I see a lot of quarterly threat reports over the course of the year, and most of them primarily warn against the same threats and concerns. But Kindsight's first quarter threat report had a few things that caught my eye.
First is the threat of DNSChanger. Concern about DNSChanger is in the news again - and probably will be for a little while because of the coming July deadline when the FBI shuts down the temporary sites, an event that was supposed to happen in March. That there are still so many computers infected with DNSChanger, which has led Kindsight to include it as a top threat for the first quarter of 2012. According to the report:
10-Step Security and Vulnerability Assessment Plan
Use this plan to ensure your information system controls are correctly implemented.
This Alureon/TDSS rootkit was consistently in the top 5 throughout Q1 2012. It was used as an infection vector for DNSChanger but is also a platform for the installation of additional malware components. An Alureon infection is often followed by a sequence of infections from spambots, banking Trojans and fake anti-virus software.
I admit that I'm surprised that DNSChanger could still be such a problem. It has been pretty well discussed in mainstream media, as well as in technical and security media. The FBI has provided information on how to tell if your computer is infected (but then, I talked to a woman who doesn't trust any links provided by the government, so that's a problem in and of itself). Yet, Kindsight said that not only are a half a million computers still threatened with going dark come July, one in 400 households are as well. This could create quite a problem for those who depend on their home systems to connect with the office.
The other major threat that caught my eye was the Flashback Trojan and the rising security threats to Macs and the Apple OS. Yes, the Flashback threat has been well documented here and other places over the past month, but Apple is rarely a major player in the threat reports I see. Kindsight showed a chart of home computers that are infected with a Windows malware and that are infected with the Flashback Trojan. The numbers were surprisingly close - 13 percent of Windows, 7 percent of Macs. Again, yes, I know these are home computers, but we know that a lot of people - if not the vast majority - at some point are connecting with their office network or using their home computer for business use. The risks on our home computers could end up affecting the security of the business side, so we need to pay attention to what is happening on our personal devices.
Of course, the threat report has some old standby threats - phishing attacks and Zeus - but, in my opinion, the takeaway from this threat report is how these threats are starting to evolve from our typical threat comfort zone (if you will) and how threats that impact our personal systems can end up affecting the business side. It would probably be good to initiate conversations about the security of home systems that use the business networks and make sure that security is being practiced on both sides.