Quantcast
Channel: Symantec Connect - ブログエントリ
Viewing all 5094 articles
Browse latest View live

Disarm Advanced Persistent Threats with Symantec Messaging Gateway

0
0

Most people today rely on email as their method for business communication – sending and receiving hundreds of emails every day. This dependence on email can create a weak link in securing corporate information and expose a company to attacks. While hackers still use general spam emails and social engineering (or phishing) attacks against organizations, they are now increasingly pursuing sophisticated and targeted attacks that are far more difficult to differentiate from the emails we typically receive. In fact, Symantec’s 2013 Internet Security Threat Report found a 42 percent increase in targeted attacks in 2012.  

Most spam emails are relatively easy to identify and quarantine, but targeted attacks are customized for their recipients, making them harder to spot. For example, a company’s HR department could receive an email that requests that they click on a link to check out potential candidates for positions for which they are recruiting. This email, which contains hidden malware, appears trustworthy and traditional filters are less likely to identify and remove the malware in the email.  It’s with this type of attack in mind that the new Symantec Messaging Gateway 10.5 offers a suite of advanced protective technologies that enable IT to effectively protect their systems from evolving email threats in real time.

Best protection with superior effectiveness and advanced threat detection

To help protect customers, Messaging Gateway 10.5 now includes Disarm – a new, patent-pending, innovative technology invented by Symantec Research Labs to prevent targeted, never-before-seen email threats. This technology, which is unique to the industry, inspects all emails for Microsoft Office and Adobe PDF attachments, and creates reconstructed versions of the attachments with any exploitable active content removed before the email and new attachments are delivered to the recipient in real time. Without Disarm, this active content, including javascript, macros and embedded Flash, can be used to silently deliver malicious files to a user. In fact, in tests conducted by Symantec, it was found that Disarm would have blocked 98 percent of attacks that exploit zero-day vulnerabilities thus far in 2013. Learn more about how Disarm helps in protecting against targeted attacks here.

Symantec Messaging Gateway also features the Brightmail antispam filtering engine to identify email-borne threats at both the global and local levels, via Symantec’s Global Intelligence Network. Symantec’s portfolio of messaging security solutions draws on this real-time intelligence from more than five million decoy accounts and over three billion messages processed daily to identify new threats, based on reputation and message content, before they wreak havoc on unsuspecting victims and organizations. This enables Messaging Gateway to block more than 99 percent of spam with less than one in one million false positives.

Greater control with data loss prevention and email encryption

There are human elements to data protection just as there are technological elements. Messaging Gateway provides advanced content filtering and data loss prevention (DLP) technologies that make it easier to secure and control sensitive data. Administrators can easily build effective and flexible policies that enforce regulatory compliance and protect against data loss. Messaging Gateway appliances also leverage integration with Symantec Data Loss Prevention, to simplify the management of day-to-day DLP incidents.

With the increase in regulations that require private information be encrypted, Messaging Gateway offers premium encryption options that can meet a customer’s unique needs as a hosted service or on-premise. Used as a policy enforcement point, Messaging Gateway evaluates messages against customer-specified criteria, and if it is determined encryption is necessary, sends them to be encrypted.

Unified management and administration

Messaging Gateway includes a powerful control center for unified management and administration of a company’s entire messaging infrastructure. From a single Web-based console, administrators can easily manage multiple Messaging Gateway appliances to view trends, attack statistics and non-compliance incidents. By removing the complexity of multiple consoles, disparate policies, and incompatible logging and reporting procedures, Messaging Gateway significantly reduces the total cost of ownership of messaging security infrastructure. Messaging Gateway also supports a full set of reporting options, including a dashboard and executive summaries that highlight system efficacy and impact. Reporting helps administrators proactively identify data loss trends and demonstrate compliance.

Messaging Gateway integrates a unique set of technologies that deliver robust protection, while enabling IT greater control and ease of use so it can focus on system architecture and helping drive the business, instead of responding to spam complaints and malware attacks.  For more information on supported platforms, system requirements and securing your email system, please visit http://www.symantec.com/messaging-gateway.

Additional Resources

VIDEO: Protect Against Spear Phishing and Advanced Targeted Attacks

Symantec Messaging Gateway

Data Sheet: Symantec Messaging Gateway 10.5

Symantec Data Loss Prevention

Gartner 2013 Magic Quadrant for Secure Email Gateways

 


2014 Predictions from Symantec

0
0

Whispers.

The secret to predicting the future is to listen for the whisper.

By the time you’ve heard things in a loud, clear voice they have already come true. I’ve been listening to the whispers in 2013 and have a pretty good idea for what we’ll be hearing loud and clear in 2014. Below are my predictions of the top things we’ll hear and what they will mean for us in 2014.

  • People will finally begin taking active steps to keep their information private.
  • Scammers, data collectors and cybercriminals will not ignore any social network, no matter how “niche” or obscure.
  • The “Internet of Things” becomes the “Internet of Vulnerabilities.”
  • Mobile apps will prove that you can like yourself too much.

“Wait a minute…The Internet knows more about me than my own mother?”

People will finally begin taking active steps to keep their information private.

Privacy issues have littered the headlines in 2013, delivering a wake-up call to people and businesses about the amount of personal information we share and that is collected every day by everyone from your doctor to your social network. You can expect to see privacy protection as a feature in new and existing products. Then, beyond 2014, we’ll be arguing on whether or not these features actually provide any privacy protection. Expect Tor, which enables online anonymity, to become a popular application across the spectrum of Internet users. You’ll also see a resurgence of users adopting aliases and fake names on social networking sites to protect their privacy. And you know who is going to lead the way on this? Teens. They do care about privacy—and not just where their parents are concerned. Given this, more people will move to new, upstart and niche social networking sites, in an attempt to hang with their friends in obscurity. Which leads to my next prediction…

 “Adult supervision is not wanted but adult behavior may keep you out of trouble.” 

Scammers, data collectors and cybercriminals will not ignore any social network, no matter how “niche” or obscure.

It’s tempting to believe that you can move to a new neighborhood and all your old problems will go away. They don’t in real life and they won’t when it comes to social networking. Any new social network that attracts users will also attract scammers and miscreants. Users who feel it’s just them and their friends on these new sites are in for a big (and unpleasant) surprise. Your mother won’t be there to remind you, so let me: If something sounds too good to be true, it almost certainly is a scam. Protect yourself by using security best practices no matter where you are on the Internet, or how you connect to it. And speaking of connecting…

“Your toaster is not infected, but your security camera just robbed you blind.

The “Internet of Things” becomes the “Internet of Vulnerabilities.”

You can expect dumb things will get smarter in 2014. With millions of devices connected to the Internet—and in many cases running an embedded operating system—in 2014, they will become a magnet for hackers. Security researchers have already demonstrated attacks against smart televisions, medical equipment and security cameras. Already we’ve seen baby monitors attacked and traffic was shut down on a major tunnel in Israel, reportedly due to hackers accessing computer systems via a security camera system. Major software vendors have figured out how to notify customers and get patches for vulnerabilities to them. The companies building gadgets that connect to the Internet don’t even realize they have an oncoming security problem. These systems are not only vulnerable to an attack – they also lack notification methods for consumers and businesses when vulnerabilities are discovered. Even worse, they don’t have a friendly end-user method to patch these new vulnerabilities. Given this, we are going to see new threats in ways in which we’ve never seen before.

“I like you, I like you, I like you... That will be $20 and your login and password, please.”

Mobile apps will prove that you can like yourself too much.

People (generally) trust those they sleep with, so it should not be surprising that with 48 percent of people sleeping with their smart phones, they are lulled into a (false) sense of security about them. In 2013, we reported on a mobile app that would secure additional “likes for your postings on Instagram. All you had to do was hand over your login and password to some guy in Russia. More than 100,000 people saw nothing wrong with that. We trust our mobile devices and the wonderful apps that run on them to make our lives better. We suspend disbelief for that device that sits in our pocket, purse or nightstand. The bad guys are going to take advantage of this big time in 2014. I’m not even talking about malware – mobile apps are going to be behind hoaxes, cons and scams of all sorts in 2014.  

So, there you have them, my predictions for 2014. Of course, the best part of trying to predict the future is being surprised by the unforeseen and the unimaginable. I'll be right on some of my predictions. I'll be proved wrong on others. What’s certain is that I'll be listening for all the new whispers to see what 2015 will bring.

predictions-infographic-FINALv2.jpg

Backup Exec 2012 adds support for VMware vSphere 5.5

0
0

The Backup Exec 2012 Service Pack 3 (SP3) is now available for download and adds support for vSphere 5.5.

How to download the service pack

If you are an existing customer and would like to download the latest Backup Exec service pack, please visit: http://www.symantec.com/docs/TECH205351. From there download the EXE at the bottom of the page. If you experience any difficulties or need any assistance, please email: Lenora_Moss@symantec.com.

Free 60-day trial

If you’re new to Backup Exec, try out Backup Exec today with our free Backup Exec 60-day trial. Visit: www.backupexec.com/trybe to download your copy.

Disarm Advanced Persistent Threats with Symantec Messaging Gateway

0
0

Most people today rely on email as their method for business communication – sending and receiving hundreds of emails every day. This dependence on email can create a weak link in securing corporate information and expose a company to attacks. While hackers still use general spam emails and social engineering (or phishing) attacks against organizations, they are now increasingly pursuing sophisticated and targeted attacks that are far more difficult to differentiate from the emails we typically receive. In fact, Symantec’s 2013 Internet Security Threat Report found a 42 percent increase in targeted attacks in 2012.  

Most spam emails are relatively easy to identify and quarantine, but targeted attacks are customized for their recipients, making them harder to spot. For example, a company’s HR department could receive an email that requests that they click on a link to check out potential candidates for positions for which they are recruiting. This email, which contains hidden malware, appears trustworthy and traditional filters are less likely to identify and remove the malware in the email.  It’s with this type of attack in mind that the new Symantec Messaging Gateway 10.5 offers a suite of advanced protective technologies that enable IT to effectively protect their systems from evolving email threats in real time.

Best protection with superior effectiveness and advanced threat detection

To help protect customers, Messaging Gateway 10.5 now includes Disarm – a new, patent-pending, innovative technology invented by Symantec Research Labs to prevent targeted, never-before-seen email threats. This technology, which is unique to the industry, inspects all emails for Microsoft Office and Adobe PDF attachments, and creates reconstructed versions of the attachments with any exploitable active content removed before the email and new attachments are delivered to the recipient in real time. Without Disarm, this active content, including javascript, macros and embedded Flash, can be used to silently deliver malicious files to a user. In fact, in tests conducted by Symantec, it was found that Disarm would have blocked 98 percent of attacks that exploit zero-day vulnerabilities thus far in 2013. Learn more about how Disarm helps in protecting against targeted attacks here.

Symantec Messaging Gateway also features the Brightmail antispam filtering engine to identify email-borne threats at both the global and local levels, via Symantec’s Global Intelligence Network. Symantec’s portfolio of messaging security solutions draws on this real-time intelligence from more than five million decoy accounts and over three billion messages processed daily to identify new threats, based on reputation and message content, before they wreak havoc on unsuspecting victims and organizations. This enables Messaging Gateway to block more than 99 percent of spam with less than one in one million false positives.

Greater control with data loss prevention and email encryption

There are human elements to data protection just as there are technological elements. Messaging Gateway provides advanced content filtering and data loss prevention (DLP) technologies that make it easier to secure and control sensitive data. Administrators can easily build effective and flexible policies that enforce regulatory compliance and protect against data loss. Messaging Gateway appliances also leverage integration with Symantec Data Loss Prevention, to simplify the management of day-to-day DLP incidents.

With the increase in regulations that require private information be encrypted, Messaging Gateway offers premium encryption options that can meet a customer’s unique needs as a hosted service or on-premise. Used as a policy enforcement point, Messaging Gateway evaluates messages against customer-specified criteria, and if it is determined encryption is necessary, sends them to be encrypted.

Unified management and administration

Messaging Gateway includes a powerful control center for unified management and administration of a company’s entire messaging infrastructure. From a single Web-based console, administrators can easily manage multiple Messaging Gateway appliances to view trends, attack statistics and non-compliance incidents. By removing the complexity of multiple consoles, disparate policies, and incompatible logging and reporting procedures, Messaging Gateway significantly reduces the total cost of ownership of messaging security infrastructure. Messaging Gateway also supports a full set of reporting options, including a dashboard and executive summaries that highlight system efficacy and impact. Reporting helps administrators proactively identify data loss trends and demonstrate compliance.

Messaging Gateway integrates a unique set of technologies that deliver robust protection, while enabling IT greater control and ease of use so it can focus on system architecture and helping drive the business, instead of responding to spam complaints and malware attacks.  For more information on supported platforms, system requirements and securing your email system, please visit http://www.symantec.com/messaging-gateway.

Additional Resources

VIDEO: Protect Against Spear Phishing and Advanced Targeted Attacks

Symantec Messaging Gateway

Data Sheet: Symantec Messaging Gateway 10.5

Symantec Data Loss Prevention

Gartner 2013 Magic Quadrant for Secure Email Gateways

The Halo Effect & What Businesses Need to Know about Macs, Malware & Security Myths

0
0

It’s called the Halo Effect. iPods and iPhones created a “halo” that drove sales of Macs to business users. I noticed it a couple years ago, as I watched the number of Macs sitting around the conference room table began to grow. There got to be lots of those silver rectangles, with the glowing white apple, sitting on the table. Apple reported 50 percent growth in Mac sales to businesses in Q4 2013. But as more of us are using Macs for business, some common misperceptions about Mac security persist. What do organizations need to know?

Cybercriminals always focus their efforts where they see the most “bang for their buck” – the larger PC market. It’s a game of numbers – hackers go after what will give them the greatest return on investment. Up to this point, that’s been targeting Windows systems. While the volume of malware targeted at Macs is still low compared to PCs, the halo has been noticed. Attackers have started to go after the Mac. 

We’ve all heard about Flashback, the single threat that spread to more than 600,000 Mac users. But there is another aspect that really ought to get you thinking. Macs are often the computer of choice for executive managers. These executives have access to sensitive information like financial and corporate data, and hackers are likely to target these Mac users because the data on their devices is valuable. 

Just in the last year, we saw the following newly discovered threats for Mac. In quotes is the description of the threat from Symantec’s Threat Write-Ups:

OSX.Netweird – “Full featured remote access tool”

OSX.Kitmos – “Opens a backdoor on machine and steal information”

OSX.Hackback – “Trojan horse that steals information from the compromised computer”

OSX.Janicab – “Opens a back door and steals information from the compromised computer“

OSX.Hormesu – Opens a back door on the compromised computer, may steal information”

OSX.Seadoor – “Opens a back door, steals information…”

OSX.Olyx.C – “Opens a backdoor…”

You get the idea.

It’s time to bring those corporate Macs into the family of endpoint machines at your business. They need to be fully protected and managed in order for businesses to maximize productivity and mitigate risk. The recent release of Symantec’s Endpoint Protection (SEP) 12.1.4 makes Mac protection easy and provides additional enhancements across platforms. The latest version of SEP offers intrusion prevention technology and antivirus protection, with single console management and reporting for Windows and Mac. With support for the latest Mac OS X 10.9 Mavericks and Windows 8.1, SEP 12.1.4 provides remote deployment of Mac clients, doesn’t require Java, and saves bandwidth by downloading AV definitions directly from the SEP Manager. It also offers immediate notification of critical events through Fast Path. By implementing robust security and following general best security practices, businesses can rest assured their users are safe from evolving threats – whether on a Mac or PC. To learn more, visit go.symantec.com/SEP.

Learn more about Symantec’s comprehensive approach to targeted attack protection here and our innovative new Disarm technology here.

Additional Resources:

Gartner 2013 Magic Quadrant for Endpoint Protection Platforms

Typhoon Haiyan: Spammers Strike with DHA Attack

0
0

Tacloban, the new ground zero created by Haiyan, is the raison d'être for a large directory harvest attack (DHA) launched by spammers today.

A DHA attack is launched to check the validity of an email directory or emails related to a targeted email server. The aim of this is to collect intelligence and prepare a platform to launch a large spam campaign on that particular site once a database is put in place. Rejected emails return as bounce or non-delivery report/receipt (NDR) and the rest is concluded as legit, while valid emails will soon be bombarded with a host of spam, phish and malware laden email attacks.

The attack is launched, with the spammer claiming to be from a reputed mass media and communications company on a very large Internet site and service provider, for the sole purpose of harvesting and validating email addresses.

The email’s structure is very simple. The headers and body content of the said attack are taken from a news article of a reputed news channel that was published around November 14, 2013. The alias in the form line and the subject line contain randomization at the end to prevent being caught by the spam filter detection.

Subject: Typhoon: After battle to survive, the struggle to live 26488
From:"Typhoon: After battle to survive, the struggle to live 26488" [email address]

Figure1_4.png

Figure 1. A spam email about Typhoon Haiyan from a DHA attack

Symantec advises users to configure directory harvest attack recognition to protect their website environment, and to update their spam filter algorithms to repel such attacks.

スマートフォンユーザーを狙うフィッシングとマルウェアの複合型攻撃

0
0

寄稿: Avdhoot Patil

インターネットは、至るところにセキュリティ上の脅威が潜む危険な場所でもありますが、脅威が複合するとその危険性はさらに高くなります。最近のフィッシングはサイバー犯罪において重要な役割を担っており、フィッシング詐欺師も最近、他のセキュリティ上の脅威に対して関心を強めています。今年は、たとえばマルウェアやスパムといった脅威とフィッシングとの融合が確認されています。先日、偽アプリでマルウェアが使われていたのも、その一例です。

今月に入ってからも再び、Facebook に偽装したフィッシングサイトでマルウェアが使われました。このフィッシングサイトは、Android と iPhone のユーザーを誘導して偽アプリをインストールさせようとします。サイトのホストサーバーはフランスのパリに置かれ、ページはフランス語で書かれていました。

フィッシングサイトにはエサが付きものですが、毎度お決まりのエサでユーザーが見慣れてしまわないように、フィッシング詐欺師は次々と新たな手口を考え出してきます。今回のエサは、パスワードを入力せずに iPhone や Android から Facebook にログインできると謳う偽アプリの広告です。

figure1_0.png

図 1.偽の Facebook アプリを宣伝するフィッシングサイト

広告の売り文句によれば、このアプリは 24 時間だけ無料で試用できます。広告の下にあるボタンは、翻訳すると「続行」という意味で、このボタンをクリックすると手順の書かれたページに移動します。

figure2_0.png

図 2.偽アプリを利用するための手順説明

手順は以下のとおりです。

  1. ユーザーは、フォームに個人情報を入力する必要があります。
  2. iPhone アプリまたは Android アプリを選択し、アプリをダウンロードします。
  3. アプリを試用できるのは、初回のインストール時だけです。
  4. 試用期間の 24 時間が過ぎると、アプリは自動的にロックされます。
  5. 試用期間が過ぎると、支払いオプションを記載した電子メールが届きます。ユーザーは、アプリを使い続けることも、アンインストールすることもできます。

figure3_0.png

図 3.個人情報の入力フォーム

この手順を読んで続行ボタンをクリックするとフィッシングページにリダイレクトされ、名前、電子メールアドレス、パスワードの入力を求められます。フィッシングサイトの説明によれば、このアプリをインストールすることで、ユーザーはこのアプリの使用を法的に同意したことになります。

このフィッシングサイトでは、個人情報を求める理由が以下のように説明されています。

  1. 24 時間の試用期間が経過してから、アクティブ化コードを受け取るために電子メールアドレスが必要です。
  2. iPhone または Android アプリにアクセスする際にはパスワードが必要です。

figure4_0.png

図 4.モバイルアプリのインストーラに偽装した悪質なダウンロード

フィッシングサイトで次のページに進むと、アプリのダウンロードリンクとして Android と iPhone のロゴが表示されます。これらのリンクをクリックすると、iphone.zip.exe または android.phone.exe というファイルのダウンロードを確認するメッセージが表示されます。実際には、これは Android アプリでも iPhone アプリでもなく、Windows 用のマルウェアです(シマンテックはこれを Backdoor.Breutとして検出します)。Android や iPhone のロゴを使っているのは、インストールを誘うためにすぎません。

今回のマルウェアを解析した結果、以下のような事実を確認しました。

  1. このマルウェアは Darkcomet RAT と同一である。
  2. ネットワーク接続の機能はない。
  3. コマンド & コントロール(C&C)サーバーは 127.0.0.1:1604(ローカルループバックアドレス)と設定されている。
  4. このマルウェアは外部サーバーには接続しない。

この手口に乗ってログイン情報を入力したユーザーは、個人情報を盗まれ、なりすまし犯罪に使われてしまいます。

インターネットを利用する場合は、フィッシング攻撃を防ぐためにできる限りの対策を講じることを推奨します。

  • アカウントにログインするときに、アドレスバーの URL を確かめ、間違いなく目的の Web サイトのアドレスであることを確認する。
  • 電子メールメッセージの中の疑わしいリンクはクリックしない。
  • 電子メールに返信するときに個人情報を記述しない。
  • ポップアップページやポップアップウィンドウに個人情報を入力しない。
  • 個人情報や口座情報を入力する際には、鍵マーク(画像やアイコン)、「https」の文字、緑色のアドレスバーなどが使われていることを確かめ、その Web サイトが SSL で暗号化されていることを確認する。
  • ノートン インターネットセキュリティやノートン 360 など、フィッシング詐欺やソーシャルネットワーク詐欺から保護する統合セキュリティソフトウェアを使う。
  • 電子メールで送られてきたリンクや、ソーシャルネットワークに掲載されているリンクがどんなに魅力的でも不用意にクリックしない。

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

How to see the retention category of archived items in Enterprise Vault

0
0
Which retention category an email has been stored under is not something that users usually concern themselves with. For the most part, once it's archived it's archived, and they're done with it. From time to time though, users do want to know. So how can an end-user find out the retention categories which have been used?  Well, below I've listed a few different options which will help your users find the retention category if they need to:
 
- Archive Explorer
     - Has to be selected from Display Options on each folder
 
- Folder Properties
     - Has to be enabled in the policy, and works best with an update to client (10.0.4) and server (also 10.0.4). In the past this could be used when the DCOM or Full client was used, but that has all gone away and the Outlook Add-in for 10.0.4 provides the appropriate functionality in a single client.
 
- Search
     - You have to do a search though, to find the appropriate mail.
 
- Vault Information
     - But Vault Information only shows the retention category ID, not the descriptive name of the category
 
Do your end users ever contact the IT Help Desk and ask this sort of question? Let me know in the comments below.
 

Taking Green Building to the Next Level - Customizing LEED

0
0

For the past week, the United Nations Climate Change Conference has convened in Warsaw, bringing together delegates from over 190 countries hoping to move closer to a global agreement on GHG emissions reduction.

At Symantec, mitigating our impacts on climate change is central to our environmental strategy.

A key way we continue to reduce our impacts is through our focus on green building practices, specifically achieving Leadership in Energy and Environmental Design (LEED) facility certifications. Earlier this year, I wrote about our achievements in FY13 -- three new LEED certifications, including our first Platinum certification in Culver City, California. We now have 20 LEED certified facilities representing 80 percent of our eligible real estate square footage, and are closing in on our goal to obtain LEED and Energy Star certifications for 100 percent of our owned or long-leased facilities

What’s Next?

As we near our goal of 100 percent LEED certified buildings – we’ve asked ourselves what’s next?

How can we leverage what we’ve achieved so far to further embed efficiencies across our properties and operations? How can we create a continuous improvement cycle within our green building strategy that goes beyond LEED certification and ensures efficiencies are continually uncovered and managed across our portfolio?

Over the past year, we’ve looked closely at our LEED strategy, conducting a full analysis of our property portfolio and deciding what our next phase in this journey will look like.  

What we found is that by picking out the pieces of LEED that have worked the best for us – those that have the biggest impacts on Symantec, create the highest efficiencies, result in cost savings, and have the most successful implementation – we came to three clear focus areas for the future of Green Building at Symantec – energy efficiency, waste audits and purchasing materials with recycled content. Additionally, all new buildings (owned and long-leased) would be LEED certified.

What this means is that as we move past LEED certification, these three focus areas will drive continuous improvements across our entire portfolio of properties. Additionally, we will look closer at project-specific opportunities. For instance:

  • Energy Efficiency: A key value of LEED for Symantec has been its impact on energy efficiency. We have conducted energy audits since starting LEED certification, and we will continue to do that. However, in this next phase we will partner earlier on with the LEED project teams to better analyze and implement changes based on recommendations.
  • Waste Audits:  Through our LEED Platinum certification, we discovered a model for waste audits that we loved and have since applied this model globally. We are now in the second year of our global waste audits, and they have been extremely successful. Although we are making progress, we still have a ways to go to bring our current diversion rate up to that of our peers and competitors. In 2014, we are therefore ramping up our efforts in this area, leveraging insights and best practices from last year to help local sites better understand their waste streams and develop action plans for improvements.
  • Recycled Content: The newest part of our strategy will be conducting audits with our suppliers to gain a deep understanding of the types of materials we are purchasing, their impacts and where opportunities for more eco-friendly purchasing decisions lie.   

We are excited about the future of green building at Symantec, and thanks to LEED we have defined a path forward that will continue to uncover efficiencies across our property portfolio. We look forward to working with many of you over the coming months to implement this strategy – and to bringing more news on our progress in 2014.

 

Kelly Shea is Symantec's Global Sustainability Manager.

Knowledge is Power - Website Vulnerabilities

0
0
This blog post is based on the ‘Knowledge is Power: Symantec Guide to Protecting your Website’ whitepaper which is free to download now.

In 2012 Symantec performed more than 1,400 website vulnerability scans each day. More than half the websites scanned were found to have unpatched, potentially exploitable vulnerabilities.

Of the vulnerable sites, a quarter were actually infected with malware that could infect visitors and lead to the sites being blacklisted by search engines. These figures show that millions of legitimate websites are at risk from serious attack and exploitation by internet criminals every day.

When malware does find its way onto a website it can attack in three ways; accessing the information held on a server, intercepting information passed between the website and its customers (unless the website uses an up to date SSL certificate) and dropping malware onto the devices of those using the website.

KnowledgeIsPower2.jpg

Website vulnerabilities are complex, and taking advantage of them is not necessarily simple. There are, however, several enterprising cybercriminals and gangs who develop and sell toolkits.

These toolkits include information about known vulnerabilities and the code needed to take advantage of them, and they are very popular. This means a much wider group of less technically skilled criminals have the ability to exploit and attack your website by simply buying or stealing these toolkits.

In 2012, for example, a single toolkit, the Blackhole toolkit, accounted for 41 percent of all web-based toolkit attacks.

KnowledgeIsPower1.jpg

We are also seeing an increase in the number of website vulnerabilities, but there are several easy steps available to help keep websites safe. To find out more download the ‘Knowledge is Power: Symantec Guide to Protecting your Website’ whitepaper now.

All Your Tomcat Are Belong to Bad Guys?

0
0

Symantec has discovered a new back door worm-type threat which targets servers running Apache Tomcat. This threat is a little different from the ones we usually encounter every day.

Back door type Trojan horses and worms let attackers execute various commands on compromised computers and essentially enable the attacker to control a computer remotely. This means that important information can be stolen from the user and their computer could be used to attack other victims.

You may think that this type of attack only targets personal computers, such as desktops and laptops, but unfortunately that isn’t true. Servers can also be attacked. They are quite valuable targets, since they are usually high-performance computers and run 24x7. We often see back door type Trojans that are written in PHP, such as PHP.Backdoor.Trojan. This time around though, Symantec has found a back door worm that acts as a Java Servlet. We have named it Java.Tomdep.
 

Tomdep 1.png

Figure 1. How Java.Tomdep spreads
 

The Java Servlet is executed on Apache Tomcat, but it does not create a Web page and instead behaves as an IRC bot. It connects to an IRC server and performs commands sent from the attacker. End users who visit Web pages from the compromised Tomcat server are not affected by this threat. Aside from standard commands such as download, upload, creating new process, SOCKS proxy, UDP flooding, and updating itself; compromised computers can also scan for other Tomcat servers and send the malware to them. It is thus possible that DDoS attacks from the compromised servers are the attacker’s purpose.

When it finds another Tomcat server, it first attempts to log in with the following pairs of weak usernames and passwords:
 

Tomdep 2 edit.png

Figure 2. Usernames and passwords used in attempts to log in by Java.Tomdep
 

Then it deploys itself to the found Tomcat server:
 

Tomdep 3 edit.png

Figure 3. Java.Tomdep deploys to the found Tomcat server
 

We know that the attacker’s command and control (C&C) servers are located in Taiwan and Luxembourg. We have infection reports from customers in a limited number of countries.
 

Tomdep 4 edit.png

Figure 4. Infection report locations
 

As far as we know, not many computers have fallen victim to this threat yet. However, in some cases, server computers don’t have antivirus products installed on them in the same way that personal computers would. Hopefully this isn’t a reason for the low rate of detection.

In order to avoid this threat, ensure that your server and AV products are fully patched and updated. We recommend that you use strong passwords and do not open the management port to public access.

Symantec products detect this threat as Java.Tomdep and Java.Tomdep!gen1.

Part 3: The Future State of Cyber-security

0
0

This blog will discuss a vision for ‘to-be state’ of enterprise security and targeted attack protection, and is the last part of this blog series.

In my last blog, I detailed the first step toward achieving our vision for enterprise security. To summarize, I proposed that we need to update our existing security products so they generate a steady flow of security-relevant telemetry (e.g., every login, failed or not, between every machine in the enterprise, metadata for every inbound email, every connection through the firewall, etc.) – even when that telemetry doesn’t appear directly related to an in-progress attack at the time it’s collected. This telemetry will be used in two capacities.

First, we will mine this collective telemetry to detect attacks that would otherwise evade any single myopic security product. While attackers may evade detection by a single security product, they can’t entirely hide their activities in your network.  Many of these activities may seem innocuous at first glance, but when taken in context with other indicators, they can be used to identify an attack.  The reality is that many attacks will only stand out when viewed across different sensors and time, and with hindsight knowledge.

Second, we will leverage this telemetry to drastically improve recovery and forensics tasks, should an attack succeed. For example, if we discover that a machine was compromised last week, and we have a log of all servers connected to by that machine since the initial compromise, we can instantly determine what enterprise assets may have been compromised.

So how can we leverage this telemetry? How can we mine it at scale? Well, to achieve our vision, we need to ingest it into a secure, elastic, multi-tenant big-data platform. Enterprises from around the world will forward their telemetry to this secure store. We’re talking trillions of rows of security-relevant telemetry, exabytes in size. Once we have this data in one place, the could-based security firm can get down to business.

In our to-be state, the cloud-based security firm will have analysts working around the clock to discover indications of new targeted attacks.  Discovery will be accomplished through a set of proactive activities (e.g., ongoing reconnaissance of attacker networks, running data analytics over telemetry) and reactive activities (e.g., a customer asks the vendor to investigate a suspicious file, which is subsequently determined to be a targeted attack tool). These activities will yield a stream of indicators associated with attacks.  These indicators can be as simple as a software file or URL that is known to be implicated in an attack, or as complex as a pattern of related, otherwise-innocuous activities, that if seen together, are indicative of attack.

As new indicators are discovered, we then use both automated and manual mining to search through our big-data platform for them.  So, say, for example that we just discovered today that a particular FTP server out on the internet is associated with a targeted attacker network – perhaps it’s being used as a drop server for exfiltrated intellectual property.  We can search through all of our telemetry, from all of our customers for this indicator.  Say that we find a file residing on one of Acme Corporation’s endpoints attempted to establish a connection to that very server three days ago. At the time, we thought the connection was innocuous. But now, in hindsight with our new intelligence about the malicious FTP server, we can look at this telemetry in a new light. We now know that the file that connected to this FTP server is likely a targeted attack tool (and yet another new indicator), and we can search through our archived security telemetry to determine where this file came from.  Ah... by mining our data, we can determine that five days ago, this file was sent in an email originating from a particular email domain (yet another new indicator) to an HR person at Acme. Now we can search our vast repository to see who else across our entire customer base also received emails from the implicated email domain.  These users are likely targets too. And once we know who they are, we can dig deeper to identify and stop attacks on their machines as well. What you can see is that we’re detecting indications of attack, not on a single endpoint, or even within a single enterprise, but across multiple enterprises by correlating across all of our security telemetry.

So how does this mining take place?  Well, today most of it is manual – literally an analyst connecting the dots with hand-authored queries to our big-data system, as I illustrated in my example above. But, in the future, we expect that much of this security mining will be done by automated scripts. Scripts that recognize common methods of attack by fusing telemetry from multiple different sensors across multiple machines from multiple corporations.

Of course, all of this is happening in the background – the customer doesn’t need to worry about how these systems work. All they need to know is that when such an attack is detected, they will receive an alert on their cell phone, and, once they log into their cloud-based security console, they’ll find a detailed dossier on which systems are impacted. Because we have historical data on every activity by every device in the enterprise, we can minutely reconstruct the activity of the attackers, whether the attack happened minutes or months ago. We can determine the attack’s scope - which machines and data the attacker tried (and perhaps failed) to access. And we can remediate more quickly.  And since this data is stored off-premise in a secure cloud, these indicators can’t be covered up or tampered with by an attacker.

Because in this model we have data from tens of thousands of enterprise customers, all stored in one place, we have the ability to connect the dots and detect attacks not just on a single machine, or that impact a single enterprise, but attacks that span entire industries, governments, or economic sectors.

Now, you might say – “This approach is primarily going to detect attackers after they’re already in.” And I’d say, “You’re partially right.” Today, the window of exposure for the typical targeted attack is months or years. With this new approach, we believe we can bring that window down to minutes, hours or days, meaning we can dramatically limit the scope of in-progress attacks. In many cases, we believe that we’ll be able to stop the attacker during their reconnaissance phase, before they have a chance to reach your key IP. Therefore, I’d argue that reducing this exposure by an order or two of magnitude is a huge proactive win. Second, the reality is that once we discover a new indicator of an attack on an enterprise, we can use this to not only remediate the current attack, but also to proactively block the same attacker from penetrating additional victim networks, or at a minimum, detect other in-progress attacks at a much earlier phase.

Now let’s take a look further into the future – what else could we do with this data? How else could we use it to better secure your organization?  Well, we envision allowing customers to build their own analytic apps or purchase 3rd-party analytic apps from a secure marketplace to run on their own security telemetry data.  Heck, it’s your data, so you should be able to analyze it, mine it, trend it, graph it, generate reports from it, and conduct forensics on it any way you want.  So we envision having an ecosystem of 3rd-party security providers who you can hire to analyze your data. If a 3rd-party analytics engine can mine your security telemetry better than Symantec, then let them monitor your data and alert you when they detect a potential attack. Or if you need to generate your own graphs or reports based on your data, you’ll be able to do that. Finally, we also envision adding social features to this service.  So when you discover something interesting on your network, you can securely share this information with your industry peers – share your policies and best practices with them, share artifacts of an attack, like IP addresses or file hashes, and share intelligence. What if you could double click on an IP address posted by one of your peers and instantly determine if anyone in your network has ever connected to that IP address?  Wouldn’t that be powerful? These connections will help you to stay afoot of the threat landscape in a way that’s never been possible before.  All in a secure manner.

This is the world we envision at Symantec.  A world that is by no means free of attacks, to be sure. But a world in which you again have the upper hand, one where you can successfully defend your enterprise’s intellectual property and operations, and do so without an army of expensive security experts. And ultimately, a world in which you are able to focus your energies on your enterprise’s special purpose, whether that’s creating new drugs to cure cancer or building the next iPhone.

I’d be interested to hear your thoughts so make sure to leave them below. If you have any questions or would like more details on any of the topics mentioned above please contact the Analyst Relations Team at Symantec.

Pushing for Continuous Improvement - A Special Announcement on Corporate Responsibility at Symantec

0
0

I took on the exciting challenge of leading Symantec’s global corporate responsibility (CR) and sustainability department eight years ago. Overseeing the CR efforts for a global company such as Symantec is  demanding yet very rewarding, and never more so than now. When Symantec’s CEO, Steve Bennett, introduced our new company strategy, Symantec 4.0, earlier this year, he announced a renewed commitment to CR and the desire to lead in three key areas: Our People, Your Information and The World. He reaffirmed what I’ve always believed: CR is at the heart of who we are as a company that strives to protect and manage information, working to ensure that everyone can be free to focus on achieving their goals. Our very business goals are tied to a greater social purpose, making CR inherent to our business and built into our priorities and values. Corporate responsibility isn’t just something we do; it’s becoming an authentic part of who we are.

Fueled by Symantec 4.0, we lead the industry with our cyber awareness efforts, sharing research and partnering with organizations such as Common Sense Media and the World Association of Girl Guides and Girl Scouts to develop an online safety curriculum. In FY13, we made significant commitments to supporting science, technology, engineering, and math (STEM); cyber awareness; and literacy education around the world, particularly in ways that can benefit girls and women and contribute to equal opportunity for them. It’s a companywide goal to strengthen gender equity and diversity.

In my role, I drive the global implementation of community investment efforts, lead Symantec’s executive diversity steering committee, and oversee the company’s CR strategy and activities. Symantec is committed to prioritizing and expanding its CR program, beginning by merging its CR and diversity and inclusion efforts into one program, overseen by me in mynew role as vice president of Corporate Responsibility. In this newly created role, I will continue to lead Symantec's global CR and sustainability department, and will also serve as the company’s Chief Diversity Officer, managing Symantec’s Diversity and Inclusion Program. A globally diverse, inclusive and engaged workforce will stimulate Symantec’s success in this 4.0 transformation and deliver value for our customers.

With this change, I will be responsible for delivering a global diversity, inclusion and accessibility management strategy.  This change not only represents an exciting development in Symantec CR; it also signifies that Symantec as a whole is recognizing the importance of CR to its business, therein setting a precedent for companies everywhere. It further illustrates that CR is not a passing trend, but an integral part of how companies should practice their business.

It was my dad who used to tell me to keep pushing forward, to always keep pushing the boundaries. This advice is so relevant for CR work, because all of us who work in this field are continually trying to move our companies and society along.  As a company working to further its CR initiatives, Symantec has come such a long way. But we’re just getting started. We have so many barriers left to push against, so much progress left to make, and we’ll get there – together.

For more information on our CR work and to view our complete 2013 Corporate Responsibility report, please click here.

 

Cecily Joseph is Symantec's Vice President, Corporate Responsibility.

 

Symantec Receives Key Government Certifications for Shared Service Provider Products

0
0

As high-profile information leaks and cybercrimes proliferate, government agencies face the tall responsibility of protecting increasing amounts of data from progressively complex threats. One important way governments are doing this is by creating and continuing to update rigorous security standards by which all of their information systems must comply. In the United States, two leading Symantec products that keep information systems safe–Symantec Shared Service Provider PKI and  Symantec Non-Federal Shared Service Provider PKI Service– received a critical U.S. government certification for use by federal agencies and their contractors.

The products received a FISMA certification, which is short for the Federal Information Security Management Act. FISMA requires federal agencies and those who work with them to adhere to safety guidelines set by the National Institute of Standards and Technology (NIST).  These standards cover multiple security controls, such as access control management, audits and accountability and configuration management.

“Governments are in a virtual race to protect their information from a diverse set of threats, including hostile cyber-attacks, natural disasters, structural failures and human errors,” said Gigi Schumm, Vice President and General Manager, US Public Sector for Symantec. “They need trustworthy systems that can guard against targeted attacks, and the FISMA certification proves that we have really robust products to address their needs.”

The products that received the FISMA certification are known as PKI, or public key infrastructure, products. This refers to a system of digital certificates and registrations that verify parties involved in an Internet transaction.The Symantec Shared Service Provider PKI Service offer federal agencies three key benefits:

  • Cost-Effectiveness: By leveraging the Symantec Shared Service Provider PKI Service, federal and non-federal agencies save significantly versus implementing and managing their own PKI environment.
  • Rapid Deployment: Agencies can issue PKI-based credentials within days of signing up for the Symantec Shard Service Provider PKI Service.
  • Mission-Critical Reliability: The service delivers reliability and availability levels that help meet mission-critical needs, including 24x7x365 monitoring, management, archiving and full disaster recovery.

VeriSign® Non-Federal Shared Service Provider Public Key Infrastructure (SSP PKI) Service offers the same benefits to non-federal organizations, such as state and local governments, government contractors, universities and health care providers that require an enterprise PKI solution and secure interoperability with the U.S. federal government.

Other Symantec products that just achieved government certification standards around the world include:

  • The Control Compliance Suite 11.0 is now FSTEC-certified in Russia. FSTEC is Russia’s Federal Service for Technology and Export Control.
  • A range of Norton protection products – Norton 360 21, Norton Antivirus 21, Norton Internet Security 21 and Norton Security Scan 4 – received China’s Ministry of Public Security (MOPS) certification, along with Symantec Security Information Manager 4.8.

 Dr. Rose Quijano-Nguyen, Principal Certification Strategist – Global Targeted Offerings, Symantec Corp.

 

30 minute Director of IT Level Interview's Needed

0
0
I'm looking to do a 30 minute interview with an IT "Business Owner" role to help shape the business value requirements of a new concept we're researching and I need your help doing so.  Can you please reply to me and let me know if you can help me set up a 30 minute discussion between now and Dec. 13th?
 
The person I'm looking to interview should have the following responsibilities (typically a Director of IT, Network Services, or Infrastructure/Operations):
- Driving the internal IT strategy for the overall IT architecture, systems, storage, applications and infrastructure
- Conduct and document internal performance, risk, and financial analysis as it relates to internal IT
- Knowledgable of the internal data center best practices, production systems and IT pain points
- Managing the budget for IT infrastructure spending
 
This is a great opportunity for your organization to help Symantec shape and define the requirements of a new product.  
 
Thank you,
Jed Gresham
Sr. Product Manager, Backup & Recovery Technical Strategy

Fake AV Software Updates Are Distributing Malware

0
0

Fake AV 1 edit.png

Contributor: Joseph Graziano

A new clever way of social engineering spam is going around today that is attempts to trick users into running malware on their computers. The methods malware authors are using include pretending to be from various antivirus (AV) companies with an important system update required to be installed by the end user, along with attaching a fake hotfix patch file for your antivirus software. The email plays on end user concern over the lack of detection, especially in the face of the latest threats showcased in the media recently, such as the Cryptolocker Trojan. This type of social engineering entices users to open and install the hotfix without using much discretion as to what they may be actually installing. 

Symantec has observed a number of different email subject lines that include many well-known antivirus companies:

  • AntiVir Desktop: Important System Update - requires immediate action
  • Avast Antivirus: Important System Update - requires immediate action
  • AVG Anti-Virus Free Edition: Important System Update - requires immediate action
  • Avira Desktop: Important System Update - requires immediate action
  • Baidu Antivirus: Important System Update - requires immediate action
  • Cloud Antivirus Firewall: Important System Update - requires immediate action
  • ESET NOD32 Antivirus: Important System Update - requires immediate action
  • Kaspersky Anti-Virus: Important System Update - requires immediate action
  • McAfee Personal Firewall: Important System Update - requires immediate action
  • Norton AntiVirus: Important System Update - requires immediate action
  • Norton Internet Security: Important System Update - requires immediate action
  • Norton 360: Important System Update - requires immediate action
  • Symantec Endpoint Protection: Important System Update - requires immediate action
  • Trend Micro Titanium Internet Security: Important System Update - requires immediate action

Although the subject line changes, the attached zip file containing the malicious executable stays the same.

Once the malware is executed, a connection is made to [http://]networksecurityx.hopto.org to download another file. The malware is using a process called ozybe.exe to perform tasks.

Symantec has the following protections in place for this threat:

Symantec advises following best practices to avoid becoming a victim of social engineering spam attacks:

  • Do not click on suspicious links in email messages.
  • Do not open any attachments from recipients you do not know.
  • Do not provide any personal information when replying an email.
  • Use comprehensive security software, such as Norton Internet Security or Norton 360, which protects you from phishing and social networking scams.
  • Exercise caution when clicking on enticing links sent through email or posted on social networks.

台風 30 号(ハイエン)に付け込んで DHA 攻撃を仕掛けるスパマー

0
0

台風 30 号(ハイエン)による最大の被災地となっているタクロバンが現在、スパマーによる大規模なディレクトリハーベスト攻撃(DHA)の標的となっています。

DHA 攻撃は、標的となった電子メールサーバーに関連する電子メールディレクトリや電子メールの有効性を確認するために仕掛けられます。その目的は、情報を収集してデータベースを整備したうえで、特定のサイトに対する大規模なスパム攻撃の基盤を準備することです。拒否された電子メールは送信されずに配信不能レポート(NDR)が返ってくるため、それ以外が有効なアドレスであると特定され、たちまち大量のスパムやフィッシング、マルウェアの添付された電子メールによる攻撃の標的となります。

この攻撃を仕掛けているスパムは、大手インターネットサイトやサービスプロバイダから著名な報道機関や通信社を装って送られていますが、その意図は、有効な電子メールアドレスを収集することにあります。

電子メールの作りはごく単純です。件名と本文の内容は、有名ニュースサイトで 2013 年 11 月 14 日前後に公開されたニュース記事からの引用です。差出人と件名には、スパムフィルタによる検出を避けるために末尾にランダムな数字が追加されています。

件名: Typhoon: After battle to survive, the struggle to live 26488(台風災害: 生き残った人々の被災生活続く 26488)
差出人:"Typhoon: After battle to survive, the struggle to live 26488"(「台風: 台風災害: 生き残った人々の被災生活続く 26488」)<電子メールアドレス>

Figure1_4.png

図 1. DHA 攻撃によって送信された、台風 30 号に関するスパムメール

ディレクトリハーベスト攻撃認識機能を設定して Web サイト環境を保護し、攻撃を撃退するためにスパムフィルタのアルゴリズムを更新するようにしてください。

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Tomcat サーバーを狙う攻撃者

0
0

シマンテックは、Apache Tomcat を実行しているサーバーを標的にする、新しいバックドア型のワームを確認しました。この脅威は、毎日のように発見される通常のワームとは若干毛色が異なります。

バックドア型のワームやトロイの木馬を使うと、攻撃者は侵入先のコンピュータ上でさまざまなコマンドを実行でき、実質的にコンピュータをリモートで制御できるようになります。つまり、ユーザーから重要な情報を盗み出すことも、そのコンピュータを利用して他のユーザーを攻撃することも可能だということです。

このタイプの攻撃は、デスクトップやラップトップなどの PC だけを標的にしていると思われがちですが、残念ながらそうではなく、サーバーも攻撃対象になります。サーバーは高性能なコンピュータであり、24 時間 365 日稼働しているため、むしろ標的としてはかなり貴重です。PHP.Backdoor.Trojanのように、PHP で記述されているバックドア型のトロイの木馬が一般的ですが、今回シマンテックが検出したバックドア型のワームは、Java サーブレットのように動作します。シマンテックは、これを Java.Tomdepと命名しました。
 

Tomdep 1.png

図 1. Java.Tomdep の拡散方法
 

この Java サーブレットは Apache Tomcat 上で実行されますが、Web ページは作成しません。代わりに IRC ボットのように機能し、IRC サーバーに接続して、攻撃者から送信されてきたコマンドを実行します。感染した Tomcat サーバーから Web ページにアクセスしたエンドユーザーは、この脅威の影響を受けません。感染したコンピュータは、ダウンロードやアップロード、新規プロセスの作成、SOCKS プロキシ、UDP フラッド、自身の更新といった標準的なコマンドだけでなく、他の Tomcat サーバーをスキャンして検索し、そこにマルウェアを送信することもできます。このことから、攻撃者の目的は、侵入先のサーバーから DDoS 攻撃を行うことにあるのかもしれません。

Java.Tomdep は、他の Tomcat サーバーを見つけると、以下のように弱いユーザー名とパスワードの組み合わせを使ってログインを試みます。
 

Tomdep 2 edit.png

図 2. Java.Tomdep がログインを試みるときに使うユーザー名とパスワード
 

次に、見つかった Tomcat サーバーに自身を配備します。
 

Tomdep 3 edit.png

図 3.見つかった Tomcat サーバーに Java.Tomdep が自身を配備
 

攻撃者のコマンド & コントロール(C&C)サーバーは、台湾とルクセンブルクに置かれていることが判明しています。シマンテック製品をお使いのお客様からの感染報告は、限られた国や地域からのみ寄せられています。
 

Tomdep 4 edit.png

図 4.感染報告のあった国や地域
 

これまでのところ、この脅威の被害を受けているコンピュータの数は多くありません。しかし、サーバーには PC と同じようなウイルス製品がインストールされていない場合もあるため、それが低い検出率の原因ではないことを祈るばかりです。

この脅威に感染しないように、サーバーとウイルス対策製品にはすべてのパッチを適用して、最新の状態に保つようにしてください。また、強力なパスワードを使うこと、そして管理ポートを一般アクセス用に開放しないことをお勧めします。

シマンテック製品は、今回の脅威を Java.Tomdepおよび Java.Tomdep!gen1として検出します。

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Spammers Aim to Ruin Holiday Fete

0
0

Contributor: Vivek Krishnamurthi

The holiday season starts in the United States on Thanksgiving on November 28 preceding Black Friday, which occurs on November 29. This also marks the beginning of the much awaited shopping season when people take to the streets to celebrate the shopping furor with their family and friends. The shopping buzz is fuelled by discount sales and promotional offers by online sites and retailer outlets.

With online commerce growing by the day, spammers may take advantage of the holiday season to target shoppers. The spammers usually send out fake promotional messages and bogus deals and lie in wait for any victims who are tricked by these scams. Symantec has been on the lookout for signs of such messages to warn the public on what to avoid this holiday season.

We found the most popular spamming techniques, which topped our chart early this holiday season 

Products offered at discounts never seen before
Spammers try to catch attention by offering crazy discounts or just sending out news of a sale on the hottest brands. Victims are usually those who are ill-informed about the spammers' tactics. Behind the catchy mail preview are links to fake websites that redirect users to Web pages that they never wanted to visit.

  figure1_2.png
Figure 1. Product spam related to Black Friday

figure2_0.png
Figure 2. Spam announcing a discount sale related to Black Friday and Thanksgiving

Survey spam promising shopping vouchers
Survey spam is another trick that the spammers employ to target victims. Survey invites claim to offer quick money, usually in the form of vouchers or discount cards. The links in this spam may lead users to fake surveys, which makes users reveal private information as answers to cleverly disguised questions.

figure3_0.png
Figure 3. Fake Survey related to Thanksgiving and Black Friday

Replica spam for watches
If you can’t afford that new watch you've been dreaming of for all these years, here is the spam for you. Spammers claim to offer a perfect replica iof a watch which is available at a fraction of the price. These messages lead to fake sites that are ready to take users’ money in return for…. nothing.

 

figure4.png
Figure 4. Replica watch spam related to Black Friday

Header patterns observed by Symantec in Thanksgiving weekend spam
The headers displayed in the messages could include anything ranging from catchy keywords about the sale to something as simple as random names.

  • From: "Thanksgiving Flowers" <Thanksgiving.Flowers@[REMOVED]>
  • From: "Black Friday Digital Camera" <BlackFridayDigitalCamera@[REMOVED]>
  • From: "Clearance | BestWay Time" <keepcommen.jc@[REMOVED]>

Subject lines are usually very cleverly crafted to draw attention to the mail. 

  • Subject: Find Black Friday Deals at [REMOVED]
  • Subject: Ahead of Black-Friday: [REMOVED] rolls out deals November 11th         
  • Subject: iPad Air Black Friday prices posted (90 percent savings)   
  • Subject: Black Friday Starts Today with [REMOVED]!
  • Subject: Make Thanksgiving extraordinary with fall flowers for $19.99!
  • Subject: Wow! Thanksgiving bouquets, just $19.99.
  • Subject: Look 23lbs thinner by thanksgiving
  • Subject: Receive increased spending limits on your card this Thanksgiving

Symantec advises our readers to use caution when opening unsolicited mails. False promises, blinding displays and unbelievable discounts are all part of spammer’s game. Anything that sounds too good to be true should be treated with skepticism. We are closely monitoring all attacks to ensure that readers are kept up to date with information on the latest threats. 

Symantec’s New Channel Strategy Charts Course for Successful Partner & Customer Transformation

0
0

Last week at our annual North America Partner Engage event, we pulled back the curtain on Symantec’s new Global Channel Strategy and shared how we are changing the way we go to market. We have committed to delivering more than 5 percent organic revenue growth with operating margins better than 30 percent, and we can’t achieve this goal without our partners. I’d like to take this opportunity to share more details about the new Global Channel Strategy and explain how it represents an important step forward in Symantec’s 4.0 journey.

But first, let me take a brief step back to provide some context around how we got to this point. When Steve Bennett, our CEO, joined Symantec over a year ago, he embarked on a global listening tour where partners, customers and employees voiced a need for Symantec to change. He learned that Symantec had great technology and great people, but we needed to do more to help our customers solve their bigger jobs. In addition, our structure, incentives and internal culture were hampering our growth. And while we have great point solutions, we also needed to develop new, integrated products that address important customer needs.

With that, we knew we had to completely revolutionize the way we do business and focus on delivering compelling, integrated, higher-value solutions that solve critical customer jobs better than anyone else. The changes we’re making as a company are reflected within our channel organization – with the goal of making it easier for partners to do business with us, by building partnerships that are more rewarding and by exceeding customer expectations. Here’s a look at the core components of our Global Channel Strategy:

  • We’ve mapped out the playing field for our partners to offer them guidance on where to play and invest to win in the market. We looked at the jobs that our partners are solving for customers, in addition to how they work with our products. We then analyzed our channel ecosystem to determine which partner types would be best suited to deliver the solutions that our customers need, in an optimal way. We are confident that this approach will provide partners with the flexibility to turn investments into more profitable results.  
  • We’re investing in our most committed and capable partners to drive deeper relationships with customers, while leveraging their unique value to help deliver a superior customer experience. Our partners will be recognized and rewarded based on the value they provide. Those who identify new opportunities, demonstrate expertise, close more deals and delight customers will have greater access to partner benefits. Additionally, we’ve re-evaluated our training tools and processes to better enable our partners with skills and capabilities to help address our customers’ most critical needs.
  • We’re making it easier for partners to do business with us, and providing a more predictable and consistent experience to meet changing customer and market demands. We’re collaborating and aligning with our partners on their business objectives to ensure that we are growing our businesses together. We’ve also established clear rules of engagement to ensure more consistent interaction with our partners.
  • We’re committed to building a channel-focused culture that understands, appreciates, and supports our partners’ growth and success – and ultimately the value that they bring to our mutual customers.

We are in the process of building our next generation Partner Program that supports this new strategy. It will help drive partner growth and profitability, while at the same time offering incentives to keep our partners focused in the areas of greatest opportunity. I can confidently say that we are more committed to our partners and distributors than ever before and we are focused on helping our partners solve our customers’ most important jobs together.

The Partner Program will be rolled out in phases starting in 2014 and our strategy will continue to evolve with the ever-changing market demands and business needs of our customers. Our intent is to ensure that we are always investing in the right channels at the right time, while also helping our partners to grow and sustain their business. The end results will be great for our customers and will help to widen the addressable market for ourselves and our partners.  Ultimately – together with our partners – we will make the world a safer place.

Viewing all 5094 articles
Browse latest View live




Latest Images