• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Current News   »   Simply Security news roundup, October 21

Simply Security news roundup, October 21

  • Posted on:October 26, 2011
  • Posted in:Current News, Spotlight
  • Posted by:
    Trend Micro
0

Smartphones dominated the headlines in the tech world this week, turning the heads of enterprise IT security managers still trying to prepare for the inevitable onslaught of security issues stemming from the consumerization of IT.

However, one especially high-profile strain of malware was able to steal the industry's attention this week. In what appears to have become a weekly occurrence of late, news broke of another military-focused strain of malware, this one dubbed Duqu. The researchers who discovered it have made claims that the Trojan is an evolved variation of the infamous Stuxnet virus, which was discovered in 2010 after having infiltrated and damaged the computer infrastructure that maintained Iran's nuclear resources.

Malware expert Sergey Golovanov said in a recent interview with Forbes that researchers "are pretty sure [Duqu] is the next generation of Stuxnet." Because 99 percent of Duqu's software rules are the same as those of Stuxnet, according to Forbes, researchers have speculated that it is a new variation of the virus that is considered a historic milestone in the security industry.

The Duqu issue was just the latest in a long series of events that have raised concerns over cyberwarfare. Two weeks prior, similar concerns abounded after anonymous sources from the U.S. Air Force came forward in a Wired report about a virus that had successfully infiltrated the computer systems of a drone aircraft. The virus wsd found to be benign, but the discovery itself reverberated throughout both the technology and military worlds.

Duqu, however, appears to be anything but benign. The Trojan was initially discovered on September 1 by a Hungarian blogger, and was since found to have infected several different targets in random areas across the globe. According to Forbes, Golovanov's research shows that the virus' victims are not related, which differs from Stuxnet's strategy of targeting one individual system. That does not mean, though, that Duqu is less effective, according to Golovanov.

"It took months before Stuxnet was activated that it started infecting computer systems. Within days of discovering Duqu, it was already causing damage," the researcher told Forbes. He added that the researchers are "pretty sure that Duqu is a government cybertool and are 70 percent sure it is coming from the same source as Stuxnet."

However, others have chimed in and warned against jumping to conspiracy conclusions over Duqu. In a blog post, security practitioner Bill Brenner acknowledged that the two share similarities, but also pointed out that the researchers who first discovered Duqu still need to complete a full audit of the code. Once that is complete, more details can come forward and a clearer picture of the situation can be painted. Until then, Brenner warned, researchers and security experts will be doing the industry no favors by making claims of a repeat Stuxnet attack, at least until more evidence exists in favor of it.

In either case, the issue will make for interesting headlines in the weeks and months to come. With these kinds of implications, Duqu also reopens the investigation into Stuxnet, the discovery of which celebrated its one-year anniversary just weeks ago.

However, if Duqu is really that similar to Stuxnet, more information will be difficult to come by. Even after investigating and studying Stuxnet for one year, researchers still have little information as to its source.

Some have speculated that it was created by the U.S. government, while others have pointed the finger at Israel. However, if the connection between Stuxnet and Duqu turns out to be real, the latter could be a major lead on a globally significant investigation.

Meanwhile, in the private sector, enterprise IT experts made note of what appeared to be a major turning point in the evolving consumerization trend.

It started with massive outages suffered by the already struggling BlackBerry mobile operating system. Research In Motion issued an apology and is offering a handful of free apps and services to both consumer and enterprise customers.

However, the efforts may turn out to be too little, too late for the long-time enterprise mobility industry leader.

Some customers were not able to make phone calls or send email for days. Even worse, analysis of the issue found that it was specific to BlackBerry's OS, meaning it couldn't actually happen to those using smartphone platforms developed by Apple or Google.

That issue, in particular, came at an inconvenient time for both RIM and companies whose employees have been assigned BlackBerry phones. The Canadian smartphone vendor has been on a downward slide for the past couple of years, steadily losing market share as its competitors grow. The latest comScore statistics show that RIM's market share dropped from 24.7 percent in May to just 19.7 percent in August. Meanwhile, Apple and Google have risen head and shoulders above it, and continue to look up.

Now, it seems, a rapidly growing number of consumers are purchasing smartphones of their own. The comScore report showed the total number of U.S. smartphone users reached 84.5 million in August. As a result, many companies are dealing with support and security issues as more employees use their personally owned devices to access the company network.

Growing mistrust in BlackBerry will only drive this trend further and faster. Research on the BlackBerry outage shows that this development may be reaching a tipping point. Market researcher Yougov released its stats on the effects of the service issues, showing that consumer confidence in the BlackBerry brand plummeted in the days following the outage. Yougov uses a point system to track brand image, upon which BlackBerry dropped 52 points between October 12 and October 14.

The shakeup coincides with two major steps forward for Apple and Google, RIM's two consumerization-driving competitors.

The latest edition of Apple's iPhone, the 4S, sold more than 4 million units in its first weekend on the market. That figure could grow to 25 million by December, according to Piper Jaffray analyst Gene Munster.

For businesses, especially those that still support BlackBerry phones for their employees, that figure is a sign of the growing odds that employees will forgo the device provided to them and instead access the corporate network with unsupported iPhones.

However, managing consumerization may not be as easy as just focusing on the iPhone and whatever security threats may accompany it. Google also unveiled the next generation of its Android mobile operating system, nicknamed Ice Cream Sandwich. Considering Google remains at the top of the global smartphone market, growing 5.6 percent in the third quarter to reach 43.7 percent mobile OS market share, the introduction of a new platform only paints a more Android-heavy picture of the future of enterprise mobility.

Security News from SimplySecurity.com by Trend Micro

Related posts:

  1. Simply Security news roundup, October 7
  2. Simply Security news roundup, September 30
  3. Simply Security news roundup, November 4
  4. Simply Security news roundup, September 16

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • New Report: Top Three Ways to Drive Boardroom Engagement around Cybersecurity Strategy
  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.