IT security – a priority for African businesses

As Kenya prepares to host the IDC IT Security Roadshow, Kaspersky Lab is proud to be a part of such a thought leading event, as the company aims to stress the importance of proactive security measures that businesses operating in East Africa need to understand and implement today, for future success.

“91% of companies have experienced at least one IT security event from an external source in the last 12 months. This high statistic certainly proves just how crucial corporate IT security is now more than ever. The reality is that cybercriminal activity targeted at the corporate has, and will continue, to grow on a global scale, especially as newer, more innovative technologies evolve and become critical business competitive tools. And with the prediction that East Africa will be a significant contributor to Africa’s forecasted growth of 3.7%² in 2011 – the African continent will continue to boom economically where the business landscape will grow – making businesses operating in African countries an ideal target for cybercriminals,” says Sergey Novikov, Kaspersky Lab Head of EEMEA Research Centre.

In their recently released report, Worldwide Security Products and Services 2011 Top 10 predictions, the IDC drew some interesting conclusions that closely correspond to Kaspersky Lab’s strategy and vision in this regard. Of these, the IDC predicts that consumers and enterprises will continue to grow their spending on Endpoint Security at surprising rates – the reason being obvious – corporate IT security is a necessity! Customers and enterprises are looking  for  an  integrated  approach  that  offers  a  broad  range  of  protection from malicious cyber attacks, accidental  disclosure  of  sensitive  information  (consumer  and  corporate),  usage  by  unauthorised  users  (identity  fraud), and  applications (botnets).

“For many years now, Kaspersky Lab has taken an integrated approach to protection in our product offering and believe that IT Security should be top of mind for all businesses operating within the African continent. Apart from the traditional organisation of DDoS attacks, cybercriminals today have a main focus of targeting corporate servers for stealing corporate data and African businesses are not excluded,” says Novikov.

The IDC further predicts that small and medium enterprises (SMEs) globally will see more targeted attacks against data and resources. Small businesses will see increasing attacks on customer data.  Attempts to take full control of servers, PCs, and storage arrays for botnets, DDoS attacks, spam, phishing, hacktivism, and other uses are also expected to increase.

“With SMEs accounting for an estimated 60%³ of all employment in East Africa, and contributing up to 30% of gross national product, the SME sector in East Africa cannot afford to experience such attacks on their organisations, as the results could be detrimental likely having a ripple effect on the economy,” adds Novikov.

The conference will be taking place at the Hilton Hotel in Nairobi, where Novikov aims to provide insight into the above at the IDC IT Security Roadshow, to ensure that businesses operating within the African landscape are made aware of such threats that exist and take the necessary action required to avoid the impact of these attacks.

“The reality today is that proactive security is a requirement for all businesses, to ensure effective protection against such threats and attacks. Corporate servers are being attacked continuously and should such activity continue to take place, a business could stand to loss everything. Implementing the necessary corporate IT security measures now is the next major step for East African based businesses in effectively protecting enterprises – ensuring success and as such, continued positive growth of the African continent,” concludes Novikov.

“Mega-D” botnet taken down

Federal investigators have identified a 23-year-old Russian man as the mastermind behind the notorious “Mega-D” botnet, a network of spam-spewing PCs that once accounted for roughly a third of all spam sent worldwide.
According to public court documents related to an ongoing investigation, a grand jury probe has indicted Moscow resident Oleg Nikolaenko as the author and operator of the Mega-D botnet.
Federal agents settled on Nikolaenko thanks to information provided by Lance Atkinson, an Australian man named as a co-conspirator in the “Affking” e-mail marketing and counterfeiting operation that was shuttered in 2008 after investigations by the FBI, the Federal Trade Commission and international law enforcement authorities. The Affking program generated revenues of $500,000 a month using spam to promote counterfeit Rolexes, herbal “male enhancement” pills and generic prescription drugs.
As part of his guilty plea to spam violations, Atkinson provided investigators information on the top spammers who helped to promote the Affking products. Among them was an affiliate who used the online nickname “Docent,” who earned nearly $467,000 in commissions over a six month period in 2007.
Atkinson told investigators that Docent’s commissions were sent to an ePassporte account, under the name “Genbucks_dcent,” that was tied to the e-mail address “4docent@gmail.com.” Records subpoenaed by the grand jury found that the ePassporte account was registered in Nikolaenko’s name to an address in Moscow.
According to court documents, investigators found numerous executable files in Docent’s Gmail inbox. Those files were analyzed by researchers at SecureWorks, an Atlanta based security firm, which found them to be samples of the Mega-D malware.
Update: [Nikolaenko was reportedly arrested in the United States recently. See update at the end, after the jump.]

But U.S. investigators missed at least two chances to apprehend Nikolaenko: The grand jury said a review of U.S. State Department records indicate that Nikolaenko entered the United States in Los Angeles on July 17, 2009, and left the country ten days later. He returned to the U.S. on Oct. 29, 2009, entering from New York and visiting Las Vegas before exiting the country on Nov. 9 from Los Angeles.
Investigators say Nikolaenko was supposed to leave Los Angeles on Nov. 11, but cut his trip short by two days. They concluded that the 23-year-old left early because he wanted to get home to repair damage that security experts had inflicted on his botnet. On Nov. 4, 2009, researchers from Milpitas, Calif. based FireEye executed a “stun” attack on Mega-D by seizing control over the botnet’s control networks.
“Based on the timing of the Fireeye attack on the Mega-D botnet, I believe that Nikolaenko left the U.S. early to repair damage caused by Fireeye,” wrote Special Agent Brett E. Banner, in the government’s complaint against Nikolaenko.
After the FireEye takedown, spam from Mega-D all but disappeared. But in the days following his return to Moscow, the botnet recovered gradually, and by Nov. 22, spam from Mega-D was back to pre-takedown activity levels. By Dec. 13, Mega-D was responsible for sending nearly 17 percent of spam worldwide, according to security vendor M86 Security.
Joe Stewart, a senior security researcher at SecureWorks, said that at the beginning of Nov. 2009, there were at least 120,000 computers infected with Mega-D that were relaying spam, but Stewart said he hasn’t seen any signs of activity from Mega-D over the past several months.
While Mega-D may be dead, information obtained by KrebsOnSecurity.com suggests that Nikolaenko has nonetheless continued spamming, and that, until at least June 2010, he was a top-earning affiliate for Spamit.com. Prior to its closure at the end of Sept. 2010 — Spamit was the world’s most active affiliate program for promoting knockoff prescription drugs.
A Spamit affiliate using the same “4docent@gmail.com” address made nearly $81,000 in the first five months of 2010 promoting online pharmacies for Spamit. The earnings were deposited into the same “Genbucks_dcent” ePassporte account named in the criminal complaint against Nikolaenko. It’s not clear whether Nikolaenko was able to enjoy all of those earnings: ePassporte also went belly-up in September, leaving thousands of customers without access to millions of dollars in funds.
Update, Dec. 2, 5:40 p.m. ET: The Milwaukee-Wisconsin Journal Sentinel reports that Nikolaenko was arrested after entering the United States to attend a car show in Las Vegas. He is is scheduled to make his initial court appearance in Milwaukee on Friday.
http://krebsonsecurity.com/2010/12/fbi-identifies-russian-mega-d-spam-kingpin/?utm_source=twitterfeed&utm_medium=twitter&utm_campaign=KrebsOnSecurity