Cybersecurity

Cyber crooks target digital signatures

Android Malware

McAfee reports that a new family of mobile phone malware allows electronic attackers to bypass the digital signature apps on Android devices.

As the federal government works to foster an identification ecosystem that can tie identities to a central, known, reliable source to bolster defenses against tampering, cyber criminals are developing new ways to get around the digital signature apps that protect smart phones and personal computers

A new study by cyber security provider McAfee details a new family of mobile phone malware that allows electronic attackers to bypass the digital signature apps on Android devices. The new malware, said the lab's third quarter 2013 report, contributed to a 30 percent increase in Android-based malware during the period.

"The efforts to bypass code validation on mobile devices and commandeer it altogether on PCs, both represents attempts to circumvent trust mechanisms upon which our digital ecosystems rely," said Vincent Weafer, senior vice president of McAfee Labs in a statement. "The industry must work harder to ensure the integrity of these technologies given they are becoming more pervasive in every aspect of our daily lives."

At the federal level, the National Strategy for Trusted Identities in Cyberspace at the National Institute of Standards and Technology coordinates with the private sector, advocacy groups, public sector agencies, and others to improve privacy, security, and convenience of sensitive online transactions with an aim of creating an overarching "identity ecosystem." NIST and NSTIC identity management experts hold that government credentials that translate across agencies are key to such an ecosystem.

The U.S. Postal Service has rolled out the Federal Cloud Credential Exchange aimed at creating a single federated ID to make tracking, verifying and authenticating identities across federal agencies that have public-facing web applications easier.

Such efforts, even if successful, will face a continuous barrage of fresh challenges.

Along with the new wrinkle in smart phone malware, the McAfee report said it found a steady growth in mobile and overall malware during the third quarter of 2013, as well as a sharp upturn in spam worldwide.

The rise in spam, the report said, could be driven by rising centers for the malware. In looking closely at spam senders in various countries, statistics showed marked differences from quarter to quarter. China and Italy had an increase of greater than 50 percent during the third quarter, while Kazakhstan (down 61 percent), Belarus (down 55 percent), and Ukraine (down 51 percent) saw large declines.

After a slight decline in May and June, said the study, the volume of worldwide spam more than doubled in the third quarter. Spam volume hasn't been this high since August 2010, according to McAfee. The study shows almost 4 trillion spam messages were sent in September 2013, compared with about one trillion legitimate email messages.

About the Author

Mark Rockwell is a staff writer at FCW.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


The Fed 100

Read the profiles of all this year's winners.

Featured

  • Ellen Lord - Textron DOD ATL USD

    Lord tapped to lead DOD acquisition

    The Trump administration has nominated Ellen Lord, president and CEO of defense contractor Textron Systems, to serve as undersecretary for Acquisition, Technology and Logistics.

  • Soraya Correa, DHS Chief Procurement Officer

    Confronting the culture of fear in government

    Steve Kelman gives kudos to DHS' Soraya Correa for facing the FLASH cancellation head-on.

  • DHS: Russia tried to hack voting systems in 21 states

    DHS officials confirmed for the first time that Russian hackers tried to penetrate voting systems in 21 different states in the run-up to the 2016 election, but said the hacking did not affect election results.

  • VA Secretary Dr. David Shulkin speaking at a June 20, 2017 Monitor Breakfast. Photo credit: Michael Bonfigli/The Christian Science Monitor

    VA expects to add an integrator to health record mix

    After coming to terms with Cerner on a price for its electronic health record system, VA expects to pivot to finding an integrator to handle legacy interoperability and change management.

  • Soraya Correa, DHS Chief Procurement Officer

    DHS execs own FLASH fail

    The department's failure to launch an agile services contract can serve as a teachable moment, according to DHS procurement officials.

  • Is it time to rethink the TIC?

    Current restrictions on internet gateways complicate agencies' move to the cloud, so the Office of Management and Budget is exploring new security architectures.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group