Different IT attacks are becoming common food in the press and one of the most dominant recently is denial-of service attacks (DDoS attacks) after the SpamHaus DDoS attack, allegedly the largest one ever (Largest DDoS Attack didn't break the Internet).

This is causing significant business risk to companies and organizations when their servers connected to the Internet are temporarily or indefinitely interrupted. There are several examples of customers suffering from significant business outages causing their entire business to stop, for example online banking, e-commerce and government organizations. We have seen reports of these in virtually every country in Europe, just recently in Denmark, the Netherlands and Sweden. (Dutch ING targeted in DDoS, Dutch example, Swedish Government Site Knocked Out, Danish Banking & Tax Payers in chaos after DDOS attack)

Apparently there’s a new way to rock the vote. And that’s through cyber fraud and deception. Yay, technology?

Sometimes semantics are everything—especially when it comes to virtualization security. Though still considered an emerging market, virtualization security is no baby. Rather, and perhaps unfortunately, it’s become somewhat of a misunderstood adolescent, still trying to have its voice heard, its meaning understood, and its potential realized.

Perhaps the best way to begin unraveling the confusion is to say what a virtualization-specific security solution is not. And it’s not a firewall implemented as a virtual machine.

There’s a new malware in town—and it’s name is Morcut/Crisis.

A Trojan virus, Morcut arrives via a file named “AdobeFlashPlayer.jar” and opens up a backdoor component on the infected user’s system. It can record Skype conversations, capture traffic from instant messaging programs, and track websites visited in Firefox or Safari. And while it’s primarily been seen to target and install on Mac and Windows computers, the latest news is that Morcut may be the first of its malware kind to attempt to spread specifically to virtual machines (VMs).

Just a quick head ups—Juniper’s vGW Virtual Gateway version 5.5 is now available.

Scams come in all shapes and sizes. Often, the driving force is money or fame. I recently read about a particularly odd scheme in The New Yorker that, well, could have been about both. Or neither.

Kip Litton ran marathons. Lots of them. Or so he claimed.

Kip Litton also clocked some pretty impressive race times. Or so he claimed.

The long and short of it is that Kip Litton was a con artist. Ultimately, the only thing he was doing well or “winning” at was lying. He was a mastermind of marathon fraud.

Johnnie Konstantas, director of product marketing for cloud security at Juniper Networks, talks virtualization security. 

VMworld 2012 completed with record-setting attendance and another year’s testament that this is one of, if not the, premier conference of the technology industry.

“Despite the economic malaise still hovering over some of the world’s largest economies, the security service market is strong and growing, driven by increasing global demand from organizations of all sizes due to the proliferation of threats of all types, the complexity of current security solutions, widespread use of a wide variety of devices/platforms/apps, and the desire of many product manufacturers service providers to add revenue and improve margins,” according to market research firm, Infonetics.

Why do Service Providers (SPs) offer Security Software-as-a-Service (SecSaaS)? There are several drivers, including those described in this blog.

• A SP specializing in security can provide customers with effective security that is in line with the rapidly evolving threat landscape, since it can aggregate threat information from multiple customers hosted in the cloud to correlate, analyze, and develop suitable and effective controls to fight against the newest threats affecting organizations. The SP will proactively monitor and manage customer’s applications and data and can report on any unusual behavior. Also, because it is hosting security services in the cloud (as opposed to on-premise), the SP will also have the flexibility to easily scale these services up or down based on changing customer requirements.
• The SP has complete control over the cloud environment, enabling cost savings and less complexity. The SP doesn’t have to tailor its own application to accommodate a specific customer’s requirements. It has complete control over being able to optimize the managed cloud for enabling SecSaaS for all of its customers.
• The SP can have a foreseeable revenue stream. If Sec SaaS is sold on a subscription basis, customers would pay on a recurring schedule. That way, the SP can reasonably forecast revenues. Also, the SP can monitor subscriber usage of its public cloud more easily than would be possible if the customers ran the same application on premise (at their own location), for foreseeable revenue growth.
• The SP software development team will focus on enhancing core application functionality, fixing issues, and launching features via smaller iterative upgrades in the cloud as opposed to deploying larger massive software patches to each customer site.
• Once the SP has a revenue-generating business model in place, it can focus more on maintaining its customer base than on attracting new customers.

Service Providers clearly benefit from the Security SaaS model, but just as importantly, they also have a good pulse on where and how to place security controls for maximum benefit to their customers. The next blog in this series will focus on this topic.

Today at VMworld 2012, Juniper announced vGW Virtual Gateway solution enhancements that deliver unprecedented scale for large enterprises and service providers looking to implement a secure virtualized infrastructure, while simultaneously maintaining security, control and compliance.

A couple of months ago, I wrote a short blog on the buzz and potential around software-defined networking (SDN). Based on news last week, VMware is obviously betting big on that potential. Its recent announcement to purchase networking company Nicira for $1 billion says so loud and clear.

It’s that time of year for hordes of security minded professionals to descend on Las Vegas to meet and discuss at the annual Black Hat conferences. While the top billing of the week certainly goes to the Black Hat conference there are many other events going on at the same time. On Tuesday I will be speaking at Codenomicon’s private customer event. I will be talking about the need for testing partner software that is used in your software stack. There will be several other speakers providing their spin on the state of security.

As a follow up to my other NoSQL injection blog I wanted to take a quick survey of an AWS public IPv4 subnet and how many hosts were listening. I choose a block of IP addresses and then did a scan across all of them to see if they were listening for MongoDB or Redis. I did each scan on separate days and I only scanned for one service at a time. 

On the whole, with only about 1,000 machines infected today out of millions worldwide, the probability to exposure remains low, but just to be sure this old Flame doesn’t come knocking, there are precautions you can take as part of your security update regimes.