Page 1



Ed. 6 October 15-19, 2012

city of Naperville, Illinois

- Cost of

recent cyber-attack on the »

312 Days

- Average

length of a Zero-day Attack

Zero-day Attacks Are More Malicious and Last Longer Than Expected

according to Symantec

830 Volts -


of voltage that can be sent through a wirelessly hacked Pacemaker

Photo: newscientist

A recent study conducted by Symantec shows that zero-day attacks, which are attacks that exploit software flaws before they’re publicly disclosed, are more dangerous than we thought. The study found that the average length of a zero-day attack was 318 days, and some lasted for two years or more. That is a painfully long time to have malware sitting on your networks. In terms of danger level, five zero-day attacks were how the recent Stuxnet malware infiltrated Iranian nuclear facilities. Zero-day attacks are the latent destroyers of the cyber-security world, the attacks that sneak in and stay there, either harvesting information or waiting to strike at the right moment. The study also revealed that there are many more zero-day attacks than we were initially aware. Sixty percent of zero-day vulnerabilities identified in the study were not even known before, which means that there are potentially twice as many zero-day exploits out there than experts first believed. However, even with this information, zero-day attacks are still not your everyday hacker tool. It is reserved for highlevel targets, as it is still relying on knowing the complexities and flaws of a software before the issue is even known.

DID YOU KNOW? K logix, FireEye, and RSA will discuss preventing zero-day attacks and malware on Nov. 1st in Boston. Join us.

Source: Ars Technica








Hacked Pacemakers Could Send Deadly Shocks A few weeks ago, we covered a short story about the potential to hack a car and shut it down remotely. It sounded a little far-fetched, almost like something from a movie. At a recent developer’s conference, the ability to hack a pacemaker wirelessly was revealed and now the car hacking seems minor in comparison. This remote device, from 30 feet away, sent 830 deadly volts through the pacemaker. Not only did it access the pacemaker, but there was also a way to activate every similar device within another 30 feet radius of the pacemaker, sending a wave of shock throughout all nearby devices. This isn’t the first time pacemaker vulnerabilities have been exposed, but it hasn’t been seen to this extent yet. Healthcare has always needed to keep cyber security a top priority with the transition into mostly electronic records, but the concerns for medical devices can not be overstated. Source: TechCrunch

DID YOU KNOW? K logix penetration tests can verify vulnerabilities in applications and devices. Photo: Gizmodo

Hacking Costs Naperville More Than $600,000 A few weeks ago, the city of Naperville was hacked and had its website and e-mail down for nearly a week. With such a damaging attack, the city council had to take action fast. They approved spending upwards of $673,000 to get new security hardware, software, computer servers, and other necessary tools. The next plan of action is to find the hackers who caused this mess. “We’re going to bring them to justice...a crime has been committed” commented City Manager Doug Krieger. Despite the fact that strong action is now being taken it doesn’t change the fact that this cost the city of Naperville big time. Luckily no critical information seems to have been taken, but just having the website and e-mail services down for an entire DID YOU KNOW? week is already brutal. The spending approved was only to strengthen their current systems and doesn’t account for how much productivity the K logix estimates data loss city and its people lost for the week.

will cost organizations .77% of revenue in 2013.

Source: Chicago Tribune

Russian Anti-Virus Firm Plans Secure Operating System to Combat Russian anti-virus firm Kaspersky Lab announced that it was going to develop its own secure operating system to protect critical infrastructure systems from online attacks. With some of the major countries in the world keying in on this type of danger, and looking to guard against these attacks, it makes sense a company like Kaspersky Lab would try to address it. But, in addition to the challenges Kaspersky already faces developing a secure Operating System and convincing major companies to use it instead of Windows or Linux, the company faces another uphill battle with American adoption. Namely, while an independent company, Kasperky is loosely tied to the Russian government. It’s founder was trained at an organization supported by the KGB and he served in the military there. Again, it’s important to stress Kaspersky is an independent company, but critical infrastructure providers in the United States will likely think twice before relying on an OS from a Russian company, given the US has identified Russia as a leading source of cyber attacks. Source: Wired © K LOGIX, LLC







K logix Data Security Weekly 10_19_12  

The week in data security news