[2376] in Security FYI


home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[IS&T Security-FYI] SFYI Newsletter, April 4, 2011

daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Apr 4 15:29:15 2011

From: Monique Yeaton <myeaton@mit.edu>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@mit.edu>
Date: Mon, 4 Apr 2011 15:27:45 -0400
Message-ID: <C9BF93F1.1425D%myeaton@exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Cc: "itss@mit.edu" <itss@mit.edu>
Content-Type: multipart/mixed; boundary="===============0170863770=="
Errors-To: ist-security-fyi-bounces@mit.edu

--===============0170863770==
Content-Language: en-US
Content-Type: multipart/alternative;
	boundary="_000_C9BF93F11425Dmyeatonexchangemitedu_"

--_000_C9BF93F11425Dmyeatonexchangemitedu_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


In this issue:


1. The Cost of a Data Breach in the US

2. Spam Botnet Takedown



-------------------------------------------------

1. The Cost of a Data Breach in the US

-------------------------------------------------


A study conducted by the Ponemon Institute on behalf of Symantec (a securit=
y software company), shows that the average organizational cost of a data b=
reach increased to $7.2 million and cost US companies an average of $214 pe=
r compromised record, markedly higher when compared to $204 in 2009.


The study is based on the actual data breach experiences of 51 US companies=
 from 15 different industry sectors. For the fifth year in a row, data brea=
ch costs have continued to rise (except, notably, in the Education sector, =
where costs fell from $203 per record in 2009 to $112 in 2010.)


The costs are applicable to organizations that experience large data breach=
es (between 1000 and 100,000 compromised records). Included in the business=
 costs are expense outlays for detection, escalation, notification, and aft=
er-the-fact response.


The study also analyzes the impact of lost or diminished customer trust and=
 confidence as measured by customer turnover rates. As could be expected, c=
ompanies who have larger numbers of records breached, pay more per record b=
ecause of the higher than normal turnover of customers.


Causes of data breaches: malicious or criminal attacks led to 31% of breach=
es, systems failures were around 27% and negligence around 41%.


You can learn more about the study or download a copy of the report here:

<http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=3D=
ponemon>



---------------------------------

2. Spam Botnet Takedown

---------------------------------


Global spam volumes dropped by a third following the takedown of the infamo=
us Rustock botnet last month, according to MessageLabs.


The takedown occurred on March 17, and junk mail decreased to around 33 bil=
lion emails a day, compared to an average of 52 billion a day the previous =
week.


However, other botnets have since stepped in to fill the spam void. Bagle h=
as already taken over from Rustock as the single biggest source of junk mai=
l.


Microsoft is attempting to hunt down the Rustock botnet controllers, by pos=
ting the date, time and location of an upcoming court hearing, where defend=
ants will have an opportunity to be heard, on their Web site and to one or =
more major Russian newspapers.


"We will have to send out a notice to the individual or group of individual=
s we believe is behind the bot," Richard Boscovich, senior attorney for Mic=
rosoft's Digital Crimes Unit, said. As Krebsonsecurity.com blogger Brian Kr=
ebs noted, "It will be interesting to see who, if anyone, responds to Micro=
soft notices, and whether the veil of anonymity will be lifted from the pse=
udonyms of botmasters, spammers and account holders."


Read the story in full here:

<http://krebsonsecurity.com/2011/03/microsoft-hunting-rustock-controllers/>



=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D


To read all current and archived articles online, visit the Security-FYI Bl=
og at <http://securityfyi.wordpress.com/>

Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security



--_000_C9BF93F11425Dmyeatonexchangemitedu_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html><head></head><body style=3D"word-wrap: break-word; -webkit-nbsp-mode:=
 space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-si=
ze: 14px; font-family: Calibri, sans-serif; "><div><div><div><p style=3D"ma=
rgin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px">=
<br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">In thi=
s issue:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1. The=
 Cost of a Data Breach in the US</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">2. Spa=
m Botnet Takedown</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
-------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">1. The=
 Cost of a Data Breach in the US</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
-------------------------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">A stud=
y conducted by the Ponemon Institute on behalf of Symantec (a security soft=
ware company), shows that the average organizational cost of a data breach =
increased to $7.2 million and cost US companies an average of $214 per comp=
romised record, markedly higher when compared to $204 in 2009.&nbsp;</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">The st=
udy is based on the actual data breach experiences of 51 US companies from =
15 different industry sectors. For the fifth year in a row, data breach cos=
ts have continued to rise (except, notably, in the Education sector, where =
costs fell from $203 per record in 2009 to $112 in 2010.)&nbsp;</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">The co=
sts are applicable to organizations that experience large data breaches (be=
tween 1000 and 100,000 compromised records). Included in the business costs=
 are expense outlays for detection, escalation, notification, and after-the=
-fact response.&nbsp;</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">The st=
udy also analyzes the impact of lost or diminished customer trust and confi=
dence as measured by customer turnover rates. As could be expected, compani=
es who have larger numbers of records breached, pay more per record because=
 of the higher than normal turnover of customers.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Causes=
 of data breaches: malicious or criminal attacks led to 31% of breaches, sy=
stems failures were around 27% and negligence around 41%. &nbsp;</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">You ca=
n learn more about the study or download a copy of the report here:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">&lt;ht=
tp://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=3Dpon=
emon&gt;</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
---------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">2. Spa=
m Botnet Takedown</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">------=
---------------------------</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Global=
 spam volumes dropped by a third following the takedown of the infamous Rus=
tock botnet last month, according to MessageLabs.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">The ta=
kedown occurred on March 17, and junk mail decreased to around 33 billion e=
mails a day, compared to an average of 52 billion a day the previous week.<=
/p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Howeve=
r, other botnets have since stepped in to fill the spam void. Bagle has alr=
eady taken over from Rustock as the single biggest source of junk mail.</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Micros=
oft is attempting to hunt down the Rustock botnet controllers, by posting t=
he date, time and location of an upcoming court hearing, where defendants w=
ill have an opportunity to be heard, on their Web site and to one or more m=
ajor Russian newspapers.&nbsp;</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">"We wi=
ll have to send out a notice to the individual or group of individuals we b=
elieve is behind the bot," Richard Boscovich, senior attorney for Microsoft=
's Digital Crimes Unit, said. As Krebsonsecurity.com blogger Brian Krebs no=
ted, "It will be interesting to see who, if anyone, responds to Microsoft n=
otices, and whether the veil of anonymity will be lifted from the pseudonym=
s of botmasters, spammers and account holders."</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">Read t=
he story in full here:</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica">&lt;ht=
tp://krebsonsecurity.com/2011/03/microsoft-hunting-rustock-controllers/&gt;=
</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-he=
ight: 17.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial; min-height=
: 16.0px"><br></p>
<p style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Arial">To read al=
l current and archived articles online, visit the Security-FYI Blog at &lt;=
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"text-decoratio=
n: underline ; color: #3369b5">http://securityfyi.wordpress.com/</span></a>=
&gt;</p></div><div><div style=3D"word-wrap: break-word; -webkit-nbsp-mode: =
space; -webkit-line-break: after-white-space; font-family: Helvetica; "><sp=
an class=3D"Apple-style-span" style=3D"border-collapse: separate; -webkit-b=
order-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color:=
 rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal;=
 font-variant: normal; font-weight: normal; letter-spacing: normal; line-he=
ight: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -=
webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-spac=
e: normal; widows: 2; word-spacing: 0px; "><span class=3D"Apple-style-span"=
 style=3D"border-collapse: separate; -webkit-border-horizontal-spacing: 0px=
; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: H=
elvetica; font-size: 14px; font-style: normal; font-variant: normal; font-w=
eight: normal; letter-spacing: normal; line-height: normal; -webkit-text-de=
corations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto=
; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-sp=
acing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: se=
parate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spa=
cing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; fo=
nt-style: normal; font-variant: normal; font-weight: normal; letter-spacing=
: normal; line-height: normal; -webkit-text-decorations-in-effect: none; te=
xt-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orpha=
ns: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class=3D"=
Apple-style-span" style=3D"border-collapse: separate; -webkit-border-horizo=
ntal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0=
); font-family: Helvetica; font-size: 14px; font-style: normal; font-varian=
t: normal; font-weight: normal; letter-spacing: normal; line-height: normal=
; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-=
size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; w=
idows: 2; word-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"bo=
rder-collapse: separate; -webkit-border-horizontal-spacing: 0px; -webkit-bo=
rder-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; fo=
nt-size: 14px; font-style: normal; font-variant: normal; font-weight: norma=
l; letter-spacing: normal; line-height: normal; -webkit-text-decorations-in=
-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text-trans=
form: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; =
"><span class=3D"Apple-style-span" style=3D"border-collapse: separate; -web=
kit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; c=
olor: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: no=
rmal; font-variant: normal; font-weight: normal; letter-spacing: normal; li=
ne-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0=
px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white=
-space: normal; widows: 2; word-spacing: 0px; "><span class=3D"Apple-style-=
span" style=3D"border-collapse: separate; -webkit-border-horizontal-spacing=
: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-fami=
ly: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; f=
ont-weight: normal; letter-spacing: normal; line-height: normal; -webkit-te=
xt-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust:=
 auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; wo=
rd-spacing: 0px; "><div style=3D"font-size: 12px; "><br></div><div style=3D=
"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12=
px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cl=
ass=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-s=
tyle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" sty=
le=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-siz=
e: 12px; ">Monique Yeaton</span></span></span></span></span></span></div><d=
iv style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"fo=
nt-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px;=
 "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=
=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-styl=
e-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=
=3D"font-size: 12px; ">IT Security Awareness Consultant</span></span></span=
></span></span></span></div><div style=3D"font-size: 12px; "><span class=3D=
"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-s=
pan" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; ">MIT Information Service=
s &amp; Technology (IS&amp;T)</span></span></span></span></span></span></di=
v><div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=
=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size:=
 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span=
 class=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Appl=
e-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; ">(617) 253-2715</span></span></span></span></spa=
n></span></div><div style=3D"font-size: 12px; "><span class=3D"Apple-style-=
span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D=
"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12=
px; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cl=
ass=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-s=
tyle-span" style=3D"font-size: 12px; ">http://ist.mit.edu/security</span></=
span></span></span></span></span></div><div style=3D"font-size: 12px; "><br=
 class=3D"khtml-block-placeholder"></div><br class=3D"Apple-interchange-new=
line"></span></span></span></span></span></span></span></div></div></div></=
div></body></html>

--_000_C9BF93F11425Dmyeatonexchangemitedu_--

--===============0170863770==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0170863770==--

home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[2376] in Security FYI

[IS&T Security-FYI] SFYI Newsletter, April 4, 2011

daemon@ATHENA.MIT.EDU (Monique Yeaton)Mon Apr 4 15:29:15 2011

daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Apr 4 15:29:15 2011
