openPR Logo
Press release

Middle East Internet Users Relatively Unaffected by Flame and LinkedIn Cyber Attacks but Need to Implement Simple Security Measures

06-25-2012 09:23 PM CET | IT, New Media & Software

Press release from: help AG

Nicolai Solling, Director of Technology Services at help AG

Nicolai Solling, Director of Technology Services at help AG

DUBAI, United Arab Emirates- 25 June, 2012 - The Middle East which has over the last year seen a dramatic rise in malware attacks targeted at both private as well as government organizations recently fell victim the much talked about Flame virus. Another major security breach that has drawn tremendous media attention has been the leakage of over 6.5 million user passwords from the business networking site LinkedIn. The intentions behind these two attacks as well as their implications and impact are however vastly different.

Kaspersky Labs who first discovered the Flame threat described it as the 'most complex piece of malicious software yet.' With the widespread use of internet enabled devices and the increasing popularity of online portals for critical services such as e-banking in the region this attack raises serious questions about the security of such services.

Distribution Method and Infection Rates
Speaking about the manner in which the virus propagates, Nicolai Solling, Director of Technology Services at IT security expert help AG said, “The Flame virus is a highly advanced tool set of malicious code that can be executed on a windows based PC to gather or harvest data off the infected machine. It has now been revealed that the virus gains entry onto the machine by exploiting a vulnerability of the Windows Update Service. All updates provided for Windows require a security certificate signed by Microsoft. However, by providing a signed security certificate that appears to belong to Microsoft, the Flame virus bypasses this restriction. The unsuspecting PC then proceeds to download what appears to be a genuine Windows update which is in fact the loader for the Flame virus.”

“Once the loader has downloaded the actual virus, cyber criminals gain the ability to take screenshots, listen in to conversations though the system microphone and even capture video though an attached webcam. The size and sophistication of this attack is far beyond anything that has been seen before. Anyone could get Flame- for this the machine has to be exploitable for particular vulnerabilities. The good news is that many organizations do not have an environment where Flame could be installed. Also, as long as organizations and end users follow specific security practices and have a predictable environment, there is no reason for them to be concerned about the virus.”

As analysts uncover the details about Flame, it is now known that the distribution was fairly limited. As of last week, there were only a couple hundred machines known to be affected by the virus. This is a very small number especially when compared to infection rates of smaller and less sophisticated malware indicating that the attack has been targeted. Furthermore, the focus on the Middle East and the complexity of the virus and would indicate substantial financial backing and the support of a nation-state.

The Implications
Currently, based on what is known about Flame, it would be safe to say that the average user should lose no sleep worrying about it. Flame wasn’t as distributed as initially feared. If the user is running an updated antivirus and follows the normal practices, he will be safe. Another thing to note is that Flame is not that difficult to remove. Of course, this leaves out some users particularly those users who use pirated software and such, because such software cannot be updated with the latest security patches.

The Legacy of Flame
From a technical perspective, Flame is very intriguing as it is a rather advanced and impressive tool. If a computer was infected with Flame, the extent of information Flame would be able to pull from the computer is extensive. We haven’t seen anything like this before. On the other hand, the distribution, vulnerability and the exploitability that Flame was using may have been exaggerated. Going forward, there will likely be more and more advanced versions of the virus.

The LinkedIn Hack
Unlike Flame which was a targeted attack, the hacking of LinkedIn accounts has the potential to affect a tremendously larger group of users. Reports from the company, which had 161 million registered users as of 31 March 2012, suggest that over 6.5 million of these users' passwords have been leaked from their database.

A Real Cause for Panic?
As a security measure, LinkedIn, as well as most other internet companies, does not store passwords as clear-text but instead use a technique called Password Hashing. When a user logs in, it is the hash-value of the password that is actually being sent to the application which is then compared to the hash-value stored in the database. So in spite of these hash-values being leaked, users are still safe, right?

To some extent, this is true, because decoding a hash is normally a tedious trial-and-error type process which requires trying all possible combinations of characters. So in theory yes, the clear-text password has not been leaked but here is the problem: today there are databases available which allow hackers to compare a hash-value and then recreate the clear- text password. Once this has been done, the hacker gains compete access to the online account.

Protective Measures and Necessary Steps
So what can users do to protect themselves? The first and most obvious thing would be to change their LinkedIn password. Also, while on LinkedIn, users should check their profiles to make sure that no changes have been done. In particular, check the email addresses that have been linked to the profile and ensure that only authorized addresses are in this list.

In the coming weeks, users will probably come across websites that allow them to check if their LinkedIn passwords were leaked. A good example being www.leakedin.org. A word of advice however would be to first change the LinkedIn password and then use this service to check if the old password was leaked. Be sure to NEVER type in the new password as it cannot be certain who is monitoring the site.

Finally, users should develop their own password policy. This would involve changing the password at least once in two months and using strong passwords that use a combination of lower case, upper case, special characters and numbers. Users tend to re-use passwords across sites such as Facebook, LinkedIn, email accounts and even e-banking services. This is absolutely unacceptable as a single compromised account may lead to all other accounts being jeopardized.

As the number of internet threats grow in terms of volume and sophistication, users have to be increasingly aware of the consequences of their actions. As these threats hit closer to home, users can no longer afford to adopt the 'it will never happen to me' mentality. It is time to take charge of your online presence and remember- a hacker has only to be lucky once!

About help AG
help AG is a strategic information security consulting company, founded in Germany in 1995 and has been present in the Middle East since 2004. help AG provides leading enterprise businesses across the region with strategic consultancy combined with tailored information security solutions and services that address their diverse requirements enabling them to evolve securely with a competitive edge.

Each and every vendor solution help AG presents to a Client has been thoroughly researched and evaluated. help AG is constantly identifying new and innovative solutions to offer to the market through its own in-house research & development laboratory. For more information, please visit www.helpag.com.

Media Contact:
Ian Saldanha
PROCRE8
Villa 41, 81-d Street, Uptown Mirdif
P.O. Box 78835, Dubai
United Arab Emirates

This release was published on openPR.

Permanent link to this press release:

Copy
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.

You can edit or delete your press release Middle East Internet Users Relatively Unaffected by Flame and LinkedIn Cyber Attacks but Need to Implement Simple Security Measures here

News-ID: 226670 • Views: 2141

More Releases from help AG

Help AG to Conduct Live-Hacking at GISEC to Highlight Top Middle East Cyber Secu …
DUBAI, United Arab Emirates- 08 March, 2016: Help AG, a leading information security services and solutions provider in the Middle East, today announced its participation at GISEC, taking place at the Dubai World Trade Center (DWTC) from 29 to 31 March 2016. The security specialist has clearly marked three focus areas for its participation – to highlight its extensive portfolio of services, including its Managed Security Services (MSS); demonstrate its
Help AG Announces Participation at GISEC 2015 Together with 6 Vendor Partners
DUBAI, United Arab Emirates- 19 April 2015: Help AG, a leading information security services and solutions provider in the Middle East, has announced its participation at GISEC 2015, taking place in Dubai from the 26th to the 28th of April 2015, where it will be present together with six of its vendor partners. In addition to demonstrating each of these vendors' technologies, the company will focus on showcasing its own
Help AG Launches Managed Security Services in the Middle East
Dubai, United Arab Emirates - 22 March, 2015 - To enable government and large enterprise businesses in the Middle East to combat the threat of cyber-attack, achieve IT compliance, and drastically reduce incident resolution time, without the significant overhead of a dedicated IT security department, Help AG, the leading information security services and solutions provider in the Middle East, has established its new Managed Security Services (MSS) division. The company
Help AG Announces Reseller Agreement with Splunk
DUBAI, United Arab Emirates, 11 December, 2014: Help AG, a leading information security services and solutions provider in the Middle East, has announced the signing of a reseller agreement with Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, that will enable it to offer Splunk® software, including Splunk Enterprise, to businesses in the Qatar, Saudi Arabia and UAE region. As per the agreement, Help AG will

All 5 Releases


More Releases for Flame

Flame Proof Lighting Market by Product Type (Flame Proof Fluorescent Lighting, L …
Flame proof lightning is popularly known as intrinsically safe and lights hazard location lighting. These lighting systems are commonly used in areas where flammable petrochemical pulverized dust and vapors have potential to exist, such as, gas and oil industry, where volatile and highly flammable matters are handled. Flame proof lightning systems have a long duration working potential without any start up complications or production of heat. In addition, flame proof
Flame Proof Lighting Market by Product Type (Flame Proof Fluorescent Lighting, L …
Flame proof lightning is popularly known as intrinsically safe and lights hazard location lighting. These lighting systems are commonly used in areas where flammable petrochemical pulverized dust and vapors have potential to exist, such as, gas and oil industry, where volatile and highly flammable matters are handled. Flame proof lightning systems have a long duration working potential without any start up complications or production of heat. In addition, flame proof
Flame supports F.A.C.T. with £9,000 donation
Flame Heating Group is supporting a North East cancer charity Fighting All Cancers Together (F.A.C.T.) with an £9,290 donation. The firm has been fundraising for F.A.C.T. over the course of 2018, as it is the heating and plumbing merchant's nominated charity for this year. Flame hosted a series of charitable events, culminating in its annual; 'Flame The Heat Is On' Racenight at Newcastle Racecourse. HSBC UK matched all donations from the racenight,
TCPP Flame Retardant Market Report 2017-2022
About TCPP Flame Retardant Asia-Pacific TCPP Flame Retardant market is valued at USD XX million in 2016 and is expected to reach USD XX million by the end of 2022, growing at a CAGR of XX% between 2016 and 2022. Request Sample Copy @ https://www.reportsandmarkets.com/sample-request/asia-pacific-tcpp-flame-retardant-market-report-2017-1623030 Geographically, this report split Asia-Pacific into several key Regions, with sales (K MT), revenue (Million USD), market share and growth rate of
Flame Resistant Fabrics Market report, 2015 – 2020
The report covers forecast and analysis for the Flame Resistant Fabrics market on a global and regional level. The study provides historic data of 2015 along with a forecast from 2016 to 2021 based on volume and revenue (USD Million). The study includes drivers and restraints for the market along with the impact they have on the demand over the forecast period. Additionally, the report includes study of opportunities available
Global Organophosphorus Flame Retardant Industry Report 2016
The recently published report titled Global Organophosphorus Flame Retardant Industry 2016 Market Research Report is an in depth study providing complete analysis of the industry for the period 2016 – 2021. It provides complete overview of Global Organophosphorus Flame Retardant market considering all the major industry trends, market dynamics and competitive scenario. The Global Organophosphorus Flame Retardant Industry Report 2016 is an in depth study analyzing the current state of the