Wednesday, 11 December 2013

Spam: Always in Season

BitDefender Scam Infographic Sure the holidays come only once a year, but scammers work all year long. Tooting the same old tricks, they try to add a bit of variety to each upcoming holiday. That recommended Christmas gift is actually just a rip-off of an idea from a Halloween get-up.
You're not safe from these sneaky holiday scammers even if you think you know better than to click on their emails or links. The consequences are getting continually worse if you accidentally access a website or attached file; your device can get infected so badly that it can result in data loss, impersonations, or money and critical information stolen. To avoid these scams, BitDefender created an infographic that explains typical seasonal scammer tricks.
Merry Scary ChristmasMost scammers begin their campaign in the cold month of December and try to catch unsuspecting victims looking for gifts or vacations for the winter holidays. These malicious tricks cover a range of areas: scammers send out offers of loans for credit card extensions, fake personalized letters from Santa Claus, and diet and body cleansing pills.
Lured by knock-off Rolex watches, luxury cars, and hotel reservations, users are encouraged to take phony surveys or are led to phishing forms. Sometimes victims are led directly to malware like exploit kits, downloaders, and droppers.
Lovebirds are the targets after the winter rush; as Valentine's Day approaches, about seven percent of all spam messages attempt to coax people to purchase sweets for their special someone. Not surprisingly crooks offer fake chocolate and flower arrangements, replica watches, jewelry, or perfumes.
In April, scammers "arrange" a 50 percent-off sale for Easter flowers and goodies. To offset those giant chocolate bunnies, they also offer miracle weight loss plants as well as nerve calming remedies. With Mother's Day and Memorial Day in May, users are bombarded with offers of restaurant discounts, travel gift cards, sports footwear, spa and gym vouchers, and strangely enough, toilet paper.

Summer ScamsScammers know May and June are the peak time to plan trips. They intersperse fake travel deals with real ones to trick users into giving their credit card information on malicious websites. Most phony flight confirmations are booked during this time when over a hundred thousand holiday-themed spam messages are sent out. Bogus newsletters include offers that promote early-booking bargains, cruise packages, and travel insurance.
Before the festive July 4 celebrations, spammers try to persuade victims to buy yard barbeque kits for Father's Day. Scammers then celebrate Independence Day by spreading malware distribution campaigns linked to political messages and special fireworks sales.

Falling for MalwareIn late summer and early autumn crooks follow up on their vacation scams by posing as hotel managers and sending messages telling summer clients to check their money transactions or travel receipts. Users who click on the links or open the attachments that claim their credit card service is blocked fall victim to phishing, malware, and fraud.
Labor Day scams and alarming 9/11-related malware-infected sites that feature terms like "bin Laden alive," or "towers going down" are found in September. Charity scams or memorabilia offers for collectors exploit the anniversary of the latter event as well.
October and November have their fair share of scam plans too. Scammers advertise pirated software, dairy sweets, online dating tips, and ink around Halloween time. And of course, November is not only the month to chow down on turkey but also to buy big on Black Friday. Taking advantage of already-advertised low prices, crooks try to pose the best offer for unsuspecting customers: three-dollar car insurance, cheap designer clothing or smartphones, and casino coupons.
Stay AlertIt's not enough to simply be aware of all these scams. One accidental click on a link or banner can leads to malware infection with serious repercussions. Don't open suspicious-looking emails and try to avoid giving out personal data like credit card information. Consider purchasing antivirus software, like our Editors' Choice BitDefender Antivirus Plus (2014), to get rid of existing threats and prevent future attacks. Always beware of spam because it can hit anytime of year.
Click on the image below to view the full infographic.
BitDefender Scam Infographic full

The Pirate Bay moved to the domain of the island in the Atlantic Ocean

Torrent tracker The Pirate Bay has moved to domain. Ac, highlighted located in the Atlantic Ocean volcanic island of Ascension. On December 10 moving with reference to representatives tracker website reported
According to the administration The Pirate Bay, moving into the blast zone. ac is a temporary measure. Change domain resource was forced after it became aware of his previous address blocking -, registered in the autonomous territory of Sint Martin (southern part of the island of St. Maarten, part of the Kingdom of the Netherlands). Reportedly, after The Pirate Bay re planning to change the domain, as fears accusations of Internet piracy by the UK authorities (domain. ac is under the control of the British company Internet Computer Bureau).
Torrent tracker changes its domain name is not the first time. In April 2013's had time to visit the Icelandic domain. Is and Greenland. Gl. Domains and were blocked by Tele-Post by the Supreme Court of Denmark. Prior to this resource located on the Swedish domain. Se, as well as the international domain. Org. FILE HOSTING The Pirate Bay was launched in 2003.
The site is one of the largest BitTorrent trackers on the Internet. Resource is often accused of piracy - access to it for this reason, locked in a number of countries. One of the founders of The Pirate Bay, Gottfried Svartholm, currently held in a criminal case in Denmark. He is suspected of committing hacking the website of the Danish police. In addition, the Moscow City Court in December acknowledged Svartholma guilty of distributing web pirated Russian movies.

U.S. network security management evaluation report By Chinese

The Following Article is a evaluation report by Chinese e-government network on United State network security management with interesting conclusion at end.published today on
As early as 2009, U.S. President Obama announced that cyberspace has become a threat to the economic and national security threat of the 21st century, the United States faced the most serious. May 2009, he directed the U.S. Government Accountability Office (US Government Accountability Office, GAO) review of U.S. national cybersecurity policies and procedures. Examination report showed the presence of two important deficiencies: the lack of clear distinction between the task and the lack of strong leadership among federal agencies. Although the White House three years ago, the addition of a new Special Assistant to the President and the "Network security coordinator" responsible for network collaboration among federal agencies leading the coordination and synchronization, the U.S. Government Accountability Office concluded given the overall evaluation is : U.S. National Security management needs to make greater improvements. The main purpose of this paper is threefold: (1) determine the different agencies within the U.S. government network security management tasks, duties and powers; (2) assess the efficiency and effectiveness of the United States national cybersecurity management plan; (3) proposed to enhance the overall network security management strategy proposal is that in order to effectively protect and operations in the United States of network and information resource-constrained environment.
  "Network security threats is one of the most serious problems in national security, public safety and economic challenges facing our country as a whole and so."
  - 2010 U.S. "National Security Strategy"
  Today's hackers are no longer thrill-seeking teenagers, they are organized crime groups, the national armed forces and non-state actors, they spying on people and infrastructure or malicious conduct, to the detriment of U.S. national security and / or economic interests. Although thousands of miles away, but the technology has become more sophisticated foreign hackers can penetrate U.S. computer networks to steal sensitive electronic military technology. In 2009, U.S. President Barack Obama gave to all American citizens nationally televised speech said, "Every day we see thousands batch Network thieves repeatedly steal (our) sensitive information - they are those domestic disgruntled employees, Trinidad Hackers individual, industrial espionage and, increasingly, foreign intelligence services outside the "speech of President Obama's intention is to warn U.S. citizens: a key U.S. security interests are attacked, in order to protect the American people, their assets, and the United States national interest, a timely and effective U.S. network security strategy action plan must be implemented as soon as possible. President Obama went on to explain that "this is a great irony of our Information Age - Those who help us to manufacture and develop the technology, but also to help those who disrupt and destroy our enemies" as countries transition from the industrial age to the information age, President warned the majority of the American people, those new technologies to promote progress in the world is also counterproductive, effective measures must be taken to reverse this trend.
  In order to change the use of advanced technologies for computer hackers luck cybercrime, must develop a new and groundbreaking strategic plan of action to change the current network failure mode. Develop such a plan must include the U.S. government, the international community and the private - the active participation of the public sector, through an independent authority on U.S. cybersecurity stakeholders leadership, guidance and encouragement. The purpose of this paper is to assess the current environment and significant authority to a better understanding of network security management structure, and then how to carry out a reasonable plan of action, and get a good national network security situation made program recommendations in the future. The main purpose of this paper is threefold: (1) determine the different agencies within the U.S. government network security management tasks, duties and powers; (2) assess the efficiency and effectiveness of the national network security management plan; (3) proposed overall strategic plan to improve network security management recommendations to the limited resources and effective protection of the environment in the United States of network operations and information.


In 2008, in response to the continuing threat of cyber attacks on federal systems and services brought about by President George W. Bush authorized the implementation of a new "comprehensive national cybersecurity plan (Comprehensive National Cybersecurity Initiative, CNCI)". The program aims to improve the capacity of the federal government to protect sensitive information, to prevent hackers invade the country and the nation-state institutions network and other networks. In addition, because a number of departments reported that they suffer from a number of computer networks from cyber attacks, the U.S. government decided to implement a "comprehensive national cybersecurity plan." Also established the National Cyber ​​Security Center (National Cyber ​​Security Center, NCSC) to coordinate information on the various federal agencies and departments to ensure network security and facilitate collaboration. "National Cyber ​​Security comprehensive plan" aimed at reducing vulnerabilities, intrusion prevention, and predict potential threats, and the National Cyber ​​Security Center is committed to standardize the current network security processes, and the introduction of new policies and business practices to better protect the computer networks and systems.
  As early as 2009, U.S. President Barack Obama had announced that "cyberspace has become a threat to the economic and national security threat of the 21st century, the United States faced the most serious" and that "the United States in the economic prosperity in the 21st century will depend on cybersecurity." . May 2009, he directed the U.S. Government Accountability Office to review the U.S. national cybersecurity policies and procedures. Review the results of the policy of the U.S. Government Accountability Office focused on network security above responsibilities. David • Bowral authored Government Accountability Office report, and noted the presence of two major shortcomings: (1) lack of strong leadership. The lack of a clear distinction between tasks (2) federal agencies. Concern about the lack of strong leadership began in March 2009, when he was director of the National Cyber ​​Security Center • Rod Beckstrom suddenly to the U.S. Department of Homeland Security (Department of Homeland Security, DHS) Director submitted a letter of resignation claiming that the lack of financial support and not the network security as a national priority development projects, resulting in his decision to resign. Given Mr. Beckstrom's sudden departure for the United States Government Accountability Office and the National Cyber ​​Security posture assessment findings, U.S. President Barack Obama decided to establish a special assistant to the president and "network security coordinator" in the White House, aimed at improving inter-agency Collaboration with synchronized efficiency. "Network security coordinator" This new position will be responsible to the National Security Council (National Security Staff, NSC) and the National Economic Council (Staff of the National Economic Council) report, taking on network security management services throughout the United States, the long-term development of network security planning. To lead a national network program, President Obama in December 2009 appointed Howard Schmidt as the country • A • "Network security coordinator," Howard • A • Schmidt worked for the FBI, specializing in cyber crime, has Microsoft and eBay served as the company's chief security officer, also served as George W. Bush's White House cybersecurity adviser. "Network security coordinator" neither command, there is no budget authority for any federal agency, in today's information age, to solve those problems in the U.S. and the world a lot of network security issues, the size of his administrative staff is not enough The.
  Since December 2009, all federal agencies in the network business and policy developments have made significant progress, but the lack of a collective mechanism and collaboration between the various agencies have been left behind until now. Although the "Network security coordinator" has been appointed in government departments, needs an urgent need to strengthen the leadership and management in monitoring national cybersecurity programs have only recently been put on the agenda. During the Government Accountability Office to conduct periodic review of network security management, policies and programs when determining who is the owner of the network security leadership and decision-making duties, the division of responsibilities between federal agencies have complained about the confusion, because the tasks and responsibilities of the distinction is not clear, repeat duplication of efforts and resources among agencies still exist, which resulted in unnecessary confusion and waste. Some people think that repetitive work and duplication of resources will enhance the country to some extent, and / or increase productivity and network security posture, because redundant network security personnel and equipment conducive to better fulfill its mandate. However, due to lack of policy, leadership, administration and information sharing, network security management is difficult to obtain greater progress. Since the start of each federal agency to develop a similar policy; monitor and maintain the same network; investigating criminal acts; coordination with international and domestic private and public sectors; and perform similar research and development responsibilities for ordinary observer ( U.S. citizens), this repetitive work is clearly a waste of the federal government, state government and industry funding, and national security threats has continued to rise. As the history books tell the story of the West, Wild West is defeated and tamed, the victory by the right leadership, reasonable structure and disciplined organization and a clear strategy and a clear vision achieved, rather than through loose committees, groups and by consensus vague blurred vision to guide policies, programs and made a list. Therefore, the federal government needs to develop and implement new network security strategy, this new network security strategy requires summarize lessons of the past and expected future demand. If only the development of the kind of "passive strategy" and implement "hasty patchwork" solution, it would only make the country in a passive network security dilemma. The world that the United States is the world's technology leader in the development and leadership. As cyber threats continue to spread rapidly around the world, and caused great damage to the economic and security interests, the world needs a role model for the network to achieve effective change, and positive achievements. America needs to lead and to have this ability!

  Tasks and responsibilities

Since the 1980s, network security has always been a thorny problem of the U.S. government, but to tame the wild west was once also a thorny issue. To better understand the network "mesh" Managing complexity in the status quo, which clearly within the core sectors of the U.S. government to develop national cybersecurity policies and operating procedures bears responsibility is very important. In 2010, the Government Accountability Office published an article, clear the following departments and federal agencies have an important role in network security: the executive branch, the Department of Homeland Security, Department of Defense, the Ministry of Commerce, Ministry of Justice, Department of State. This article will focus on the roles and responsibilities of these six federal agencies, as they are the main developer of network security policies and procedures and implementers.
  In the executive branch, the newly established "Network security coordinator" is the primary participants. "Network security coordinator" is one of the National Security Council and National Economic Committee, is responsible for ensuring federal network policy can enhance national security and ensure that the entire government means a coherent. "Network security coordinator" is a U.S. network security "pseudo Godfather", although he was responsible directly to the President, but the lack of funds, and the impact of command of the people and processes in the field of control over the entire network. Federal executive branch departments is another influential OMB (Office of Management and Budget) and its affiliated e-government and information technology office (Office of E-Government and Information Technology, E-Gov). E-government and information technology by the Federal Office of the Chief Information Officer (CIO) is responsible, is responsible for the development and use of "Internet-based technologies enable citizens and businesses to interact with the federal government to become more efficient, saving taxpayers' money, and simplify citizens participate. "• Mr. Steven 瓦洛伊克尔 America's second federal CIO, on August 5, 2011 appointed by President Barack Obama. He replaces Mr. Wei-dimensional Delaunay • hole cards, cards • hole Drouin Victoria Wei is the first U.S. federal chief information officer shall hold office from March 2009 to August 2011, also appointed by President Obama. Federal Chief Information Officer, Chief Information Officer is responsible for the management committee (CIO Council), Chief Information Officer Council is "to improve federal information resources planning, procurement, development, modernization, use, sharing, and practices related to the implementation of major inter-agency organization committee" The committee consists of 28 members from various federal agencies and several other specific federal agencies is / one of the many dedicated Board Committee is responsible for managing network security administrations established. Another important committee in the federal government information and high-level inter-agency communication infrastructure policy committee (Information and Communications Infrastructure Interagency Policy Committee, ICI-IPC), the National Security Council and the Homeland Security Committee (Homeland Security Council, HSC) is responsible. Information and communication infrastructure between the Policy Committee is to coordinate the main body of information and communication infrastructure policy.
  According to "Homeland Security Presidential Decree No. 23" and "National Security Presidential Decree No. 54," U.S. Department of Homeland Security (DHS) official leadership of federal agencies' protective federal government networks and systems ('dot-gov' domain), and coordination with the private sector to jointly protect the nation's critical infrastructure and key resources. "U.S. Department of Homeland Security Federal Protective primarily responsible for information technology (IT) infrastructure and data networks. Most network security functions of the department's focus on national protection and Planning Department (National Protection & Programs Directorate, NPPD), the Division continued by the Deputy Minister of the Department of Homeland Security as a supervisor. National Cyber ​​Security Department (National Cyber ​​Security Division, NCSD) is one of the Council under the Department of Homeland Security, is responsible for "the public, private and international entities collaborate to jointly protect cyberspace and network U.S. interests." National Cyber ​​Security Office Director responsible for overseeing the National Cybersecurity and Communications Integration Center (National Cybersecurity and Communications Integration Center, NCCIC) and the U.S. Computer Emergency Preparedness Team (United States Computer Emergency Readiness Team, US-CERT). National Cybersecurity and Communications Integration Center is an all-weather operations center, "is responsible for federal, state and local governments, intelligence and law enforcement community and the private sector to generate a network and communications running situation map." U.S. Computer Emergency Response Team is also preparing an all-weather operations center, the business sector at the national cybersecurity. It is accountable to the federal civil administration department (Federal Civil Executive Branch) to provide response support and network attack protection, and with state and local governments, industry and international partners on information sharing and collaboration. U.S. Department of Homeland Security / National Cyber ​​Security Department is responsible for some of the network infrastructure from attack protection plans such as the National Network Emergency Response Coordination Group (National Cyber ​​Response Coordination Group). The group consists of 13 representatives of federal agencies, when a nationwide network of serious incidents, the group responsible for coordinating a federal response synchronized. Another network security bears an important responsibility within the Department of Homeland Security Council is the United States Secret Service (US Secret Service, USSS). October 26, 2001, President Bush signed the "USA Patriot Act" (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism, abbreviated as USA PATRIOT) of the Act directed the U.S. Secret Service to establish a national electronic crime Special Task Force (Electronic Crimes Task Forces, ECTFs) network. Electronic crime contingents network not only brings together federal, state and local law enforcement agencies, but also prosecutors, private industry and academia. The contingent is one of the United States responsible for investigating cybercrime many institutions. U.S. Secret Service's mission is to protect the country's financial infrastructure and payment systems to ensure the absolute safety of the U.S. economy, by reducing the "e-crime, financial crime, computer crime, destruction of the payment system, identity theft and other types of financial crime arising from financial The total loss. " Finally, within the Department of Homeland Security, an important network of institutions need to recognize the Information Sharing and Analysis Center (Information Sharing and Analysis Center, ISAC). The agency is to create a partnership between the Department of Homeland Security and the federal government outside the organization. In 2003, the U.S. President signed the "Homeland Security Presidential Decree No. 7:" Identifying critical infrastructure, priority, and protection "(HSPD-7)", states: "The federal government requires that each department within critical infrastructure sectors establish specific information-sharing organization, and threat and vulnerability information to other departments in respect of departments to share. "In response, many departments have set up an information sharing and analysis center to meet the" Homeland Security Presidential Decree No. 7 "requirement. At present, has set up 16 Information Sharing and Analysis Center team, they convened a meeting every quarter: the power industry, financial services, information technology, ground transportation, public transportation, telecommunications, water supply, multi-state cooperation, real estate, research and education, commodity supply, nuclear, marine, highway, national health, emergency management and response. All partners have signed a written agreement when participating in joint exercises networks, as well as to respond to the crisis in the real world of network events, allowing network operators around the clock non-federal members of the daily affairs of the problem and the National Cyber ​​Security and Communications Integration Center within it agency cooperation. Collaboration with the United States has become an important means of synchronization and information network infrastructure to protect federal and non-federal network experts.
  Department of Defense (DOD) is mainly responsible for the offensive and defensive network warfare, and the U.S. Department of Homeland Security is responsible for the defense of the network operations, in close cooperation between the two institutions in order to ensure the full spectrum of combat operations (defense, sniffing and attack) are very well implemented and synchronized to ensure the country against cyber threats. A formal Memorandum of Agreement signed in September 2010 by the U.S. Department of Homeland Security and Department of Defense leaders to strengthen cross-sectoral collaboration and enhance cooperation, as well as to better define the roles and responsibilities in order to avoid duplication of work. U.S. Department of Defense has established a new headquarters in 2010 - U.S. Cyber ​​Command (USCYBERCOM), which is part of the U.S. Strategic Command's Joint Command of a second. U.S. Cyber ​​Command's mission is responsible for the planning, coordination, integration, synchronization and guide the operation of the Department of Defense information networks and protective actions, the full spectrum of military leadership cyberspace operations to ensure U.S. and allied freedom of action in cyberspace, while weakening the U.S. enemy freedom of action in cyberspace.
  U.S. combat forces under the command of network management on behalf of the various branches of power in the network area: Army Cyber ​​Command (ARCYBER), Navy Tenth Fleet Cyber ​​Command (FLTCYBERCOM), Twenty-Fourth Air Force (AFCYBER) and the Navy land Team Cyber ​​Command (MARFORCYBER). In addition to the composition of the armed services have operational control over, the U.S. Cyber ​​Command, also has a dual role the U.S. National Security Agency (NSA) and the Central Security Department Secretary (CSS) Director. U.S. National Security Agency / Central Security Agency in the field of signals intelligence and information security password dominate American academia. This is a national network of military intelligence cooperation and to increase the power of network management partnerships and collaborative mechanisms. Three lines of business within the United States Cyber ​​Command is: U.S. Department of Defense Global Information Grid runs (IT network management); defensive cyberspace operations (to prevent network attacks) and offensive cyberspace operations (network sniffer and network attacks) . Similarly, the Department of Defense network sniffer and network attacks primary leadership duties.
  U.S. Department of Commerce (Department of Commerce, DOC) is another important bodies within the national network security framework, is primarily responsible for technical improvements to the network system and the establishment of critical IT infrastructure plan template for the federal network. Network command of the U.S. Department of Commerce's 1950 "Defense Production Act," given the aim of reducing the supply and consumption of federal agencies to meet defense needs. In computer network security, the U.S. Commerce Department has two important institutions, the National Institute of Standards and Technology (National Institute of Standards and Technology, NIST) and the National Telecommunications and Information Administration (National Telecommunications and Information Administration, NTIA). National Institute of Standards and Technology is the U.S. Department of Commerce to carry out research, development, technology and engineering (RDT & E) power. Based primarily on safety standards, indicators and best practices, is responsible for the commercial and government entities to develop, test, advocacy, monitoring and measurement of new information technology (IT) principles and technical details. National Telecommunications and Information Administration is to provide direct support to the executive branch agencies, is responsible for making recommendations to the President on telecommunications and information policy issues. National Telecommunications and Information Administration's planning and decision-making is largely concentrated in the United States to expand access to and use of broadband Internet. National Telecommunications and Information Administration to develop policies related to the Internet economy, including online privacy, global free flow of network security, online information.
  U.S. Department of Justice (Department of Justice, DOJ) is the chief law enforcement agency of the U.S. government, is responsible for the development of network participation and legal rules established by the U.S. Congress, and those who violate the laws of network-related individuals, businesses, institutions, state and national institute litigation. A subordinate agency of the U.S. Department of Justice FBI (Federal Bureau of Investigations, FBI), is primarily responsible for the investigation and prosecution of cybercrime problem nationwide business. The FBI's cybersecurity mission is to investigate high-tech crimes, such as network-based terrorism, computer intrusions, online pornography crime and major online fraud. The FBI is responsible from the public and private sectors, commercial enterprises and other federal agencies to gather information to analyze forensic evidence cybercrime incident to determine the source or originator of malicious activity. The FBI and other law enforcement agencies (federal, state, local and international agencies) work together to protect and defend the country against the threat of terrorists and foreign sectors, so as to maintain and consolidate the American criminal law. National Network survey jointly contingent (National Cyber ​​Investigative Joint Task Force, NCIJTF) by the FBI in charge of management, including representatives from the U.S. Secret Service and other federal agencies. Web survey organizations as inter-agency coordination of national authorities responsible for the coordination, integration and sharing of relevant information about the investigation of cyber threats.
  The State (Department of State, DOS) is the lead agency responsible for foreign affairs and, therefore, has an important role in the formulation, coordination and supervision of international communications and information policy implementation. According to the 2003 "Protection of national cyberspace security strategy," the State Council was given the strengthening of international cooperation in cyberspace security federal leadership responsibilities. In order to better fulfill their leadership responsibilities departments, many Council was given a specific task. For example, economic, energy and business affairs bureau / International Communications and Information Policy Bureau (EEB / CIP) for international telecommunications and information policy. In addition, the Division of Intelligence and Research (INR), network Affairs Office provides information on network security analysis and coordination of international projects to expand services.
  Among federal agencies with roles and responsibilities of network security continues to improve, obviously network defense operations, policy development, enforcement, research and development mechanism exists redundant and repetitive work will continue to exist between the multiple agencies within the U.S. government . A key reason for this duality is the network of institutions do not specify an independent authority with overall responsibility for network security management. Leaders need unity of command and unity of the regulatory work in what areas and what financial and human resources need to monitor demand within a regulatory body? With the resignation of officials in the past few years, advanced networking, network security management signs of confusion within the field gradually. These leaders are due to the Federal High disorganization and mismanagement forced to leave, and ultimately hinder the process of networking management.

  Assessment Network Security Management

With the growing size and power of cyberspace every day, and the ensuing cyber threats and vulnerabilities have increased exponentially. Due to the growing cyber threats to national interests and infrastructure safety hazards, the United States must have a responsive and efficient, able to solve network security management issues of global cyberspace, time has become an important factor in ensuring this capability. "The U.S. government is facing a series of tough challenges that hindered its responsibilities to develop and implement a structured program" on global cyberspace, includes: (1) to provide the highest authority of the leadership relationship; (2) develop a coherent and comprehensive strategy; (3) cross-sectoral coordination among all relevant federal entities; (4) ensure that the network of space-related technical standards and policies do not create unnecessary obstacles to U.S. trade; (5) participation in international network incident response; (6) distinguish between different legal systems and the implementation of the U.S. criminal and civil law; international standards (7) regulate cyberspace. To meet these challenges it is widely recognized, special assistant to the president and "network security coordinator" must collaborate with other federal agencies and the private sector work together to build a united front to the development of network capacity to meet our country's economic and national security interests.
  In 2010 the U.S. Government Accountability Office review of national cybersecurity policies and procedures during the period, the federal government and no clear organizational structure can effectively resolve the current or future increasingly serious network security problems. Network security management tasks and responsibilities to be distributed to a number of federal departments and agencies, there are many overlapping agencies, but which organizations are no absolute decision-making power, in a coordinated manner can deal with those problems are often conflicting directly. Governments need to integrate strategic vision and plan must be comprehensive, so as to meet the U.S. government to solve network security-related issues facing the demand. The United States needs to mitigate network security risks associated with the development of policies, procedures, personnel and technology.
  • Max Stier, said: "The U.S. government has long been the leader in the use of leverage resources and relationships to form and train a skilled web team", this team should be reasonable network structure, carefully consider the interests of citizens and the state, totally focused At block network threats and vulnerabilities. In the "network security" troika ": government, private sector partners and citizens involved in network security," the article, the authors Huck nits and Stever said: "The security of the network and on the full participation of knowledgeable citizens The demand must be reasonable and proper management of the government's structural demand for par. "They stressed the importance between the U.S. government and citizens to maintain an appropriate balance of responsibilities, because if every citizen is not a participant in the network security, national security Cyberspace goal will never be achieved. To succeed, the government must establish a personal relationship with IT partners to protect the people, not just the beneficiaries of the security policy. Unresolved question is, "Which federal agency responsible?"
  By the 2011 "National Security Strategy Cyberspace" can be seen, the U.S. government has recognized the protection of cyberspace has become a global problem, because interconnected global computer systems, is necessary to adopt a global approach to protect information and prevent infrastructure and economic threats. To reduce network threats, concerted international cooperation and coordination mechanisms need for more open communication and trust. In the past few years, network engineers, incident response, policy makers, intelligence analysts and law enforcement personnel in this field has made tremendous progress, and recognizing the transnational sharing of information and network security solutions into the global transnational security issues importance. Greater obstacle is the security and integrity of data and to facilitate information gathering and sharing process. Within the current U.S. government multi-agency network structure and network repetitive work, American citizens and business owners decide to which federal agencies to seek support and assistance will be a daunting task, but the more difficult task is how the international community to fully realize the American network support. Despite the official pre-coordinated agreements, policies and information sharing treaty reduces the time interval, but new threats into the World Network of tactics, techniques and procedures often require new solutions and respond to new partners; This makes the agreement has been approved outdated or obsolete.
  As we all know, yesterday, skilled hackers "zero day vulnerabilities" to block or disrupt networks, affirmation and tomorrow's advanced persistent threats (advanced persistent threat, APT) can not match, advanced persistent threats to national and non-national criminal organizations stealing intellectual property rights and to engage in criminal activity means new threats. The international community needs a safe and secure network, in this network, critical information can be freely across network boundaries, by reliance on the protection of the infrastructure has been promoted to a global interest, not only national interests. To always be on the growing threat of a global network to stay ahead, America's international partners should have a centralized organization, and "one-stop" agency to collaborative network security issues. Unresolved question is, "Which federal institutions are responsible?"
  Protection of the global cyberspace needs of individuals, public, private, local, state, federal, and international cooperation to jointly improve situational awareness, share information, and promote safety standards, and cyber crime investigations and litigation. In order to achieve the objectives of the proper management of network security, not only for America, but for the entire world, it is very necessary to set up a joint body in the United States, which will improve network security overall stability and security.
  Strategic plan to improve network security management
  Review roles and responsibilities of each federal agency, and to assess the network security management, the author of the U.S. to solve global problems and improve cyberspace network management currently three options put forward suggestions: (1) maintain the existing organizational structure; ( 2) re-adjust the organizational structure; (3) the formation of a new network of institutions. Let the benefits of each program, shortcomings and to focus on the strategic impact analysis.
  Option One (keeping the existing organizational structure). This program requires no change in the current organizational structure of the national security agencies and federal agencies. As the Special Assistant to the President and the "Network security coordinator" in December 2009, appointed a new job, but the network of institutions in its network security management activities is still in its infancy, has not yet developed into a management elements have absolute authority. Through the accumulation of time and experience to keep the existing structure of this program will improve the overall management of the network area. The biggest advantage of this program is no cost burden. Over time, the "shrinking" of the financial needs and improve the coordinator positions can satisfy the current need to cut government spending in the economy, because this program is no restructuring of the financial burden. The disadvantage of this program are: the shortage of heavy workload required; tasks and roles and responsibilities defined priority unresolved; network security operations and policy makers have not yet timely manner. Potential strategic impact has three aspects: (1) Due to policy development and information exchange is not synchronized, which increases the number of attacks and network latency network incident response efficiency; (2) Due to limited regulatory oversight, coordination of the international community of network will be reduced; (3) increase the recovery of infrastructure being attacked restoration costs. All of these issues are on the national security interests of diplomacy and economic measures pose a serious risk.
  Option II (re-adjust the organizational structure). This program proposes to set up a government department level "network committee", by members of the representatives of various federal institutional stakeholders composition, and their command and control delegated to the "Network Security Coordinator office." This program is envisioned the establishment of a new special team comprising more than 20 members, the organization can establish a direct mechanism for sharing "Network security coordinator" of the heavy workload. Establish a constructive and skilled staff agencies, government departments and federal agencies will be of great benefit, because timely and effective inter-agency communication will henceforth become a reality. With this program would require federal agencies involved in the development of new organizational structures. Other advantages include: a balanced allocation of priority allocation, division of responsibilities, workload and enhance cross-border collaboration. Global information exchange by members of the "Network committee" to participate in policy and procedures, as well as attacks on the network response actions, international advantage can be achieved. The disadvantage is high than maintaining the existing organizational structure of the program's costs. But because the office space allocation and personnel resettlement cost will be reduced to a minimum. Compared with Option One and Option III, taking the strategic impact of such programs will be significantly reduced. All national power (diplomatic, intelligence, military, and economic) to achieve successful integration, by strengthening global partnerships; optimize the management and organizational structure; dissuade and deter cyber threats and prevent further recession. Periodically readjust personnel from other federal agencies is absolutely feasible. Although the relationship between leadership and coordination to improve the effect is significant, but this solution does not solve the problem of the lack of budget for network security management rights.
  Option III (the formation of a new network of institutions). Such programs need to create a new federal agency, is responsible for leading all network related activities, including the development and implementation of policies and procedures; synchronize information sharing and coordination among network service local, state, federal and international equivalent bodies; monitoring network in the field intrusion; organization cybercrime forensic analysis; coordination of intelligence and law enforcement; perform research, development, technology and engineering and the development of a comprehensive strategy. Network Coordinator will continue as an important member of the President's Office, to report on the latest developments of national networks and government members to the President, the White House and become the liaison between the new Cyber ​​Command.
  Reduce duplication of efforts and resources management efforts currently under intense process, organizations should conduct a detailed assessment of all federal agencies to determine the potential restructuring of the network elements. This is an external agency of the federal government needs to lead the assessment team, composed of representatives of the assessment team members federal departments and agencies. The formation of a new headquarters members or from other existing federal sector jobs, and hire new employees or adjusted. After a program using new and existing federal employees to establish a joint body, this program is to prevent damage to the overall historic institutions and creating new jobs in the preferred solution. Members of these possible merger policy makers, research and development scientists, federal network operations centers and intelligence analysts. The creation of a new agency will not weaken the demand for inter-agency communication and collaboration; Indeed, the need for communication and collaboration in this inter-agency will be greater. The current government is a net environmental systems and electricity networks, and long-term existence. Intelligence, economic, military, law enforcement and foreign affairs management, not only by a separate federal agency management, and each factor is also a subset of the various federal agencies. For example, each department currently has an international security cooperation qualifications, a budget department, a legal and policy sectors and a network of threat analysis organization, it can be said network management and communications and information management basically similar. Although the network is among the common elements of all federal agencies, the future network services in the public, private and federal sector will continue to grow exponentially. The world's only just in the early stages of information technology, including network attacks and network security. If the majority of the American networks are located in the private sector, the majority of network security risks also exist in this environment, it is mainly economic issues. The rest of the U.S. networks, such as: ". Gov" and ". Mil" network, charged with the important task of protecting sensitive or confidential information, and these networks have been well protected. The disadvantage of this approach is the need to give consideration to create a new institution.


Due to current molecular criminals and terrorists continue to infiltrate the Global Information Grid, protect U.S. security interests core becomes critical. However, in order to achieve significant progress in cyberspace management, time becomes an important factor in ensuring this capability. In the short term in order to ensure both get immediate results, but also minimize the use of resources, the best option is Option Two: Re-adjust the current organizational structure. This program meets strong leadership; improve global collaboration and inter-agency; timely develop and implement policies and procedures; improve oversight of network operations; enhanced situational awareness as well as national security reduce economic costs. The key to success is a rational structure of regulatory agencies, for directing, guiding and promoting the network security team has absolute power. Option Two is to solve the current shortage of network security management framework the best choice.
  However, long-term solution is still the plan three, create a new network of institutions. Build a new headquarters in the United States not only improve network management capabilities, but also that the United States has to the international community as a national cybersecurity priority development projects, and can create a real sense of the enemy other nation-states and non-nation-state's network edge. Other advantages of this approach is that the command of centralized decision-making focus, reduce repetitive work and clear distinction between the tasks and responsibilities. Although you can propose a feasible demand a declaration that based on the current threat is absolutely necessary to set up a new network security federal agencies, the time and resources required to obtain congressional approval, and the establishment of an effective and efficient organization, which is undoubtedly a complex arduous and difficult task. Also need to respond to the current financial burden of reduced economic spending plan, and may lead to unrest within the public sector; Although you can create new jobs. A comprehensive strategic roadmap and strong strategic communications plan will need approval from Congress and the general public to actively support for this program.

  Our country's top decision-makers must consider the adoption of long-term strategic plan to ensure that the United States can rely on the safe use of cyberspace. So far, the U.S. government has taken measures to deal with the traditional network security issues - these measures failed to achieve the desired results. 2008 "Comprehensive National Cybersecurity Plan" and the subsequent series of efforts aimed at the establishment of a network defense strategy to make some attempt, by improving early warning capability to deter cyberspace interference and attacks; clear the private sector and international partners task; and develop a reasonable response to the State and non-State actors.
  New, non-traditional network security measures need to completely break the current network security organization inefficient "rice bowl" of protectionism. Intelligence sharing government and the private sector between network security operations center will be the first and most important step. Federal cybersecurity organizations and the ability to integrate (to reduce duplication of work and business to a minimum), it may be cost savings and enhance our national cybersecurity posture of the second step. Increasingly savvy leader has absolute power in cyberspace is the third step. Huge capital expenditures how we will solve the problem and deal with national cybersecurity coordinated action to change this culture is enormous challenges we currently face.

Fake ‘MMS Gallery’ notifications impersonate T-Mobile U.K, expose users to malware

Over the last two months, some groups of cyber criminals were monitored — and proactively protecting from — the malicious campaigns launched by cybercriminals who are no strangers to the concept of social engineering topic rotation. Their purpose is to extend a campaign’s life cycle, or to generally increase a botnet’s infected population by spamming out tens of thousands of fake emails, exposing users to malicious software. The most recent campaign launched by the same cybercriminal(s), is once again impersonating T-Mobile U.K in an attempt to trick mobile users into thinking that they’ve received a legitimate MMS Gallery notification. In reality though, once the attachment is executed, the victim’s PC will automatically join the botnet operated by the cybercriminal(s) behind the campaign, ultimately undermining the confidentiality and integrity of the host.

Sample screenshot of the spamvertised email:
T-Mobile_UK_United_Kingdom_MMS_Gallery_Notification_Spam_Spamvertised_Malware_Malicious_Software_Social_Engineering Detection rate for the spamvertised attachment: MD5: bff8af7432ced6e574e85d9241794f80 – detected by 8 out of 47 antivirus scanners as Trojan.Zbot; W32/Trojan2.OADJ.
Once executed, the sample phones back to Go through related assessments of campaigns known to have been launched by the same cybercriminal(s), also phoning back to the same C&C server:
Related malicious MD5s that are known to have phoned back to the same C&C server over the last 24 hours:
MD5: 334caadd87414cec33aeed2cd5660047
MD5: 758427f8dbca63c5996732d53af9d437
MD5: 3c2c403e4e13634e5ff16ff0d5958f4a
MD5: 8d8cdb8e019f6512ec577b65aacd8811
MD5: 292b15c5c38812d99ee5b71488d4da84
MD5: e53efd2f8cf233ebdaff75547a7afe2a
MD5: d20943554561953f5f495f2497fb6ec7
MD5: 9c26ccbd415da8c9eaf99e347ffd46bf
MD5: 32d86dcf3dae6ccf298745293992c776
MD5: 6a1d9111dde1c54e06937594642d1c96
MD5: 555aba5436e4b7c197b705803063528f
MD5: f5257fa2d6948f14ec92c77f45b0bff9
MD5: f3aa65b13c7d6552bf6e5c40f502194e
MD5: ef1d8ff8ea198e4e601e90f645acbfdb
MD5: ee9f046ff9cce896faf3cd9094a14100
MD5: f1b3ab7ecc9268d8ed2e2afeafaa34ab
MD5: ed43d198b52ff644c0a38e45def54ce6
MD5: ea1a91d504c8ccffcd2a22ea9a8e9f82
MD5: e9a5b9e3d0b69248dd3f2e769ce6f9eb
MD5: deac0b055af271d8f30bba759a18bae4
We’ve also observed two newly introduced C&C servers within these samples, namely, – and

Rogue antivirus that takes webcam pictures of you

Recently we heard of a rogue fake antivirus that takes screenshots and webcam images in an attempt to further scare you into succumbing to it’s scam. Webroot, IT security Research group gathered a sample and sure enough, given some time it will indeed use the webcam and take a picture of what’s in front of the camera at that time. This variant is called “Antivirus Security Pro” and it’s as nasty as you can get.
Antivirus Security Pro The rogue locks down any of the Advanced Boot Options: Safe Mode, Safe mode with Networking, Safe mode with Command prompt, directory services restore mode, ect. As soon as these are picked the computer will just restart back into normal mode where all executables are flagged as malicious. If you don’t purchase the scam in a few minutes it will take a picture with the web cam and then warn you that  [insert name of good process].exe is “malicious” and attempting to send it to unidentified users. This is a really impressive step in social engineering to scare people and I’m sure has increased the percentage of people who pay out to the scam.
Webcam Shot
Picture of our office
However, this is false and there is no trace of the webcam images being sent anywhere. The only network traffic this Rogue has is during initial drop to download all of its components.
If you have Webroot SecureAnywhere installed then not to worry, this virus should be blocked in real time as soon as it is written to your hard drive; the only notification you’ll receive is a notice that it was quarantined.
However, removing this virus once it has infected you is a little trickier without the comforts of the safe modes. Those of you that try system restore, you’ll notice that this virus disables it. All the file does is disable System Restore.  It does not delete any restore points so you can just turn it back on and restore to a previous point. To turn on System restore: Click Start > Right click computer > select properties > Click System protection > Select your OS Drive (Typically C:) > Click Configure > Check “Restore system settings and previous version of files.” Please note that once you restore to a previous point only the registry entries are going to be removed, so although the virus no longer starts up when your computer does, you will still have to manually delete the files.

Location of Files:
%CommonAppData%\”random name”\
%CommonAppData%\”random name”\DD1
%CommonAppData%\”random name”\”random name”.exe
%CommonAppData%\”random name”\”random name”.exe.manifest
%CommonAppData%\”random name”\”random name”.ico
%CommonAppData%\”random name”\”random name”
%CommonAppData%\”random name”\”random name”kassgxDq.lg
%CommonAppData% = C:\Documents and Settings\All Users\Application Data\ in Windows XP and C:\ProgramData\ in Vista/7/8

Shell embraces cloud computing to reduce hardware use

BARCELONA: Energy giant Shell is embarking on a company-wide push to use cloud software in order to reduce its hardware kit.
Speaking at HP's Discover conference, Karel van Zeeland, founding member of Shell's IT4IT consortium, which leads the firm's work deploying IT for other divisions, explained that software-as-a-service (SaaS) tools are now being implemented wherever possible.
"We are moving away from on-premise installations of software and to the SaaS model. We don't need the kit to make these [software tools] work, we just want the outcomes it generates," he said.
"Shell's strategy is to move things into the cloud. If some services cannot meet our requirements when it comes to privacy regulations, we will refrain from going to SaaS and still implement an on-premise solution, but we see that as an interim over time as SaaS is the direction we want to go in."
As well as security issues, van Zeeland noted that there are other concerns with cloud tools, although not enough to stop cloud uptake at Shell.
"The whole SaaS industry is relatively immature, especially around things like service levels, so being informed at an appropriate point in time about something going not so fantastic is a challenge."
Van Zeeland added that Shell is using software from HP as part of this push, replacing its previous mix of vendor and home-grown software so it can simplify its IT use.
The move by Shell to embrace the cloud is another major example of the impact the trend is having on enterprises of all sizes. Ajay Singh, general manager for IT operations management at HP Software, said the technology firm is now hosting "hundreds" of private cloud deployments.
Embracing the cloud is another example of the major IT shift at Shell, after it revealed earlier this year that it is embarking on a 135,000-strong bring your own device (BYOD) strategy, in order to try and boost staff productivity.

Edward Snowden Time Magazine’s runner-up for person of the year

The 30-year-old National Security Agency contractor that leaked top secret documents about extensive cyber-surveillance programs is the runner-up to Pope Francis for Time Magazine’s person of the year.
Now in exile in Moscow to avoid prosecution by U.S. authorities, Time recounts an October visit Snowden held with four other dissidents from U.S. national security agencies and his lawyer. The story reveals to what extent Snowden is maintaining secrecy, only accepting his guests, not allowed to carry cell phones, after an unmarked van picked them up from the airport and drove them through a maze of streets to be deposited at an unmarked building. Snowden only uses the Internet behind an elaborate wall of encryption technology and anonymizing tools.
Snowden again describes his motivations for leaking the documents that revealed the PRISM surveillance program, among other secret operations conducted by the U.S. government and some related Canadian government operations as well:
“There is a far cry between legal programs, legitimate spying, legitimate law enforcement—where it is targeted, it’s based on reasonable suspicion, individualized suspicion and warranted action—and the sort of dragnet mass surveillance that puts entire populations under a sort of an eye and sees everything, even when it is not needed,” Snowden told his colleagues. “This is about a trend in the relationship between the governing and governed in America.”
As part of  its spying efforts, the NSA tapped into public cloud computing services such as Google, Yahoo, and Facebook. It collected metadata such as contact lists from personal email and instant messaging accounts. Those revelations have rocked the business world, with major tech brands just yesterday announcing a new coalition that takes a position against mass surveillance efforts. Businesses in Canada have also said they are now more wary of storing data in the U.S. as a result of learning of the surveillance programs. At the same time, Canadian cloud providers and the Canadian Internet Registration Authority are doubling down on efforts to build an Internet backbone that will allow Canadian data to stay on Canadian soil, avoiding U.S. jurisdiction.
Time’s story includes an e-mail exchange with Snowden, in which he describes personal privacy as under threat. He hopes his actions will spur society to reconsider the path toward secret surveillance, and instead towards one that would develop new technical standards to make such an activity impossible for anyone.

The Big Bot Invasion

Incapsula Bot Traffic 2013 Bots might be taking over the world sooner than you think. According to Incapsula's latest infographic and report, there's more bot traffic on websites than human traffic. Compared to its last report, the cloud-based service noticed a 21 percent growth in total bot traffic.
Around 38.5 percent of Internet traffic is human while the remaining 61.5 percent is made up of bot traffic, ranging from safe to malicious ones. Incapsula offers two possible reasons for the recent boost in bot traffic: one, new online services introduce new bot types to the web, and two, some of the good bots that are programmed to visit the same websites periodically have shorter patterns. This means that they go to these websites more often than they used to, contributing to increased traffic.
Good Bot, Bad BotLet's hear the good news first. The report points out that while the percentage of malicious bots is roughly the same, Spam Bot activity has decreased to half a percent this year from two percent in 2012. We can thank Google's anti-spam campaign for this; with the latest Penguin 2.0 and 2.1 updates, the company caused a 75 percent decrease in automated link-spamming activity.
Now for the bad news. While spam activity is down, the group of unclassified bots with a range of hostile intentions has risen by eight percent. All of these bad bots try to assume a person's identity to navigate their way through a website's security measures. They can be broken down into four different types of malicious bots.
Who They Are and What They WantYou first have your scrappers who target anyone and are mostly concentrated on travel industry websites, classifieds, news sites, e-stores, and forums. Scrappers duplicate content, steal email addresses for spam, and reverse engineer price and business models.
We're all familiar with the spammer category. Spammers lurk on blogs, forums, and other websites that allow posting. They post annoying, irrelevant content or malware links that can harm websites' other visitors. These nasty bots can also turn a site into a "link farm" that causes search engines to blacklist it.
Hacking Tools prowl mostly on CMS-based websites like Joomla or Vbulletin. They commit data theft, inject and distribute malware on the site, hijack servers, and deface or delete website content.
Finally, impersonators can be found anywhere and target anyone. These sneaky, automated spy bots are in a higher tier than the others. They can commit layer seven DDoS attacks, which result in service degradation and website downtime.
Remember that even though hackers might be getting smarter, you can still fight them off. Be careful about what websites you access and what you post or share on them. There's a whole range of antivirus software available that helps fight existing and future malware attacks. One of our favorites is Editors' Choice BitDefender Antivirus Plus (2014). The more protection you have, the better off you'll be against a bot attack.
Click on the image below to view the full infographic.
Incapsula Bot Traffic 2013 full

Your Network's Been Hacked: Get Used to It

Exploit Lifecycle
On the second Tuesday of every month, "Patch Tuesday," Microsoft pushes out patches for bugs and security holes in Windows and in Microsoft applications. Most of the time the problems addressed include serious security holes, programming errors that could let hackers penetrate network security, steal information, or run arbitrary code. Adobe, Oracle, and other vendors have their own patch schedules. An alarming new study by NSS Labs suggests that on average, hackers have about five months of unfettered access to these security holes between initial discovery and remediation. Worse, specialized marketplaces exist to sell newly discovered vulnerabilities.
Dr. Stefan Frei, Research Director at NSS Labs, oversaw a study that pored over ten years of data from two major "vulnerability purchase programs." Frei's report points out that that all of the resulting figures are minimums; there's clearly plenty more going on that they simply don't know about. Based on what they do know, the market for information about exploits has grown significantly in the last few years. Ten years ago, the two companies studied had just a handful of undisclosed vulnerabilities on any given day. In the last few years, that number has grown to over 150, over 50 of which relate to the top five vendors: Microsoft, Apple, Oracle, Sun and Adobe.
Exploits for Sale, Cheap
Stuxnet and other attacks at the nation-state level rely on multiple undisclosed security holes to penetrate security. It's assumed that their creators pay huge dividends to obtain exclusive access to these zero-day vulnerabilities. The NSA <a href="" target="_blank">budgeted $25 million</a> for exploit purchase in 2013. Frei's study revealed that prices are now much lower; still high, but within the reach of cyber-criminal organizations.
Frei quotes a New York Times article that examined four boutique exploit providers. Their average price for knowledge of an as-yet-undisclosed vulnerability ranged between $40,000 and $160,000. Based on information obtained from those providers, he concludes that they can deliver at least 100 exclusive exploits per year.
Vendors Fight Back
Some software vendors offer bug bounties, creating a kind of crowdsourced research program. A researcher who discovers a previously unknown security hole can get a legitimate reward directly from the vendor. That's surely safer than dealing with cyber-crooks, or with those who sell to cyber-crooks.
Typical bug bounties range from hundreds to thousands of dollars. Microsoft's "Mitigation Bypass Bounty" pays out $100,000, but it's not a simple bug bounty. To earn it, a researcher must discover a "truly novel exploitation technique" that can subvert the latest version of Windows.
You've Been Hacked
Bug bounties are nice, but there will always be those who go for the bigger reward offered by boutique exploit providers and cyber-criminals. The report concludes that any enterprise or large organization should assume its network has already been hacked. Blocking or even detecting a zero-day attack is tough, so the security team should plan for the worst with a well-defined incident response plan.
What about small business and personal networks? The report doesn't talk about them, but I would assume that someone who paid $40,000 or more for access to an exploit would aim it at the biggest target possible.

The Less Thoughtful Phisher

Examples of  phish messages that suggest a problem with your account that they need you to log in to fix. (Of course, you aren’t really logging in to a legitimate site.) Mostly their appeal is to fear and paranoia – I’ll look at some of those in due course.

New Year’s resolution

This one is more interesting, though, in that it suggests a technical/administrative error, or maybe a mistake on the victim’s part.
Nationwide – Resolve Your Account
We are sorry to inform you that your account in NATIONWIDE Internet Banking System is not fully available.
During the last update of your account details, our security system reported many required fields not filled.
To finish the activation process please follow the link below.
Click here to complete your account
Thank you for banking with us.
Nationwide Building Society.
We’ve probably all had the experience of being unable to complete a transaction because a form isn’t constructed to meet the conditions that we find ourselves in: for instance, it might include some fields that are too restrictive in format, such as a postcode format that assumes you have an American zipcode. Or it simply hangs or crashes out for no obvious reason, perhaps a browser with collywobbles. So this approach could be quite convincing for an incautious potential victim.
The English is slightly better on this one than it is on many others, though it still sounds a little ‘foreign’. I’m not sure how many potential victims would be put off by that, though poor English is certainly a viable heuristic for detecting likely phish messages. People who write emails on behalf of a bank in a given region are likely to be native speakers of the language primarily spoken in that region. I’m not sure if ’fully available’ is deliberately vague, but it might reassure someone who tried to access the phishing site and tried to access services to which it didn’t include valid links.

It does you credit

Here’s one that could almost belong to the previous article, since it describes something desirable (an incoming credit), though it also describes an imaginary problem.
Dear Santander Account Holder,
At Santander We take our internet banking security seriously. When using our internet banking you automatically benefits from our internet banking promises.

There is a pending Credit payment into you account from our account department for security reasons invalid records and your 4 digits Security Pin we require you to confirm your account status and profile on file with us before this transfer can be completed.
This can be done in 2 simple steps using the reference provided below.
Confirm Pending Credit
Please accept our apologies for any inconvenience this action may have caused
Yours sincerely,
Online Customer Service
As usual, there is no personalization. The English is abysmally bad. And why on earth would they need your PIN in order to facilitate a credit?

Jump to it!

Now we move to a class of phishing message that appeals to your fear of insecurity, if not downright paranoia. This set of messages is characterized by subject lines such as ‘[your bank] Important Security Notification’ or ‘Credit Card Security upgrade – Must Read’ to create a sense of importance and urgency.
Starting from September 25 2013, Lloyds bank introduces new authentication procedures in order to better protect private information of our account holders.
Please note that accounts that are not reviewed within 48 hrs are subject to termination.
To avoid service interruption click here to avoid services interruption 
Thank You.
Lloyds Banking Group.
Again, the English isn’t bizarrely wrong, but is slightly odd. Note the further use of a common phishing technique: the scammer tries to frighten you into complying before you’ve had time to consider it properly, by threatening to terminate your account if you don’t react immediately.

It’s good for you

And here’s another. Short and not particularly sweet, but doesn’t contain an overt threat.
Dear Valued Customer:
We have upgraded our system security service bringing significant performance improvements and new features, which all Nationwide Building Society customers will enjoy.
Due to this upgrade we urge you to please upgrade to this service now for security purpose.
Please kindly click here now to upgrade your Nationwide Building Society account to the latest security feature.
Nationwide Building Society

Welcome to Halifax. Errr, Lloyds. Um, Halifax….

The next one is interesting in that it’s more than usually sloppy: it can’t quite decide which part of the Lloyds banking empire it was sent from. The apparent sender is Halifax [] but the subject is LloydsTSB – Account Upgrade Notice.
Dear Valued Customer,
We recently reviewed your account and noticed that your Halifax account details needs to be updated and verified.
Due to this, you are requested to follow the provided steps to confirm your Online Banking details for the safety of your accounts.
Simply click on secure account to update your Internet Banking details.
Thank you for banking with us.
Yours sincerely,
Customer Service Department.
Halifax Online Banking
Scams like this are very much less effective if you bear in mind that the last thing a responsible financial institution is likely to do is to ask you to upgrade your security by going to a dubious link in an unexpected email.
You might also bear in mind that your bank probably knows whether it’s called the Halifax or Lloyds TSB. Of course, banks and building societies do merge – Lloyds TSB is itself the result of the merging of Lloyds Bank and what was once the Trustee Savings Bank, and the Halifax is nowadays part of the Lloyds Banking Group – but where both names are used randomly like this, it just means that the scammer has used a standard template and forgotten to change one of the name references to fit the current phishing target.

We’ll text you when we’ve robbed you

The next one is kind of interesting because it offers a service. But not the one you might think that it’s offering.
Valued Customer,
Your NatWest Credit Card is designed to help keep you safe
Receive alerts when we spot a suspicious transaction
Sometimes we spot what looks like a fraudulent transaction on your credit card - 
so to make sure, we’ll call you and check. Better still, why not join our free fraud 
text alert service?
It’s just another way we’re working to keep your card and your money safe.
To sign-up for this service, simply click fraud text alert services.
And we’ll simply steal your credentials.

Enter the Terminator

And finally one that bolsters the notification of ‘service update’ with a threat to terminate the account, if the victim doesn’t respond immediately:
At NatWest Card Services, we take the job of protecting our customers seriously,
So for your protection we are proactively notifying you of this activity.
Starting from November 13 2013, NatWest Card Services introduces new authentication procedures in order to better protect private information of our account holders.
Please note that accounts that are not reviewed within 48 hrs are subject to termination.
To avoid service interruption Click Here to avoid services interruption
Thank You.
NatWest Card Services.

60 Years Later, Facebook Heralds New Dawn for Artificial Intelligence