Feeds

After the cyberpunks, prepare to fight a new wave of nasties

Sometimes the FUD is real

Website security in corporate America

Presagers of doom in the IT industry have sometimes got it horribly wrong. One need only look back 14 years to the millennium bug, which was supposed to bring down the world’s critical systems. The year 2000 came and went with no digital cataclysm in sight.

Even the smartest people make grand claims about imminent threats. Robert Metcalfe, who co-invented Ethernet, claimed in 1995 that the internet was on the brink of a “catastrophic collapse”.

He literally ate his own words in 1997, chowing down on a printed copy of the column in which he had made the preposterous prediction.

In the security industry, much is made of fear, uncertainty and doubt, or FUD. Many claim security companies throw FUD around to sell products, making threats seem bigger than they are.

Nevertheless, many of the buzzwords that have been buzzing around in recent years have related to genuine emerging threats that security teams would be wise to address.

“All threat vectors continue to develop, many of them at a startling rate,” says Tony Lock, an analyst at Freeform Dynamics.

“Drive-by infections from legitimate websites, especially those using third-party content such as adverts, are increasingly being used to deliver malware. But all vectors, including phishing emails and infected USB and SD drives, remain and continue to evolve.

“The means of targeting high-value individuals or people who could open a way into an organisation are now being commercialised. These threats may escalate in number.”

Real and present danger

The advanced persistent threat, which many simply call a prolonged targeted attack, is a fine example of hype becoming reality.

Criminal hackers used to cast their malware nets far and wide to try to ensnare as many random computers as possible, and many still do. Many crooks have shifted to focusing on specific companies and specific individuals within them.

Thanks to increasing trust in social networks, from Facebook to Linkedin, it is easy to glean valuable information about employees from the public internet. That can then be used to craft phishing emails that trick workers into handing over useful data, such as an application login, or to have them open files that launch executables and infect the machine.

It is then simply a case of escalating privileges and spreading across the network to set up a surreptitious surveillance operation.

“Targeted attacks have definitely arrived,” says Javvad Malik, an analyst at 451 Research.

“There was some shoulder-shrugging and chin-rubbing when targeted attacks were first introduced to the mainstream and initially many assumed it would affect only the largest of enterprises with the biggest payloads.

“But this has come downstream and even consumers are affected. One could almost say that everything is targeted these days. We’ve seen increased sophistication in phishing as well as reports of an exponential rise in ransomware.”

Attackers are developing and using zero-day vulnerabilities to target high-level organisations, from governments to energy companies. This has been evidenced numerous times in 2014.

A recent Microsoft Word zero-day was used in attacks on Taiwanese government bodies in May, while the Elderwood gang has been identified as a zero-day provider for multiple groups, including the Hidden Lynx team connected to targeted attacks on Google and Bit9.

Targeted attacks are a global problem too. The Verizon Data Breach Investigations report from April uncovered 511 incidents of cyber espionage in 2013. Almost half of those were thought to have emanated from east Asia, while a fifth came from eastern Europe.

Et tu, router

Hackers are also turning their attentions to hit various levels of the network. Over the last year, there has been an explosion in router and modem attacks, causing something of a panic in security circles.

“A couple of years ago we published an article about insecurities in small network devices, such as DSL modems and Wi-Fi routers, and the emerging threats that had already started to exploit these vulnerabilities,” says Marta Janus, security researcher at Kaspersky Lab.

“We were aware of a limited number of real-life cases and just a handful of malware samples related to this kind of attack. Having noticed that this approach may prove fruitful for cyber criminals, we predicted it would become a serious issue.”

In March, things reached a head when security-focused non-profit Team Cymru released a report detailing a network of 300,000 hacked routers.

Weak authentication and various vulnerabilities in the firmware used by the routers were exploited by a hacker crew to redirect users to certain websites. Devices from some of the best known manufacturers, including TP-Link, D-Link, Micronet and Tenda, were hacked.

Various kinds of malware specifically target routers, including families such as Darlioz and Moon, while some Windows viruses use routers to re-infect machines, as with a malware variant known as Sality.

“When we look at the widely publicised cyber threat stories from the past year or so, we see attacks on home network devices are now widely used to steal online banking credentials,” says Janus.

Hang on to your Bitcoins

Janus is also unsurprised by the growing range and quality of attacks on crypto-currencies and the organisations dealing in them.

Consumers and businesses using the likes of Bitcoin now have to fear a deluge of malware trying to pilfer wallets. The attacks are cross-platform too, putting any system in danger.

“Another trend that is currently maturing is attacks against the crypto-currencies. In addition to the growing number of Bitcoin-mining Trojans, this year we also discovered Windows and Mac OS X malware designed to steal Bitcoins, in addition to Android SMS-Trojans capable of stealing money from wallets.”

The Bitcoin exchanges are taking a battering too. Mt. Gox suffered the worst, effectively shutting down following a breach that robbed the Bitcoin exchange of $460m.

“I think we can expect more attacks on Bitcoin stock exchanges as this can be very profitable for cyber criminals,” says Janus.

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.