Feeds

After the cyberpunks, prepare to fight a new wave of nasties

Sometimes the FUD is real

The Power of One eBook: Top reasons to choose HP BladeSystem

Presagers of doom in the IT industry have sometimes got it horribly wrong. One need only look back 14 years to the millennium bug, which was supposed to bring down the world’s critical systems. The year 2000 came and went with no digital cataclysm in sight.

Even the smartest people make grand claims about imminent threats. Robert Metcalfe, who co-invented Ethernet, claimed in 1995 that the internet was on the brink of a “catastrophic collapse”.

He literally ate his own words in 1997, chowing down on a printed copy of the column in which he had made the preposterous prediction.

In the security industry, much is made of fear, uncertainty and doubt, or FUD. Many claim security companies throw FUD around to sell products, making threats seem bigger than they are.

Nevertheless, many of the buzzwords that have been buzzing around in recent years have related to genuine emerging threats that security teams would be wise to address.

“All threat vectors continue to develop, many of them at a startling rate,” says Tony Lock, an analyst at Freeform Dynamics.

“Drive-by infections from legitimate websites, especially those using third-party content such as adverts, are increasingly being used to deliver malware. But all vectors, including phishing emails and infected USB and SD drives, remain and continue to evolve.

“The means of targeting high-value individuals or people who could open a way into an organisation are now being commercialised. These threats may escalate in number.”

Real and present danger

The advanced persistent threat, which many simply call a prolonged targeted attack, is a fine example of hype becoming reality.

Criminal hackers used to cast their malware nets far and wide to try to ensnare as many random computers as possible, and many still do. Many crooks have shifted to focusing on specific companies and specific individuals within them.

Thanks to increasing trust in social networks, from Facebook to Linkedin, it is easy to glean valuable information about employees from the public internet. That can then be used to craft phishing emails that trick workers into handing over useful data, such as an application login, or to have them open files that launch executables and infect the machine.

It is then simply a case of escalating privileges and spreading across the network to set up a surreptitious surveillance operation.

“Targeted attacks have definitely arrived,” says Javvad Malik, an analyst at 451 Research.

“There was some shoulder-shrugging and chin-rubbing when targeted attacks were first introduced to the mainstream and initially many assumed it would affect only the largest of enterprises with the biggest payloads.

“But this has come downstream and even consumers are affected. One could almost say that everything is targeted these days. We’ve seen increased sophistication in phishing as well as reports of an exponential rise in ransomware.”

Attackers are developing and using zero-day vulnerabilities to target high-level organisations, from governments to energy companies. This has been evidenced numerous times in 2014.

A recent Microsoft Word zero-day was used in attacks on Taiwanese government bodies in May, while the Elderwood gang has been identified as a zero-day provider for multiple groups, including the Hidden Lynx team connected to targeted attacks on Google and Bit9.

Targeted attacks are a global problem too. The Verizon Data Breach Investigations report from April uncovered 511 incidents of cyber espionage in 2013. Almost half of those were thought to have emanated from east Asia, while a fifth came from eastern Europe.

Et tu, router

Hackers are also turning their attentions to hit various levels of the network. Over the last year, there has been an explosion in router and modem attacks, causing something of a panic in security circles.

“A couple of years ago we published an article about insecurities in small network devices, such as DSL modems and Wi-Fi routers, and the emerging threats that had already started to exploit these vulnerabilities,” says Marta Janus, security researcher at Kaspersky Lab.

“We were aware of a limited number of real-life cases and just a handful of malware samples related to this kind of attack. Having noticed that this approach may prove fruitful for cyber criminals, we predicted it would become a serious issue.”

In March, things reached a head when security-focused non-profit Team Cymru released a report detailing a network of 300,000 hacked routers.

Weak authentication and various vulnerabilities in the firmware used by the routers were exploited by a hacker crew to redirect users to certain websites. Devices from some of the best known manufacturers, including TP-Link, D-Link, Micronet and Tenda, were hacked.

Various kinds of malware specifically target routers, including families such as Darlioz and Moon, while some Windows viruses use routers to re-infect machines, as with a malware variant known as Sality.

“When we look at the widely publicised cyber threat stories from the past year or so, we see attacks on home network devices are now widely used to steal online banking credentials,” says Janus.

Hang on to your Bitcoins

Janus is also unsurprised by the growing range and quality of attacks on crypto-currencies and the organisations dealing in them.

Consumers and businesses using the likes of Bitcoin now have to fear a deluge of malware trying to pilfer wallets. The attacks are cross-platform too, putting any system in danger.

“Another trend that is currently maturing is attacks against the crypto-currencies. In addition to the growing number of Bitcoin-mining Trojans, this year we also discovered Windows and Mac OS X malware designed to steal Bitcoins, in addition to Android SMS-Trojans capable of stealing money from wallets.”

The Bitcoin exchanges are taking a battering too. Mt. Gox suffered the worst, effectively shutting down following a breach that robbed the Bitcoin exchange of $460m.

“I think we can expect more attacks on Bitcoin stock exchanges as this can be very profitable for cyber criminals,” says Janus.

Designing a Defense for Mobile Applications

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.