple has been labouring to avoid Samsung's components since the companies became embroiled in various legal battles all over the world.

Apple is now relying on batteries from Amperex Technology Limited and Tianjin Lishen Battery to power its iPads and MacBooks, according to Chinese Business News. Sterling brands, I'm sure. Just not exactly household names.

Apple had already shunned Samsung's displays and flash memory, which have been integral to millions of previous Apple products over the years.

Apple's decision to give Samsung Display the boot may be "one that comes back to haunt the Cupertino company" (as Cult of Mac puts it).

The smaller Apple tablet was expected to be a smash hit this Christmas, but Apple is said to be up against supply constraints with one of its two display manufacturers.

For the new iPad mini, Apple chose LG Display and AU Optronics. The problem is, the smaller AU Optronics may be struggling to keep up with Apple's orders.

DigiTimes reports that LG Display is supplying the vast majority of panels for the iPad mini since AU Optronics "continues to suffer from poor yields in the production of panels for the devices."

This could become a big issue for Apple as we approach the holiday season. New Zealand retailers have been struggling to get stock of the mini already, with one waiting weeks to finally get a delivery of ... 11! (So it's not their fault, folks, if you can't find what you're wanting.)

In the States, Apple online has reasonable shipping times for the mini, but here our Apple online stores still says "Limited quantities available". Meanwhile, the iPad 4 with the, presumably, harder-to-build Retina display is readily available.

In better news, iPhone 5 seems to be in the channel now, with barely any wait times, and the new razor-thin iMac, which had also been rumoured to be under supply constraint, is now almost with us - Apple has announced it is on sale from today, in the 21-inch version at least, with the 27-inch set to follow in December. I'm very much looking forward to trying one of these out, to benchmark that Fusion drive and just to see the beauteous thing in the flesh. Anyway, the point is, rumours of Apple product doom don't always pan out - at least, not for long.

Apple, by the way, has posted its annual Gift Guide page to help you spend your money on the Inc. How thoughtful.

Of course Apple promotes its own stuff here, but there are some intriguing things from third parties, too, like the Crayola DigiTools Ultra Pack for iPad. Say what? Exactly. This is an Apple Store exclusive. So it might be worth sidelining your cynicism and checking out the Gift Guide, at least for intriguing packs like this.

On that subject, I started looking at new stuff this month and it totally snowballed on me. I have been posting reviews on mac-nz.com at a furious rate (for me) and now I have seen so many products, and have so many more to look at, I am doing my own gift guide, as it were. So subscribers to my free monthly MagBytes pdf will get another issue before the usual last Thursday of the month packed full of the new stuff I have been looking at, for Macs, iDevices and more. All of this stuff is available in New Zealand, so I hope it will be helpful to you, and thanks to all the vendors who have been lending me things to salivate over, and for bravely ignoring my heartrending (although, obviously not heartrending enough) tears when I give them back.

I do plan to summarise everything on Mac Planet one day soon, so you don't even need to sign up for the free monthly PDF of Apple news, tips and tricks. So I'm not actually 'selling' you anything free and useful after all.

Anyway, back to the corporate stoush. Apple can't divorce itself entirely from Samsung, because despite the increasingly public nastiness between the two Corps, Samsung's processors are still the CPUs in Apple's iOS devices. There's no real choice: Samsung is the only supplier of the A4, A5, and A6 processors Apple needs; it's simply not yet feasible to shift supply elsewhere. With that in mind, Samsung recently announced it will be increasing the price Apple pays for its processors by 20% in 2013. Ouch.

Samsung recently had to pay Apple more than $1 billion in damages in the US when a jury found the Korean electronics giant guilty of patent infringement. However, this is just one of many legal battles involving the two companies; in other places, Samsung has been the winner.

And on the 'protestations of doom' subject: Apple has had some unholy arguments that have got very personal before. Adobe and Apple almost declared war a couple of times, and dare I mention Microsoft vs Apple? However, most of the time, these issues got worked out, and they carried on swapping knowledge and supporting each other in not immediately obvious ways, so all is not lost. Samsung may one day be an Apple partner again.

For there's a magic ingredient in all this, isn't there? It's called 'money'.

By Mark Webster

Nitrogram: Analytics for Instagram Marketing

Businesses that use social media to promote their products and services often rely on analytics services to better understand their target market and the best practices for using these sites. There are many different analytics platforms to choose from when dealing with popular social media sites like Facebook and Twitter.

But now, that more and more businesses are beginning to use photo sharing app Instagram as part of their social media strategy, some of those businesses are looking for ways Read More

The post Nitrogram: Analytics for Instagram Marketing appeared first on Small Business Trends.

AWS IAM tools essential to secure cloud services

LAS VEGAS -- If there was one clear theme from the security-focused technical sessions Wednesday at the inaugural AWS re:Invent conference, it's that the diligent use of IAM tools and best practices is critical in securing AWS cloud environments.

Time to Raise the MBL Cap for Credit Unions?

Fred Becker, President and CEO of the National Association of Federal Credit Unions (NAFCU), is calling upon Senate leaders to pass a bill to raise the credit union member business lending cap (MBL) from 12.25 percent of assets to 27.5 percent. Increasing this cap would allow credit unions to make more capital available for small business loans, which can be a profitable part of a credit union's portfolio.

The bipartisan Credit Union Small Business Jobs Bill, S. 2231, introduced by Senator Mark Udall (D-CO), and retiring Senator Olympia Snowe (R-ME), would increase the MBL cap from 12.25 percent of assets to 27.5 percent for eligible credit unions.

When Congress passed the Credit Union Membership Access Act in 1998, it created restrictions on the ability of credit unions to offer member business loans by a credit union's member business lending to 12.25 percent of total assets. Research has proven that the cap hinders credit union lending to small business and does little, if any, harm to banks and other institutions.

In January 2001, the Treasury Department released a study, “Credit Union Member Business Lending” which found that ‘Business lending is a niche market for credit unions. Overall, credit unions are not a threat to the viability and profitability of other insured depository institutions.'

Last year, the SBA's Office of Advocacy also found that bank lending was largely unaffected by changes in credit union business lending, and that credit unions have the ability to offset declines in bank business lending during a recession (James A. Wilcox, The Increasing Importance of Credit Unions in Small Business Lending, Small Business Research Summary, SBA Office of Advocacy, No. 387. Sept. 2011).

Becker suggests raising the MBL ceiling in combination with legislation to extend full coverage of noninterest-bearing transaction accounts. Banking trades are seeking extension of the “transaction account guarantee” program that was implemented under the Dodd-Frank Act. NAFCU advocated parity for credit unions, which was included in the final Dodd-Frank bill. Currently, $1.4 trillion in noninterest-bearing account balances covered under Dodd-Frank are in line to lose their federal coverage. The 100 percent deposit and share insurance coverage for these accounts is set to expire on Dec. 31 at midnight.

In a letter to Senate Majority Leader Harry Reid (D-NV), and Minority Leader Mitch McConnell (R-KY), Becker wrote:

“This would certainly have unintended consequences on smaller financial institutions and could very well lead to businesses shifting funds away from their community-based financial institutions.”

NAFCU believes that combining the two measures into one:

“. . .would not be a win-win proposition for the American people and our economy.”

I agree.  Credit unions have the capital to help America's small businesses thrive. The outdated MBL cap limits their ability to help stimulate the economy by providing credit to startups and expanding small businesses.

Unlock Money Photo via Shutterstock

Santa or Scrooge: The Pulse of Small Businesses This Holiday Season

Whether a small business is generous or a little penny pinching during the holidays usually depends a lot on how well the company did for the year. If you had a great year, it's easy to get in the holiday spirit and give clients and employees gifts. But if you didn't fare as well as you projected for the year, it might be more difficult to appear generous when everyone else is in the giving mood.

American Express OPEN reports each year on where business owners are in terms of gift giving, employee bonuses and holiday parties. In the 2012 Small Business Holiday Monitor, we see that small businesses want to show their appreciation of employees and clients, even if they don't have large budgets.

Showing Appreciation to Employees

The majority of businesses surveyed plan to acknowledge their employees in some way at the end of the year. The good news for employees is that 35% of small business owners plan to give an end-of-year bonus, up from 29% in 2011. But even if you can't afford to give each of your staff a bonus, there are plenty of other ways to show your appreciation:

• Employee gifts
• Holiday party
• Group activity
• Time off
• Gift cards

The purpose in using any of these techniques is to let your staff know that you recognize the hard work they put in for your company. Sure, they would all love to get a $5,000 bonus at year end, but if it's not in the budget, they'll understand.

Budgeting for Client Gifts

Another component of the holiday season is often giving client gifts. Small business owners are spending slightly more this year than in the past: last year 43% of small business owners bought their customers gifts, spending an average of $827, while this year, 51% of small business owners will spend about $958 on gifts for their clients.

Interestingly, the highest budget that the Small Business Holiday Monitor recorded for client gift spending was in 2007, when the average was $1,483. It's clear the recession has had an effect on this budget ever since.

Celebrations and Donations

For small business owners that identified more as a “Santa” rather than a “Scrooge” when it comes to generosity this holiday season, more will be hosting holiday parties, though spending slightly less than in the past. More than half of entrepreneurs will donate to a charity this year, through monetary donations, in-kind contributions or time donations.

Whatever your budget, find ways to show your appreciation of both your staff and your clients. Even something as simple as a holiday card can be enough to show your gratitude, and hosting a staff potluck can be a cost-effective way to add a little festivity to your office.

Office Party Photo via Shutterstock

Citrix Unleashes New Features To Improve Their Virtualization, Networking and Mobile Cloud Applications

If you use cloud applications to manage your business, chances are you've seen at least one of Citrix's cloud applications. They tend to be rather flexible, providing you with several ways of customizing the software to fit your needs. While you might find something else that matches your tastes, there's a chance that at least one of their solutions fits the bill for you. If you haven't heard of Citrix, you should certainly take a gander at what they have to offer.

For those of you who use any of Citrix's apps, there are some important updates you might want to check out! Here's a short list:

• Citrix XenClient now on ultrabooks. You're no longer limited to hard-wired virtualization. Because of the new trend in mobility, Citrix has decided to bring ultrabooks into the big picture, allowing them to take part in the virtualized desktop experience.
• Citrix introduces Windows 8 compatibility to everything. Windows 8 came out on October 26th. It was about time that they upgraded everything to make sure that it can catch up to the many small businesses adopting the new operating system.
• GoToMeeting now runs on the iPad. Your favorite HD video conferencing application is now available on the iPad, allowing you to make presentations and meet people live from across the globe anywhere you are!
• Podio‘s got a new “card” layout.  Citrix's collaboration, CRM, and custom app sandbox now has a very nice new interface that presents your projects in a way that's much more feasible than older Gantt charts. Read more about it in their blog.
• GoToAssist now has a service desk.  Citrix adds a service desk to its GoToAssist IT remote assistance solution that allows you to quickly resolve any customer issues through a very simple and straightforward interface. You can now have a look at problems that need to be resolved and see where customers had similar problems that were resolved to come up with a much quicker resolution and a happier customer!
• Citrix releases CloudGateway 2.  This piece of software is a great way to distribute apps where you need them through your own app store. CloudGateway 2 includes some enhancements that allow you to securely encrypt apps and their data, and wipe out anything remotely when necessary. Not only does it allow you to individually manage mobile devices, but it also gives you a way to distribute the apps you use across your business.
• Citrix adds @WorkMail and @WorkWeb to Me@Work.  That was quite a mouthful! Me@Work now introduces @WorkMail and @WorkWeb to its business app suite. @WorkMail allows you to manage your email, contacts, and calendars while @WorkWeb is a secure consumer-like browser that delivers secure access to enterprise environments.

It's time to log in and check out the new goodies you just got! Be sure to check out any other relevant services listed above if you still haven't subscribed to them. You'd be surprised at how much you can discover!

Insurance Policy Forms: Ignorance of The Commodity Perception

The idea that insurance is in anyway a commodity is offensive to me as an insurance agent. The very common misconception that insurance is a commodity stems from general public's gross ignorance that all insurance policies are created the same.

The subsequent inference made by most insurance consumers then becomes that price is all that matters when in comes to purchasing an insurance policy.

If this is your belief, (please understand that I say this with all due respect), your ignorance is a detriment to both you and your family and/or your business and could someday ruin your life.

Harsh… Yes.

But my primary goal in writing this article to bring to your attention the utter FAIL that is â€" believing insurance to be a commodity.

What the Heck are Insurance Policy Forms?

When you buy an insurance policy, approximately 7-14 days later you receive in the mail a physical copy, correct? (Some carriers send a pdf version now.) I'm going to assume you're nodding.

Have you ever taken to time to look through all those pages of black type legal-looking documentation that follow the page with your premium on it?

Its okay to say no, 999 out of 1,000 people reading this post don't flip past the page with their premium on it.  So you're not alone for skipping the insurance policy forms.

All that legal print that you don't read, that's the Insurance Policy Form.  The insurance policy form, or policy language, outlines who is an insured, the insuring conditions, what type of loss(es) are coveraged, and what type of loss(es) are excluded.

Seems like pretty important stuff doesn't it?

A company called ISO provides the baseline policy language that most insurance carriers in the US use for their insurance policies.  However, many carriers will make changes, tweaks, and adjustments to the standard ISO Policy Form to meet their underwriting appetite (that means what type of losses they want to coverage and what type they don't).

Additionally, individual states will mandate certain changes to the standard ISO Policy Form which all admitted carriers in that particular state must abide by (for purposes of this discussion you do not need to know what an admitted carrier is).

So what does all this mean?

Insurance Carrier A sells a product called “Tech Liability” for X dollars.

Insurance Carrier B sells a product called “Tech Liability” for X â€" $100 dollars.

If insurance were a commodity, then all that would matter is price, and you would have to be remiss to not take the policy from Insurance Carrier B.  Right?  (Its cheaper.)

But Insurance Isn't a Commodity

Wait a minute…

Didn't I just say that many carriers will make changes to the baseline ISO form to match their specific risk tolerance?

Why Yes… Yes I did.

Could that mean that every carrier's policy is different, and may uniquely include or more importantly exclude coverages that you need to protect yourself, your family or your business?

Again Yes…

So it is within the realm of possibilities to assume that insurance policies ARE NOT COMMODITIES and should be examined in a coverage to price - Value Analysis, (I just made that term up. I like it and will start using it), on each insurance policy's unique ability to cover your specific risk needs at the most competitive premium?

Yes!

This post ended up way more snarky than I had originally envisioned it.  However, I'm hoping that you read through the sarcasm to my point.

The insurance policy form matters, the coverage matters, one insurance policy is not going to cover the exact same risks to same extent as a policy from another carrier even if they call the policy the same exact name.

Protect yourself and your business… it's a jungle out there!

Insurance Policy Photo via Shutterstock

Citrix Unleashes New Features To Improve Their Virtualization, Networking and Mobile Cloud Applications

If you use cloud applications to manage your business, chances are you've seen at least one of Citrix's cloud applications. They tend to be rather flexible, providing you with several ways of customizing the software to fit your needs. While you might find something else that matches your tastes, there's a chance that at least one of their solutions fits the bill for you. If you haven't heard of Citrix, you should certainly take a gander at what they have to offer.

For those of you who use any of Citrix's apps, there are some important updates you might want to check out! Here's a short list:

• Citrix XenClient now on ultrabooks. You're no longer limited to hard-wired virtualization. Because of the new trend in mobility, Citrix has decided to bring ultrabooks into the big picture, allowing them to take part in the virtualized desktop experience.
• Citrix introduces Windows 8 compatibility to everything. Windows 8 came out on October 26th. It was about time that they upgraded everything to make sure that it can catch up to the many small businesses adopting the new operating system.
• GoToMeeting now runs on the iPad. Your favorite HD video conferencing application is now available on the iPad, allowing you to make presentations and meet people live from across the globe anywhere you are!
• Podio‘s got a new “card” layout.  Citrix's collaboration, CRM, and custom app sandbox now has a very nice new interface that presents your projects in a way that's much more feasible than older Gantt charts. Read more about it in their blog.
• GoToAssist now has a service desk.  Citrix adds a service desk to its GoToAssist IT remote assistance solution that allows you to quickly resolve any customer issues through a very simple and straightforward interface. You can now have a look at problems that need to be resolved and see where customers had similar problems that were resolved to come up with a much quicker resolution and a happier customer!
• Citrix releases CloudGateway 2.  This piece of software is a great way to distribute apps where you need them through your own app store. CloudGateway 2 includes some enhancements that allow you to securely encrypt apps and their data, and wipe out anything remotely when necessary. Not only does it allow you to individually manage mobile devices, but it also gives you a way to distribute the apps you use across your business.
• Citrix adds @WorkMail and @WorkWeb to Me@Work.  That was quite a mouthful! Me@Work now introduces @WorkMail and @WorkWeb to its business app suite. @WorkMail allows you to manage your email, contacts, and calendars while @WorkWeb is a secure consumer-like browser that delivers secure access to enterprise environments.

It's time to log in and check out the new goodies you just got! Be sure to check out any other relevant services listed above if you still haven't subscribed to them. You'd be surprised at how much you can discover!

Enisa calls for collaboration, specifically between Certs and LEAs

The European Network and Information Security Agency (Enisa) has launched a Good Practice Guide on cooperation and coordination between Computer Emergency Response Teams (Certs) and Law Enforcement Authorities (LEAs).

Claiming that collaboration between Certs and LEAs is hindered by their inherent cultural differences, the report makes five key recommendations to overcome these barriers: training; improving structures to support information sharing; facilitation of collaboration; good practice development; and harmonisation and clarification of legal and regulatory aspects.

The report establishes that cooperation is essential in the fight against cyber crime despite a number of legal and regulatory barriers.

The announcement came after an Enisa event, where closer cyber cooperation and mutual support were recognised as key factors for boosting cyber security for Europe's citizens, governments and businesses.

Enisa executive director, Professor Udo Helmbrecht, said: “Europe's information society depends on secure technology, well-built laws and policies and security-aware citizens. Our event today underlined that there is a strong need for closer cyber cooperation to build an even stronger level of European cyber security, for our citizens and Europe's digital economy.” 

Neelie Kroes, European Commission vice president, said: “The key to strong cyber security is sharing responsibility. That is the ‘name of the game' for this event and for Enisa, and it's a more important challenge than ever as the role of the internet in our economy and society continues to grow rapidly.”

Speaking about the launch of the report, Helmbrecht said: “Certs and LEAs cover crucial but different aspects of cyber security. Cooperation between them is vital to properly protect our digital citizens and economy. However, until now little research was done on how to connect these two areas. This study contributes to better fighting cyber crime by identifying the collaboration challenges, and ways to overcome them.”

Zig Ziglar, A Great Inspiration to Business Leaders, Dies at 86

Call him a motivational speaker, a thought leader, or an early self-help guru, Zig Ziglar was an inspiration to many, including entrepreneurs. As those in the business community said goodbye to Ziglar, who died at age 86 on Wednesday, we look at how attitude, outlook, and personal brand still affect business and success today, just as Ziglar has told us for 40 years.

The Man and the Message

Determine your altitude. As Ziglar said, “Attitude, not aptitude, determines altitude.” His philosophies on business and personal success put together might be described as Ziglar's “personal brand”, developed way back in the 1950′s before this term was in common use. At that time, Ziglar, a salesman, discovered that selling himself was the key to success and a 40 year career as a speaker and author. Your personal brand is a part of your business too. Think about the brand you project to customers. The New York Times

Words to live by. Before entrepreneurs ever talked about producing content and information products, Ziglar built a global business in which his words and message were his only real products. Those products were repackaged in the form of books, cassettes, and eventually podcasts. Here online marketer Nicole Dean shares some of chunks of Ziglar's wisdom in quotes and video clips of his successful presentations. Think about the information you provide to your customers and what that information is worth. Nicole on the Net

Tips for Achievement

Build your brand. Personal brand is widely recognized today as an important asset for any entrepreneur or business leader. No matter what your product or service, this brand communicates to customers about what you stand for and who you are. Your brand may help others decide whether or not they want to be in business with you. But building that brand may not be as easy as it seems. Here Elaine Rogers examines seven mistakes that can hurt your person brand. Don't let these mistakes happen to you. Tweak Your Biz

Have a plan. Ziglar often talked about the importance of setting goals. Part of the process was to determine what it would take to meet that goal and then establishing the steps necessary to achieve it. All entrepreneurs must have a plan to move their venture forward and understand the steps needed to carry out that plan, leading their companies to success. Yet some of the greatest pitfalls are not unexpected problems, but totally avoidable mistakes made early on in the process, says startup expert Martin Zwilling. Here are some of the worst, so plan ahead! Startup Professionals Musings

Start with a purpose. Taken together, Ziglar's philosophies point to the importance of a purposeful life. To avoid being what he called a “wondering generality,” he advocated defining that purpose and steps needed to fulfill it. Entrepreneur Allen Lau advocates the same philosophy when starting any business and gives this same advice to others interested in founding companies of their own. When he started his business, Lau was focused on solving a problem of his own, access to his collection of books on his mobile device, but ended up creating Wattpad, a service that brings readers and writers together, benefiting a much larger community. Sprouter Blog

The Final Analysis

Keep things simple. Ziglar had a few simple rules for his incredibly popular presentations. He focused on easy to remember sound bites of wisdom, injected humor and optimism into his message, and always made his audience's success at applying his principals a priority. Keeping things simple in your business will pay great dividends too, explains business consultant Susan Oakes. For example, take steps to simplify your marketing message, making it easier to communicate your value to customers and to grow your business. M4B Marketing

Know when to quit. Tom Ewer would add persistence to the principles of optimism and goal setting as imperative in realizing your business ambitions. But don't forget a dose of realism to help you determine when things aren't working. Never give up on your overall vision when trying to create your business, advises Ewer. Instead, use reality checks to determine whether your approach is the right one or whether you will need to modify your plan to reach your objectives. MyWifeQuitHerJob.com

Webscreen Technology and C4L launch DDoS mitigation service

A partnership between Webscreen Technology and C4L has led to the launch of a hosted distributed denial-of-service (DDoS) mitigation service.

Created for smaller and more dispersed organisations, the two companies said that this was designed to provide businesses with protection against large-scale DDoS attacks without the need to invest in costly in-house equipment, software or dedicated security staff.

Web traffic is routed through the C4L mitigation service before reaching a user's servers, ensuring that only ‘clean' requests get through. Webscreen Technology said that by analysing all incoming packets and filtering out unwanted and suspicious requests, the solution constantly learns and adapts, ensuring that potentially threatening packets are identified and blocked.

Paul Bristow, COO of Webscreen Technology, said: “We are delighted to have this opportunity to work with C4L on the first proxy service to use our advanced heuristic technology.

“DDoS attacks are growing in volume, size and sophistication and it's vital that customers have the ability to keep their businesses running without the threat of DDoS attacks. By offering this service in partnership with C4L we can ensure that all organisations, no matter what their size, have the opportunity to protect themselves 24/7 from this growing and costly risk.”

Gary Barter, telecom and connectivity product manager at C4L, said: “As organisations increasingly recognise DDoS as a serious and growing threat, they are asking the same question: ‘how can we guarantee effective but economical DDoS protection?'."

“The initial expense of in-house DDoS mitigation can be prohibitive for many organisations in today's tough economic climate and without proven DDoS protection organisations are always susceptible to being taken offline. By providing DDoS mitigation as an affordable, scalable, always-on service, C4L and Webscreen Technology are helping ensure that all organisations can afford fast, effective and economical DDoS protection.”

Targeted attacks start with a spear phish

Targeted attacks nearly always begin life with a spear phishing message, according to research.

Trend Micro claimed that 91 per cent of targeted attacks begin with a spear phishing email, according to data collected between February and September this year. 

The report said that 94 per cent of targeted emails use malicious file attachments as the payload or infection source, with the remaining six per cent using alternative methods such as installing malware through malicious links.

The most highly targeted industries are government and activist groups, with information on government agencies and appointed officials found on the internet and on public government websites.  

Rik Ferguson, director of security research and communications at Trend Micro, said: “We fully expect to see a resurgence of malicious email as targeted attacks expand and evolve.

“Experience has shown us that criminals continue to abuse tried and trusted methods to directly leverage intelligence gathered during the reconnaissance for targeted attacks.

“We have also seen that targeted attacks are evolving and expanding. The abundance of information on individuals and companies makes the job of creating extremely credible emails far too simple. It's a part of a custom defence that should not be ignored."

The research also determined that executable (.EXE) files were not commonly used as spear phishing email attachments, likely due to the fact that emails with .EXE file attachments are usually detected and blocked by any security solution.

Instead they come in the form of .LZH, .RAR and .ZIP files after being compressed and archived before being sent. In some cases, compressed files were password protected to further prevent their malicious content from being detected by security solutions.