IT Security Stories to Watch: 'Backoff' Malware, COSEINC on Antivirus

Welcome to August, aka Audio Appreciation Month, Happiness Happens Month and Panini Month! Meanwhile, the U.S. Department of Homeland Security (DHS), COSEINC and Oracle (ORCL) are three of this week's top IT security newsmakers.

Dan Kobialka, Contributing writer

August 5, 2014

3 Min Read
The US Department of Homeland Security DHS COSEINC and Oracle ORCL are three of this week39s top IT security newsmakers
The U.S. Department of Homeland Security (DHS), COSEINC and Oracle (ORCL) are three of this week's top IT security newsmakers.

Welcome to August, aka Audio Appreciation Month, Happiness Happens Month and Panini Month!

The dog days of summer are officially here, and in the world of IT security, the U.S. Department of Homeland Security (DHS), COSEINC and Oracle (ORCL) are three of this week’s top newsmakers.

Want to learn more about these organizations and their impact on the IT security market? Check out this week’s IT security stories to watch:

1. DHS warns retailers about “Backoff” malware
DHS has advised retailers about “Backoff,” undetectable malware that is reportedly affecting U.S. retailers.

Backoff was first identified in Oct. 2013, according to Reuters, and the malware’s capabilities include:

  • Logging keystrokes

  • Injecting malicious content into files

  • Scraping memory for track data

DHS said Backoff could put both businesses and consumers at risk.

“These breaches can impact a business’ brand and reputation, while consumers’ information can be used to make fraudulent purchases or risk compromise of bank accounts,” the government agency said.

2. COSEINC: Antivirus software is not very secure
Joxean Koret, a researcher at Singapore-based security company COSEINC, said he believes antivirus software often is not as secure as it seems.

Many well-known antivirus products are flawed, Koret pointed out during his presentation at the SyScan 360 information security conference in Beijing.

AV-TEST CEO Andreas Marx, however, said he believes companies should not necessarily be concerned with Koret’s findings just yet.

“Insecure code might put the user at risk, as demonstrated in the presentation. However, at the moment, such attacks are more research-oriented (proof of concept) or might be used for targeted attacks,” Marx told Tom’s Guide. “I’m not aware of a recent widespread virus or other malware which exploited a vulnerability in AV software.”

3. Mobile security is one of the top concerns for IT executives
A new Oracle survey of 414 IT executives revealed mobile security was the top concern for enterprise mobile device adoption and management.

The survey, titled “The Connected Enterprise: Keeping Pace with Mobile Development,” showed 93 percent of respondents cited concerns over data loss and other security breaches related to mobile devices with bring-your-own-device (BYOD).

Researchers also found organizations are turning more to centralized management rather than relying on users for security.

“Mobility has been ubiquitous for a while, but only 10 percent of enterprises have an enterprise-wide deployment of mobile. Its impact and adoption are gaining importance today,” Suhas Uliyar, Oracle’s vice president of mobile strategy & product management, said in a prepared statement.

4. Alert Logic releases security solutions for Google Cloud Platform
Alert Logic, a security-as-a-service (SECaaS) company, last week started providing its security solutions via Google Cloud Platform.

The company now offers its Log Manager and Threat Manager services on Google‘s (GOOG’s) cloud and will eventually provide Web Security Manager as well.

“Google is a leading technology visionary and has been very aggressive with feature additions and price reductions. Our service offering is ideal for their customers as we provide both a security software-as-a-service and a 24×7 security monitoring service,” an Alert Logic spokesperson told MSPmentor. “We believe that the long-term impact of this offering will be to increase adoption of the Google Cloud Platform by those customers that care the most about security and compliance.”

The spokesperson added the release of Alert Logic’s new Google Cloud Platform services moves her company closer to becoming “the cloud security leader.”

What do you think will be the biggest IT security stories for MSPs this week? Share your thoughts in the Comments section below, via Twitter @dkobialka or email me at [email protected].

About the Author

Dan Kobialka

Contributing writer, Penton Technology

Dan Kobialka is a contributing writer for MSPmentor and Talkin' Cloud. In the past, he has produced content for numerous print and online publications, including the Boston Business Journal, Boston Herald and Patch.com. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State College (now Bridgewater State University). In his free time, Kobialka enjoys jogging, traveling, playing sports, touring breweries and watching football (Go Patriots!).  

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like