"Today, the Zeus botnets target nearly a thousand banks, and experts say it has turned into a major plague in the banking industry. The Trojan is used to add fields to bank account forms, silently draining bank accounts while displaying a phony account balance to victims."
– Robert Westerveld
News Editor/SearchSecurity.com
Zeus botnet temporarily disrupted, but back in full force, 03/11/2010
"The attacks are not looking for missing patches on PCs, they are tricking users into clicking on things that get installed, so intrusion protection and other technologies don’t stop these attacks. We quite often find that enterprises are not seeing any alarm bells go off but they’ve already been compromised."
– John Pescatore
Vice President and Research Fellow
Gartner Research
"Stealthy, sophisticated malware masterfully exploits the blind spots of legacy security – leaving enterprises exposed to loss and unwitting participation in deplorable forms of criminal and state-sponsored campaigns."
– Josh Corman
Research Director for Security
The 451 Group
"According to the U.S. Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3), victims reported total losses of US $559.7 million in 2009, more than double the tally for 2008."
– FBI/IC3 2009 Annual Report on Internet Crime
"Traditional security products are simply not much help against APT attacks," said Alex Stamos, a partner with Isec Partners, one of the companies investigating the APT attacks. "All of the victims we’ve worked with had perfectly installed antivirus," he said. "They all had intrusion detection systems and several had Web proxies scan content."
– Alejandro Martínez-Cabrera
Staff Writer/San Francisco Chronicle
Cyber-criminals don’t need technical skills, 03/14/2010
"The botnet delivery mechanism is what concerns me the most. I think it will be the dominant threat delivery mechanism for the next couple of years."
– John Pescatore
Gartner/BankInfo Security
Gartner’s John Pescatore on 2010 Threats, Trends, 11/10/2009
"You need a modicum of understanding to run an IRC botnet," Santorelli said. "If you can open an e-mail account, you’re technical enough to operate a Web-based botnet. Your grandmother can build a botnet."
– Alejandro Martínez-Cabrera
Staff Writer/San Francisco Chronicle
Cyber-criminals don’t need technical skills, 03/14/2010
"Many security experts now agree that patches, up-to-date antivirus signatures, and intrusion detection systems are not enough to protect companies from the worst of today’s cyberthreats."
– Robert McMillan
InfoWorld
The ugly truth: Security vendors can’t solve many threats, 03/12/2010