Cybersecurity

Cyber crooks target digital signatures

Android Malware

McAfee reports that a new family of mobile phone malware allows electronic attackers to bypass the digital signature apps on Android devices.

As the federal government works to foster an identification ecosystem that can tie identities to a central, known, reliable source to bolster defenses against tampering, cyber criminals are developing new ways to get around the digital signature apps that protect smart phones and personal computers

A new study by cyber security provider McAfee details a new family of mobile phone malware that allows electronic attackers to bypass the digital signature apps on Android devices. The new malware, said the lab's third quarter 2013 report, contributed to a 30 percent increase in Android-based malware during the period.

"The efforts to bypass code validation on mobile devices and commandeer it altogether on PCs, both represents attempts to circumvent trust mechanisms upon which our digital ecosystems rely," said Vincent Weafer, senior vice president of McAfee Labs in a statement. "The industry must work harder to ensure the integrity of these technologies given they are becoming more pervasive in every aspect of our daily lives."

At the federal level, the National Strategy for Trusted Identities in Cyberspace at the National Institute of Standards and Technology coordinates with the private sector, advocacy groups, public sector agencies, and others to improve privacy, security, and convenience of sensitive online transactions with an aim of creating an overarching "identity ecosystem." NIST and NSTIC identity management experts hold that government credentials that translate across agencies are key to such an ecosystem.

The U.S. Postal Service has rolled out the Federal Cloud Credential Exchange aimed at creating a single federated ID to make tracking, verifying and authenticating identities across federal agencies that have public-facing web applications easier.

Such efforts, even if successful, will face a continuous barrage of fresh challenges.

Along with the new wrinkle in smart phone malware, the McAfee report said it found a steady growth in mobile and overall malware during the third quarter of 2013, as well as a sharp upturn in spam worldwide.

The rise in spam, the report said, could be driven by rising centers for the malware. In looking closely at spam senders in various countries, statistics showed marked differences from quarter to quarter. China and Italy had an increase of greater than 50 percent during the third quarter, while Kazakhstan (down 61 percent), Belarus (down 55 percent), and Ukraine (down 51 percent) saw large declines.

After a slight decline in May and June, said the study, the volume of worldwide spam more than doubled in the third quarter. Spam volume hasn't been this high since August 2010, according to McAfee. The study shows almost 4 trillion spam messages were sent in September 2013, compared with about one trillion legitimate email messages.

About the Author

Mark Rockwell is a staff writer at FCW.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group