The time that an average user spends to come up with a password is considerably longer than the time needed to break it. Furthermore, 90% of users’ passwords can be broken within seconds.
These are the results of a research conducted by Deloitte Canada.

The most typical mistakes that users make while selecting a password: use of the same password for different accounts (sites and services), predictable passwords, simple passwords (digital, same letter case, dictionary-based).

Considering today’s growth of available computing power and the possibility of using cluster computing (uniting many computers into a single network for solving a specific computing task), the efficiency of password breaking techniques has increased manifold.

Large companies are already working on additional user authentication method that will be more efficient than passwords in the long run.
It is assumed that these methods will include passwords delivered in text messages, fingerprint scanning and so on. Google, for instance, is working on special RFID tags for user authorization.
The most popular (and, therefore, the least reliable) passwords in 2012 were:

• password
• 123456
• 12345678
• abc123
• qwerty
• monkey
• letmein
• dragon
• 111111
• baseball
• iloveyou
• trustno1
• 1234567
• sunshine
• master
• 123123
• welcome
• shadow
• ashley
• football
• Jesus
• michael
• ninja
• mustang
• password1

According to a research called “The Impact of Mobile Devices on Information Security” published by Check Point® Software Technologies Ltd., the number of mobile devices connected to corporate networks doubled in 2010-2011. Half of these devices contain confidential information.

The management of 70% of the surveyed companies are confident that it is the use of mobile devices that results in the increased number of data leaks. This mostly happens when devices containing corporate emails (80% of cases), client databases (around 50%) and corporate passwords (around 40%) get lost or stolen.

Corporate users are actively embracing mobile devices and services, thus creating a lot of problems for IT experts responsible for the security of corporate data. Modern standards do not cover new security threads, and yet it’s not reasonable to completely stop using mobile devices, since they give users a number of advantages that boost their performance and provide them with quick and convenient mobile access to corporate resources.

Check Point report highlights:

• In 94% of companies, the number of mobile devices connected to corporate networks has increased.
• In 78% of companies, their number has more than doubled over the past two years.
• The most popular mobile platforms used in corporate networks are:

1. Apple (30%)
2. BlackBerry (29%)
3. Android (21%)

• 43% of companies believe that Android-based devices pose a serious threat to their information security.
• The key threats undermining information security are:

1. Lack of knowledge in the information security field among corporate users (over 70%).
2. Use of mobile devices for web browsing (61%)
3. Use of unprotected wireless connections (59%)
4. Device loss of theft (58%)
5. Downloading of malicious software to mobile devices (57%).

The antivirus company Kaspersky Lab has announced that online fraudsters are showing  much greater interest in personal data.

In 2010 more than 1000 000 viruses, aimed at stealing this data, were added to Kaspersky Lab’s virus database. This is double the number for 2009 and compared to 2006, 7.5 times greater.

Most of these viruses are trojans which spy on an infected computer (Trojan-Spy, 135% increase for the year). Slightly behind these are viruses which steal log-ins and passwords (Trojan-PSW 94% growth) and those which try to steal banking system keys (Trojan-Banker 22% growth).

Millions of computers are attacked every day by malicious software. Many of them become infected and fall into the control of criminals. These computers, without their owners authorisation, are used by criminals to send spam and launch DDoS attacks, while data from these computers (including personal and confidential) can be used in any way and by anyone.

McAfee, Inc. has published research on how aware companies are of risks associated with computer security. This report shows that almost half of the organisations do not have a reliable defence against such risks, or do not know anything about them at all. Only 20% of companies have confidence in their IT security provisions.

Despite the fact that a large number of programs have appeared this year which analyze IT security of corporate networks and check compliance management, they have not been very popular. Corporate users prefer integrated solutions to narrowly specialised products.

Due to changes in legislation the need for security policy compliance is an issue for 75% of companies, while 10% have already received fines. Databases containing personal information have caused the greatest problems, so they have received the greatest attention.

“Organizations are under increasing pressure to protect customer information and privacy, as well as their own sensitive business information, driving the need for a strong focus on risk and compliance management. As the results of this study show, companies recognize the need to improve risk management through better identification of threats, vulnerabilities and countermeasures, as well as the need to improve policy compliance through more automation of IT controls,”

said Stuart McClure, senior McAfee vice president.

The recruiting company HeadHunter carried out research in 2010 where they questioned 1600 employees of Russian companies on information security.

The research showed that the management of most companies worry about this issue: 75% of companies have strict rules on working with internal information and the larger the staff the stricter these rules are.

• The management of more than 30% of companies had experienced information leaks.
• More than 30% of those employees questioned know that their personal correspondence and blogs are monitored.
• 68% of those questioned admitted signing agreements on information disclosure on joining their company.
• 52% are aware that special software tracks their computers and 24% that memory sticks are banned.

Despite this, 51% of those questioned believed that they could tell one of their friends or relatives office secrets, while 30% have already done so. Among those questioned were also people who had passed on secret information to competitors.

According to the data from this research, the presence of a company security service makes almost no difference.

The analytics company InfoWatch, which has gathered statistics on information leaks since 2004, estimates the loss due to leaks in 2010 at $200 million. Their statistics show that the internet was the third major source of information leaks after mail and various mobile, data storage and paper media.

It is also interesting that, according to InfoWatch data, that the most popular method, blocking staff access to social networks, does not in any way correlate to the probability of information leaks.

ChildWise, a British research agency, has published a report based on surveys completed by two thousand kids aged 5-16 from 92 different schools.

The report clearly states that various Internet-enabled devices are gradually becoming a sort of “virtual nanny” and Internet is becoming the children’s playground.

The Internet is steadily replacing television that has been playing this role for years.

The following figures from the report appear to be quite interesting:

• School-aged children spend less time every week on doing their homework than on using their computers.
• Around 97% of schoolchildren aged 11-16 have a personal cell phone (89% for adults and 30% for 8-year-olds).
• Most of them use their phones for going online.
• Around 60% of children aged 11-16 have a computer and a TV set and 50% of them have permanent Internet access.
• These kids spend their free time in social and torrent networks and on video portals.
• Over 30% of kids aged 7-10 use social networks, although it’s only legal for children aged 13 and above.
• 30% of the respondents have a personal blog and 62% have a profile in a social network.
• Children with Internet access spend an average of 1.7 hours online every day, slightly more on watching TV and just as much time on playing computer games.

Doctor Emma Bond, a child development expert, believes that it’s high time for many parents to re-evaluate the situation, restrict access to television and websites and start educating their children on their own. She also added that “school-aged children also use cell phones for sexual development by using them as a means of establishing intimate contacts with each other”, which is an important element of the personality formation process.

January is the time to look back at the previous year and study predictions from experts for the coming year. The field of information security is not an exception.

A large developer of solutions in this field. the company Stonesoft (Helsinki, Finland), has prepared a report on upcoming threats based on data analysis for several recent years.

Stonesoft experts, who have 20 years experience in information security, have compiled a list of the most likely trends for this year:

• Viruses are expected to appear for Apple systems.
• The number of attacks on social networks will increase, including attempts to hack user accounts.
• «Information wars» are expected, attacks aimed at government bodies for political and financial reasons.
• There will be an increase in the number of attacks on companies for financial benefit, including using social engineering methods.
• There is also a possible increase in the number of Stuxnet like attacks on important sites.
• A possible target may become mobile and smart phones.
• Viruses will become more complex in the search and use of system vulnerabilities, and carry out the task to «infect everything at any price».
• Developers of security systems will have to unite their efforts to search for methods to prevent attacks which use the recently discovered AET mechanism.

The Stonesoft Director for information security Joona Airamo believes that in 2011 the greatest threats will be logical extensions of the most important themes of 2010. These were the intellectual worm Stuxnet, advanced evasion techniques (AET) and, traditionally, social engineering.

The year of 2010 became a year of rapid growth of online fraud. Millions of computers were infected, dozens of new fraud schemes were used for the first time and millions of dollars were stolen.

The only decline in fraudulent activities could be observed among spammers: after a number of large botnets were shut down, spam traffic dwindled by around 10%.

The past year also demonstrated an entirely new term in information security – cyber wars – in action. Key government agencies experienced the consequences of intricate and highly complex massive attacks twice in 2010: a worm called Stuxnet attacked a nuclear power plant in Iran and “Operation Aurora” enabled its initiators to steal confidential data from the databases of major international companies.

In the majority of cases, users’ computers were infected in one of the following ways:

• Through social networks
• Through phishing sites
• Using 0-day exploits

Let’s take a look at the rating of the Top 10 most popular fraud methods used online in the past year (according to the data provided by antivirus companies):

1. Viruses designed for stealing account details in online banking systems.

Nearly all banks these days provide online banking services that are quickly gaining popularity. This is why users’ authorization details are a lucrative target for hackers and virus makers. So far, they have mostly targeted individuals, but it’s businesses that are threatened the most now, since their accounts usually contain considerably larger amounts. More »

According to a research conducted by The Daily Mail, the number of crimes committed with the help of websites and online communities grew by 70 times since 2007.

Daily Mail is a British daily paper published since 1896. It is known for selling its entire 1-million circulation in a single day.

According to their information, murders and rapes are more and more often committed using social networks and various online services. This is also where all kinds of network intimidation, threatening and blackmailing take place.

The research was started after the journalists of the paper came across several cases that drew a lot of public attention.

• The first incident was a house robbery that occurred when the owners were visiting a hospital with their child. It was the child who let the robbers know that nobody would be home through Facebook.
• Another Facebook-related case involves a 17-year-old girl who was seduced and then murdered by her 33-year-old Facebook “friend”.
• A 15-year-old schoolboy had a fight with a classmate that eventually evolved into collective humiliation and a class-wide “hunt” for him in social networks. As the result, the student committed a suicide.
• An escaped convict teased the police for several months using Facebook. When he was eventually caught, he had tens of thousands of “friends” following his escape adventures.

The Daily Mail also reports that starting from October 2010, a special educational course has been available in the UK for teaching police detectives the principles of online data mining and prevention of online crimes.

China and the USA against hackers. A week ago the 4th USA China internet industry forum was held in Beijing.

Gu Jian, vice-director of the Ministry of Public Security network security protection bureau, said in his speech that urgent Chinese USA collaboration on fighting internet crime was needed.

Cybercrime was only introduced into Chinese criminal law in 2009 when the country was already a major victim of hackers. Since then, more than 80 internet criminal groups have been destroyed. However, Chinese internet crime statistics are still bad today:

• About 42 000 Chinese websites have been attacked by hackers, including 200 government ones.
• 8 out of 10 computers in China are, to one degree or another, controlled by botnets, including more than 1 million IP-addresses.

In comparison, the average infection rate globally is 3.2 out of 10 computers.

China is looking for help from the USA, but different legal systems and conflict resolution measures often hinder joint collaboration. In 2009 the Chinese Ministry of Public Security sought cooperation from the Americans on 13 cases of child pornography and fake internet banks, but has not received a response.

Tim Cranton, Microsoft Director of Internet Safety, confirmed the global reach and seriousness of cybercrime and also the desire to overcome all possible barriers to combating it.