Informe de Verizon: 2009 Data Breach Investigations Report
2008 will likely be remembered as a tumultuous year for corporations and consumers alike. Fear, uncertainty, and doubt seized global financial markets; corporate giants toppled with alarming regularity; and many who previously lived in abundance found providing for just the essentials to be difficult. Among the headlines of economic woes came reports of some of the largest data breaches in history. These events served as a reminder that, in addition to our markets, the safety and security of our information could not be assumed either.
The 2009 Data Breach Investigations Report (DBIR) covers this chaotic period in history from the viewpoint of our forensic investigators. The 90 confirmed breaches within our 2008 caseload encompass an astounding 285 million compromised records. These records have a compelling story to tell, and the pages of this report are dedicated to relaying it. As with last year, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of our readers.
Un any més (i ja van 13) arriba l'informe, el CSI publica el seu informe anual sobre delictes a Internet. Es tracta d'una enquesta a 500 professionals de la seguretat informàtica sobre com s'han vist afectat per les incidències i delictes informàtics durant l'any passat i les mesures que han realitzat per tal de protegir les seves organitzacions.
D'entrada, les conclusions són:
- The most expensive computer security incidents were those involving financial fraud…
…with an average reported cost of close to $500,000 (for those who experienced financial fraud). The second-most expensive, on average, was dealing with “bot” computers within the organization’s network, reported to cost an average of nearly $350,000 per respondent. The overall average annual loss reported was just under $300,000.
- Virus incidents occurred most frequently…
…occurring at almost half (49 percent) of the respondents’ organizations. Insider abuse of networks was second-most frequently occurring, at 44 percent, followed by theft of laptops and other mobile devices (42 percent).
- Almost one in ten organizations reported they’d had a Domain Name System incident…
…up 2 percent from last year, and noteworthy, given the current focus on vulnerabilities in DNS.
- Twenty-seven percent of those responding to a question regarding “targeted attacks”…
…said they had detected at least one such attack, where “targeted attack” was defined as a malware attack aimed exclusively at the respondent’s organization or at organizations within a small subset of the general business population.
- The vast majority of respondents said their organizations either had (68 percent)…
…or were developing (18 percent) a formal information security policy. Only 1 percent said they had no security policy.
L'informe es pot baixar des de la web del CSI (si us voleu estalviar el registre, aquesta és la URL al PDF).
Publicat el Microsoft Security Intelligence Report (July — December 2007). És un informe sobre l'estat de la seguretat, realitzat per l'equip de seguretat de Microsoft, durant el segon semetre de l'any 2007. Ofereix una perspectiva sobre les vulnerabilitats al software, tant de Microsoft com d'altres proveïdors, i com el malware se n'aprofita de les mateixes.
Algunes dades d'interès:
- Descens en el nombre de noves vulnerabilitats
- Descens en les vulnerabilitats qualificades com a crítiques
- El 32,2% de les vulnerabilitats conegudes tenen un exploit de distribució general
- A nivell de Microsoft, s'aprecia una clara disminució en el nombre de vulnerabilitats als productes més nous
I moltes més dades. És un informe que cal llegir amb calma, ja que incorpora molta informació.
Red Hat Enterprise Linux 4
Analitza les vulnerabilitats detectades a Red Hat Linux 4.0 i les actualitzacions publicades, així com l'impacte de les amenaces potencials en funció de l'existència d'exploits o cucs que s'aprofiten d'aquestes vulnerabilitats.
A default installation of Enterprise Linux 4 AS was vulnerable to seven critical security issues over the first three years
A customised installation of Enterprise Linux 4, selecting every package, would have been vulnerable to 76 critical browser security issues, and 11 in non-browser packages in the three years. 81% of those vulnerabilities had fixes to correct them available from the Red Hat Network within one calendar day of them being known to the public
Red Hat knew about 49% of security issues affecting the first three years of Enterprise Linux 4 in advance. The average time between Red Hat knowing about an issue and it being made public was 21 days (median 8 days)
We found public exploits for 49 vulnerabilities that could have affected a customised full installation, although the majority relied on user interaction. Attempts to use many of the exploits would be caught by standard Enterprise Linux 4 security innovations
The most likely successful exploits allowed a local unprivileged user to gain root privileges on an un-patched Enterprise Linux 4 machine
Two worms targeting Linux systems were found during the three years, but both affected third party PHP applications not shipped in Red Hat Enterprise Linux 4. In addition, an update to PHP released over three months before one of the worms was released protected systems that had installed the third party applications
Enterprise Linux 5.1 to 5.2 risk report
És un estudi similar a l'anterior, però centrat en les vulnerabilitats de les versions 5.1 i 5.2 de Red Hat Enterprise Linux.
The graph below shows the total number of security updates issued for Red Hat Enterprise Linux 5 Server starting at 5.1 up to and including the 5.2 release, broken down by severity. I've split it into two columns, one for the packages you'd get if you did a default install, and the other if you installed every single package (which is unlikely as it would involve a bit of manual effort to select every one). So, for a given installation, the number of packages and vulnerabilities will probably be somewhere between the two.
So for a default install, from release of 5.1 up to and including 5.2, we shipped 46 updates to address 119 vulnerabilities. 8 advisories were rated critical, 24 were important, and the remaining 14 were moderate and low.
For all packages, from release of 5.1 to and including 5.2, we shipped 62 updates to address 179 vulnerabilities. 9 advisories were rated critical, 29 were important, and the remaining 24 were moderate and low.
Microsoft ha publicat un informe sobre l'estat de la seguretat informàtica entre juliol i desembre del 2007: Microsoft Security Intelligence Report (July — December 2007). Algunes de les dades destacables:
- Augment del 300% en el nombre de troians
- L'adware continua sent la principal categoria de software no desitjat
- El malware més detectat en el període de l'informe: Win32/Hotbar
- El malware més preocupant en el període: Win32/Winxier
- El phishing és un problema que bàsicament afecta al món anglosaxó. A la resta de països la incidència és més aviat nul·la o escassa.