With the rise in Mobile and Windows based malware, the need for two-factor authentication and tighter security controls are beginning to be a must have for large businesses. With time, it will in fact become the only choice to safeguard critical assets of a company. Over the years we have seen companies grow to almost double its potential and with that growth we have seen them equally struggle to keep up to speed with the evolving threat landscape. The main area of concern is the fact that a number of organizations simply fail at classifying data according to their importance. While the main functionality of the IT team is to secure company assets from falling in the wrong hands, it is the business heads that need to take responsibility to secure all that is of importance.
The World Wide Web is home to a number of malicious programs. But mostly programs that work without being dependent on one another. The month of June saw the discovery of two malicious programs that help each other stay on the infected machine. The programs work together by alternatively downloading the other but with slightly different variations to help evade antivirus software.
The Citadel botnet was one of the biggest cybercrime rings that was supposedly responsible for siphoning off more than $500 million from banking accounts. The malware is known to have infected over 5 million computers in a span of 18 months. The network consisted of at least 1,400 botnets which were used to siphon off data, attack other computers and commit online crimes. With that being said, the coordinated takedown hasn't quite nullified the infrastructure but it has significantly disrupted the malware from spreading any further.
The attacks on eCommerce and Financial services aren't going to stop anytime soon. Attackers are targeting network infrastructures to cause collateral damage to other shared resources, so organizations must think about their different areas of vulnerability beyond website URLs.
We are also beginning to see social networking, such as Facebook, being used to market banking Trojans. Recently discovered by researchers at RSA, the malware up on sale was a customized botnet control panel programmed to work with the banking Trojan ZeuS. ZeuS first came in as a highly specialized malware, designed to steal online banking and customer credentials. This particular malware was modified, re-packaged and was being sold on Facebook for immediate use.
Malware is a growing epidemic that cannot be washed out but can only be curbed. Controlled by a chain of cybercriminals, its growth is indefinite in the digital world. In all practicality, the ability to prevent this community or industry (which it is slowly turning into) from growing is clearly impossible. Why? The reason is clearly due to the fact that hackers and malicious coders are becoming highly successful in covering their digital tracks, making it very difficult for cyber sleuths to track and analyze their online movement. Malicious coders have also grown in complexity such that their digitized presence can go undetected in the presence of the user, irrespective of whether a security suite is installed.
It's been over a year since we last predicted about the trend in 2012. Moreover, the year that was, not only focused on the behavioral growth of malware but it has also brought about a change in the way web users are targeted. We are beginning to see an increase in strategized attacks where everything from implementation to execution are carried forth with upmost detailing. Take the recently detected Red October incident, it is considered as one of the largest and most potent attack in the history of cyber crime. A crime so huge, it paints the globe red with its victims. And like we had predicted, malware has advanced beyond what it was a few years back.
In operation since 2007, the Red October hack is said to have stolen terabytes of data. Targets include, diplomatic and government agencies of various countries across the world with the primary focus on Eastern European countries. Aspects include, Research Institutions, Energy and Nuclear groups, Trade and Aerospace firms. The objective however matches that of Duqu, built solely on gathering information on sensitive documents from compromised machines.
Social networks are not only considered as an excellent platform by the general public but it also comes as a perfect fit for cybercriminals. First and foremost, it can be easily used to spread spam and scams using the all famous news feed. Social networks are also considered as a launch pad to conduct attacks on unsuspecting victims – this can be achieved by impersonating as a ‘Friend’. Also, more than 70% of URLs shared are shortened links, where at least 55% of the links posted lead to malware. And these are the links that users click without giving it a second thought.
The rise in Smartphones is inevitable and with technology progressing at such pace, it wonâ€™t come in as a surprise to see them replacing their desktop counterparts in the coming years. Smartphones have also made way for larger known devices such as the Tablet PC. When combined, these two devices are like a powerhouse filled with options of running and executing your dail tasks â€“ something that laptops are also designed to do but with the added weight and bulk. Now who would want to carry a device thatâ€™s three times heavier and at least seven times bulkier than a Smartphone.
The underground economy associated with malware has grown rapidly in the last few years. Recent studies demonstrate that malware authors no longer need concern themselves with the distribution of malware to end user systems; they can leave that task to specialized pay-per-install services. In such an environment, the primary concern of the malware creator is to evade detection on infected machines as and when it carries out its malicious task, as end-user machines are protected by real-time detection systems that rely heavily on static analysis. Static analysis is favored because it is faster and consumes fewer resources relative to dynamic methods.
The threat landscape is dynamically changing and hackers are continuously probing deployed defences; trying to find new ways of penetrating organizations. This they achieve by deploying a wide range of vectors that require complex forms of social engineering. They achieve this by cleverly persuading employees to open up security loop holes within the corporate network. Well established hack tools such as rootkits, zero-day vulnerabilities and cross-site scripting are continually being worked upon and refined to evade detection. In contrast, Spam mails have definitely seen a decline over time with only 65% mails adding up to spam but they have grown increasingly authentic and effective at making recipients click malicious links.
The last three months have been a roller coaster ride in terms of technology. In April, we saw the launch of Googleâ€™s â€˜Cloud Driveâ€™, which if I must say isnâ€™t something overly new as Cloud based services have existed for a while now. And as mentioned, â€˜Sugarsyncâ€™ , â€˜Dropboxâ€™, â€˜iCloudâ€™, â€˜Boxâ€™, â€˜Carboniteâ€™, and â€˜Mozyâ€™ have always implemented Googleâ€™s so called concept â€˜Keep Everything, Share Everythingâ€™. The cloud is a great concept to host and share files with people you know but it also has its own set of drawback. For instance, hosting sensitive information in the cloud should come as a BIG NO for any organization (Big or Small).
The World Wide Web will undoubtedly play a major role in the distribution of malware as cybercriminals focus mostly on weak unsecured spots. Furthermore, various techniques are used to make these unsecured spots less effective. We have seen this transition taking place with spam emails, which are still present but less popular amongst cybercriminals. The web will remain to be the one source of malware distribution where usage of socially engineered attacks will specifically be built to target browsers and linked applications. Reason for this to grow and succeed is solely due to the fact that this platform has in fact become popular amongst cybercriminals.
Cyber crime has always been a growing concern for online users and itâ€™s only going to get bigger. April has been one of the most trending months â€“ both in terms of technology and malware infection.
On the positive aspect we are beginning to see a transition in the way data is accessed and stored. With Google entering the cloud with its all new and revamped â€˜Cloud Driveâ€™ we will be witnessing a change in the way documents and files are accessed and stored. That doesnâ€™t change the fact that Google was always a cloud based concept and it definitely isnâ€™t the first to have implemented the concept of â€˜Keep Everything, Share Everythingâ€™ with Google Drive. We have SugarSync, Dropbox, iCloud, Box, Carbonite and Mozy â€“ to name a few, which are also cloud based and come with 5GB of storage space (selected few).
The release of the 'Anonymous OS' saw a lot of hits last month with downloads touching a few thousands within minutes of its launch. Wrapped in malware, the OS did more harm than good to anyone who installed it. This itself shows the depths to which cybercriminals will go to compromise users. The creation of the OS itself suggests a shift from DDoS attacks and social networks to more involved software based effort. The deal here is to ask yourself as to why would anyone want to put their trust on an unknown OS which also happens to be created by a bunch of unknown people. The OS doesn't come as a threat to the average person or to even office workers. The only people who might be impacted by it are those who are foolish enough to knowingly install unknown software onto their PC.
Cybercrime has become a silent global digital epidemic. The majority of Internet users worldwide have fallen victim and they feel incredibly powerless against faceless cyber criminals. The most intriguing aspect of todayâ€™s viruses is, most malware are not being newly created but are in-fact being re-written or re-coded to a great extent. In a bid for survival, Peer-to-Peer networks have become the key source of malware infection. In fact P2P have grown into the most common source of malware infection making it second to browser based attacks. Moreover, the threats coming from this area are diverse and consist mostly of Trojans, Worms, Rogue AVs and Backdoors.
Online malicious activity was a major headache in 2011 and 2012 is not going to be any different. Scammers are targeting social networking sites such as Twitter and Facebook. And it doesnâ€™t only end there â€“ with the sale of Smartphoneâ€™s hitting a new high (Think: Android OS) the Android Marketplace is exploding with suspicious applications that do more than what they are meant to do. Cyber criminals are figuring out new ways to infect your system â€“ be it your Smartphone or PC.
The threat landscape is slowly growing by the numbers â€“ be it with enterprise security, desktop security or even the mobile space. And as the year comes to a close, 2011 will easily be remembered as the year of the malware. While there has been innumerable number of incidents that made 2011 there isn't enough room to cover all. What we have covered are incidents or events that shook the corporate world.
Protection of Information and Information Systems from unauthorized access/modification, disruption of services or destruction/theft of intellectual property is basically what broadly defines the term Information Security. Moreover, the term greatly surrounds the goal of protecting the confidentiality, integrity and availability of information â€“ be it electronic, print or any other form it translates into. As a breach could amount to anything from loss of personal data to loss of business and its reputation â€“ be it with end users, institutions (educational or financial), governments, defense, hospitals or private businesses. Therefore, securing information is not only a business requirement but also a personal necessity.
Close to 40% suffered from a security breach due to bad surfing habits. This basically resulted in navigating to websites that were home to malware, malicious downloads that might have been corrupted by malicious code. The aspect that needs to be understood is that the Internet is more like a hive for malware and cybercriminals are always on the hunt to fish out unsuspecting users. What remains a worrying concern is the fact that a handful of organizations are not implementing the needed precautions that would prevent employees from clicking a malicious link or even browse unwanted sites." - Please omit the quotes.
Systems particularly vulnerable to attacks mostly consisted of Java, Adobe Reader/Acrobat and Adobe Flash. According to the research conducted by CSIS the following products were abused by malware to infect machines running Windows: Java accounted to around 37% of detected flaws, 32% in Adobe Reader/Acrobat and 16% flaws found in Flash. Systems that are infected are typically loaded with a number of malware instances that more often than not include fake Anti-Viruses and spyware programs which are typically used for stealing personal information. Statistically speaking, approximately 99% of all malware infections that are caused by exploit kits are a result of not updating or patching necessary software applications.
The World Wide Web remains the biggest playground for malware infection where eMails are a host to malicious attachments and links while websites come in as a host to a wide variety of exploits and drive-by downloads â€“ mainly targeting browsers and applications alike.
Malware in general have always posed a significant threat to online users â€“ be it individuals or organizations. The overall threat landscape is seeing a rapid rise that is more than capable of compromising, damaging or acquiring sensitive data which can either be personal or can lead to loss of intellectual property.
The complexity and the growth of malware have more than just tripled in the last six months. What we have witnessed and will be witnessing is a change in the threat landscape. Clever new ways have cropped up to compromise new devices of which, fake antivirus are on the rise and password stealing malware are showing a sudden surge in the level of activity. Their ability to adapt to avoid detection is one aspect that needs to be taken into consideration. Moreover, the growing complexity in malware show that cybercriminals are posing challenges to security vendors.