Mikko Hypponen, chief research officer at F-Secure, indicated that the cyber operations budget for 2015 will be 8.5 per cent larger than 2014 and this was how he arrived at the $5 billion [£3 billion] figure above, adding, “In any case, the budget for cyber operations is huge. For comparison, I believe DARPA’s budget is $3 billion [£1.8 billion].”
“It looks like it may be a spinoff from the Carperb banking Trojan, for which the source was leaked to public domain a year ago, but this has not been confirmed yet,” F-Secure director of security response, Antti Tikkanen, told Infosecurity. “It remains to be seen if Kronos gets buyers from the underground market, and if the features are as advertised.”
Nasdaq Hackers Used Two Zero Days But Motives a Mystery
F-Secure director of security response, Antti Tikkanen argued that there’s not enough publically available information to deduce that Moscow had a hand in the attack. “Zero-days are one indication that the attacker has more resources than on average, but it’s not always the case that zero-days indicate a nation-state actor,” he told Infosecurity. “I think in Nasdaq, along with other high-value targets, are now better equipped than they were in 2010. Are they well-enough equipped to be safe from skilled attackers? Probably not.”
Includes F-Secure CosmicDuke/MiniDuke Announcement & Sean Sullivan Quote - "At the moment, crimeware which targets consumers is under attack by international law enforcement. It is quite possible that the displaced crimeware vendors found a new buyer of information," speculated F-Secure security advisor, Sean Sullivan.
Free Avast Vs F-Secure which one is the better AntiVirus?
"Let’s begin with perhaps the most significant difference between the two programs – Avast includes a Virtual Sandbox feature, whereas F-Secure does not ... “Incase anyone is starting to feel a little sort for F-Secure, they do have the best and most user friendly control panel and also include parental controls for those happy to let their kids surf alone online. For some users this will be an important consideration, and while Avast has a perfectly functional interface it does not offer such filtering ... "In regards to customer service and support F-Secure have an excellent reputation not just for being typically able to resolve issues swiftly but also in being really simple to get in touch with. They offer not just phone or online form submission (As Avast does), but also email and chat ... “Those looking for a clean, deceptively powerful, family and customer friendly product may find their heads turned towards F-Secure.”
REFILE-Israel's Nation-E sees revenue of up to $400 mln by year end
“Researchers with F-Secure of Finland and Symantec reported last week that they believe the "Energetic Bear" hacking group was behind a campaign to infect energy and industrial firms with malicious software.”
International Business Times
CosmicDuke: The Latest Strand to Russia’s Cyber-Espionage Campaign
Includes F-Secure CosmicDuke Announcement & Tirmo Hirvonen (Labs Blog) Quoted - "Moreover, we found that the loader was updated at some point, and both malware families took the updated loader into use," a blog post by F-Secure security researcher Timo Hirvonen explains. "Since Cosmu is the first malware known to share code with MiniDuke, we decided to name the samples showing this amalgamation of the MiniDuke-derived loader and Cosmu-derived payload as CosmicDuke."
Sean Sullivan Quoted - “The Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, issued the request after researchers with F-Secure … “ “The request follows another alert last week on Havex from ICS-CERT, which said that the agency and F-Secure had learned that the malicious software was designed to send a map of the network infrastructure back to the hackers' command-and-control server.” “F-Secure and Symantec said they believed the malicious software had so far only being used for spying, but that it had the capability to be used for sabotage. "They are scanning and mapping out industrial control system networks," said F-Secure researcher Sean Sullivan. "They are probably passing on the ones that are of interest to other groups."
US companies warned against “Energetic Bear” virus
“Meanwhile, F-Secure has claimed that the attackers used a remote access trojan (RAT) named Havex to hunt for vulnerable industrial control systems (ICS) with a view to ultimately accessing critical infrastructure used to manage electrical, water, oil, gas and data supplies.”
“Technical assistance was provided by Dell SecureWorks and CrowdStrike. Numerous other companies also provided assistance, including facilitating efforts by victims to remediate the damage to their computers inflicted by Gameover Zeus. These companies include Microsoft Corporation, Abuse.ch, Afilias, F-Secure, Level 3 Communications, McAfee, Neustar, Shadowserver, Anubis Networks, Symantec, Heimdal Security, Sophos and Trend Micro.”
Evolved Cridex cyber attack found with 50,000 stolen credentials
“Cridex is one of many old attack tools to receive a technical upgrade in recent weeks. Researchers at F-Secure uncovered a fresh BlackEnergy hack campaign believed to be targeting European governments with a wave of spear-phishing emails masquerading as IT alerts in June.”
U.S. Urges Energy Companies To Be On Guard Against Russian Cyberattacks
“The group is known to private malware researchers as “Energetic Bear” because it operates during Russian working hours and mostly targets Western energy companies. The U.S. security firm Symantec and F-Secure of Finland report that the group was responsible for an effort to implant the Havex Trojan infect in their victims’ computers” … “Symantec and F-Secure say the malware ordinarily is used only for spying, but can be modified to sabotage a machine.”
Wondering where our story on Russians hacking energy companies is?
Links to previous article which mentions F-Secure: Attackers fling Stuxnet-style RATs at critical control software in EUROPE
Mix 96 / Bridge FM / Radioaire / Radiocity / CFM Radio / City Talk FM / 9.74 Rock FM / Radio Borders / Central FM / North Sound / Basingstoke The Breeze / Andover The Breeze / Key103 / Clyde1 / Hallam FM / 2br / Juice Brighton / Gaydio / Forthone / Tayam / LBC.co.uk / Sky.com / Jack Bristol / My Gold Music / Radio Pembrokeshire / Virus BFN / Minster FM / Kerrang Radio / Three FM / My Gold Music / Sun FM / Stray FM / Cool FM / Orange.co.uk / KLFM 967 / Viking FM / Metro Radio / 964 Eagle / Yorkshire Coast Radio / Wessex FM / Manchester’s Magic / Viking FM / North Sound / Pirate FM
Sean Sullivan, a mobile security expert at F-Secure, believes that the integration is a "move in the right direction" but is unconvinced that it will solve all the problems. "I don't know if this will be the 'killer app' which makes the difference," Sullivan told IBTimes UK. "Many security-minded businesses are already allowing personal devices in their networks. Perhaps Knox won't move them further, but it could allow them to more easily manage what they've already allowed. And things can then evolve from there."
Brief Mention of the European Press Trip & Mikko Hypponen Quote - "Victoria's finest are not alone in their clingy love for XP; a new three-month BitDefender study declared one in five small to medium sized businesses still used the operating system while F-Secure security thinker Mikko Hypponen declared he "can't wait for Windows XP to die".
eBay bans sales of smartphone with built-in spyware
Brief Mention of the Mobile Threat Report - “According to 2013 figures from F-Secure, around 97 per cent of new mobile malware targets Android smartphones as opposed to iOS, BlackBerry and Windows Phone devices. Of these threats, almost nine in ten (88 per cent) are trojans.”
InfoCom shows that loud-based security for SMEs is offered as value-added to FTTx
“The most common security solution adopted by SME customers worldwide is software-based with basic features based on software of ESET, F-Secure, McAfee, Symantec and Trend Micro. F-Secure and McAfee are, by far, the most popular choices with McAfee being dominant in North America and Latin America, while F-Secure has a stronger foothold among providers in the Asia Pacific, Eastern Europe and Western Europe.”
(Includes mention of the European Press Trip currently taking place in Helsinki, Finland and Link to above article. - “The warnings around XP come as F-Secure’s chief security researcher Mikko Hypponen voiced his frustration XP is still so embedded in company’s, during a press event attended by V3’s sister site The Inquirer.”)
Chinese smartphone on sale on Amazon and eBay contains built-in malware
(Includes small mention of the F-Secure Mobile Threat Report. - "Android accounted for 97% of the malware targeted at mobile devices last year, according to data from security firm F-Secure, an increase of 20% year on year.”)
“During his SysScan talk, Koret disclosed vulnerabilities and some other security issues, like the lack of ASLR protection for some components, in antivirus products from Panda Security, Bitdefender, Kaspersky Lab, ESET, Sophos, Comodo, AVG, IKARUS Security Software, Doctor Web, MicroWorld Technologies, BKAV, Fortinet and ClamAV. However, he also claimed to have found vulnerabilities in the Avira, Avast, F-Prot and F-Secure antivirus products.”
IT Security Guru
US Department of Defence seeks $5 billion in cyber funding
Mikko Hypponen, chief research officer at F-Secure, pointed out that the cyber operations budget for 2015 is 8.5 per cent larger than for 2014. “In any case, the budget for cyber operations is huge. For comparison, I believe DARPA’s budget is $3 billion, he said.
Google updates Play store API for Android developers
In April, F-Secure revealed that 99 percent of mobile malware came from the Android operating system, however of that, just two percent was found in the Google Play store. Up to one million Android users fell victim to a Bitcoin mining virus after downloading infected software.
Antti Tikkanen quoted - Antti Tikkanen, director of security response at antivirus vendor F-Secure, said that the ECB had reacted quickly to the incident and praised the network segregation. “I think the ECB came out with quite a clear statement on what has happened, and explained what kind of data was lost. In general, the best option is not to store any data you fear you might lose. If you can't do that, then encrypt it. Sometimes all data simply can't be encrypted because of the way it's used. If only customer contact data was lost, they did a better job than average with segregation."
Mention of Mobile Threat Report - “A study from security specialist F-Secure found that Android-based malware accounted for 97% of all mobile malware in 2013. The remaining 3% targeted Nokia's discontinued Symbian OS, while iOS, BlackBerry, and Microsoft Windows Phones accounted for 0% of all malware attacks.”
Allen Scott Quoted - "MD Allen Scott, MD of security experts F-Secure said: "We understand that many people are a bit lost when it comes to online protection, which is why we've compiled advice to give some guidance."
Sean Sullivan quoted - "On the JP Morgan figure, F-Secure researcher Sean Sullivan said that it wasn't clear what the money is for: “It's difficult to tell what exactly the increase is for. I get the sense it's just added costs related to DDoS mitigation, and not for actually improving core security principals.”
Mobile Threat Report quoted - "Android's security as a health-care platform is also questionable. F-Secure recently reported that out of all the malware discovered during the first quarter of 2014, Android was targeted by 275 out of 277 "threat families" (malware-infected apps sharing a common code). iOS and Symbian were each only targeted by a single threat family."
(Mikko Hypponen of rival security firm F-Secure recently said, "I can't wait for Windows XP to die. I’m glad Microsoft stopped shipping updates. I'm mad at Microsoft for shipping updates after end of support, it should try and kill this beast. But it's not dead yet.")
Mikko Hypponen says John Kerry should 'shut the f*** up' about Snowden
(Mikko Hypponen has slammed US Secretary of State John Kerry for branding Edward Snowden a "coward" and a "traitor," and saying that the US National Security Agency (NSA) document leaker should "man up" and return to the United States from Russia to "make his case".)