Chances are you’ve never heard of the tiny Pacific island nation of Palau, but you may be familiar with its former Internet domain: PW.
That’s because the domain, now owned by Directi, has become a favorite of spammers.
According to Fort Systems, Directi — which christened PW “Professional Web” — began offering the top-level domain to all comers at rock-bottom prices, which attracted spammers.
Symantec spotted a big spike in spam URLs containing the PW domain at the end of April, when almost 50 percent of all spam URLs contained the domain.
“This came out of nowhere,” Eric Park, a senior antispam analyst with Symantec told TechNewsWorld.
“If you look at our TLD distribution, .com, .ru, .info — those are usually at the top of our list,” he said.
“But PW was by far the runaway number — even more than .com,” Park added.
Not only is Symantec bolstering its filters to block the spam, but it’s also working with the owner of the domain to help curb abuse of it.
“The registrar, from what I can tell, is interested in action to take the spammers down,” he said. “Not all registrars care, but these guys seem interested in working with us to shut them out because it’s damaging the brand they’re trying to push.”
An underground infrastructure is being built by cybercriminals to exploit the world’s love affair with mobile devices, according to a report issued last week by the Anti-Phishing Working Group.
“The sprawling mobile devices marketplace has spawned an industrialized mobile financial fraud plexus that today drives increasingly sophisticated criminal technical innovation to exploit the mobile devices explosion,” the APWG said in a statement.
“And it is funded by increasing revenues derived from potent new developments in mobile malware,” the statement said.
As any cybercrime fighter will tell you, information highwaymen go where the money is. Now and in the future, that means mobile.
In the coming years, global mobile payments are predicted to exceed US$1.3 trillion, the APWG noted. That’s going to present a motherlode of opportunity for connected criminal gangs.
That opportunity is enhanced by the mobile devices themselves. “These mobile platforms have more of an attack surface, they’re vulnerable to more types of attacks, and they have less robust security technology created for them,” Tom Kellermann, vice president of Trend Micro, told TechNewsWorld.
“People aren’t taking security seriously,” he added.
Balking at 2FA
Since adopting two-factor authentication to secure the accounts of users seems like a no brainer, why do some large Internet services, such as Twitter, continue to drag their heels on the practice?
“The bottom line is, do you want to invest in security or not?” Thorsten Trapp, co-founder and CTO of Tyntec, told TechNewsWorld.
In general, two-factor authentication involves something you have and something you know. As implemented by Google and others, it involves sending an SMS message with a code to your cellphone when the service detects any changes in your typical computing habits — logging in from a new location, for example, or a new device.
At this point, because the technology has proven effective, said Trapp, it’s just a matter of internal will more than anything else.
“Even the smallest companies can do it,” he said. “It’s just how high on the agenda it is.”
Two-factor authentication is the way the market is going because it can foil many of the hackers attacking services like Twitter, Facebook and Google, Trapp said.
“I wouldn’t say an SMS transmission isn’t breakable, but it’s 1000 times harder than tapping into an IP connection.” analyst Jack Santos reports decline in people affected by healthcare data breaches to 2.5 million in 2012 from 11 million in 2011.
Upcoming Security Events
- May 19-22. 13th annual Computer and Enterprise Investigations Conference (CEIC). Orlando, Fla. Registration: $1,095.
- June 10-13. Gartner Security & Risk Management Summit. National Harbor, Md. Registration: $2,375.
- June 11. Cyber Security Brainstorm. 8 a.m.-2:30 p.m. ET. Newseum, Washington, D.C. Registration for Non-government attendees: Mar. 3-Jun. 10, $495; Onsite, $595.
- June 14-22. SANSfire 2013. Washington Hilton, 1919 Connecticut Ave. NW,Washington, D.C. Course tracks range from $1,800-$4,845.
- June 15-16. Suits and Spooks Conference. La Jolla, Calif. Registration: Securing Our eCity Foundation members, $345; government/military $295; general registration, $595.
- July 24. Cyber Security Brainstorm. 8 a.m.-2:30 p.m. Newseum, Washington, D.C. Registration: government, free; non-government, $395, through July 23; $595 July 24.
- July 27-Aug. 1. Black Hat USA 2013. Caesars Palace, Las Vegas. Registration: through May 31, $1,795; June 1-July 24, $2,195; July 25-Aug. 1, $2,595.