Feeds

After the cyberpunks, prepare to fight a new wave of nasties

Sometimes the FUD is real

Internet Security Threat Report 2014

Presagers of doom in the IT industry have sometimes got it horribly wrong. One need only look back 14 years to the millennium bug, which was supposed to bring down the world’s critical systems. The year 2000 came and went with no digital cataclysm in sight.

Even the smartest people make grand claims about imminent threats. Robert Metcalfe, who co-invented Ethernet, claimed in 1995 that the internet was on the brink of a “catastrophic collapse”.

He literally ate his own words in 1997, chowing down on a printed copy of the column in which he had made the preposterous prediction.

In the security industry, much is made of fear, uncertainty and doubt, or FUD. Many claim security companies throw FUD around to sell products, making threats seem bigger than they are.

Nevertheless, many of the buzzwords that have been buzzing around in recent years have related to genuine emerging threats that security teams would be wise to address.

“All threat vectors continue to develop, many of them at a startling rate,” says Tony Lock, an analyst at Freeform Dynamics.

“Drive-by infections from legitimate websites, especially those using third-party content such as adverts, are increasingly being used to deliver malware. But all vectors, including phishing emails and infected USB and SD drives, remain and continue to evolve.

“The means of targeting high-value individuals or people who could open a way into an organisation are now being commercialised. These threats may escalate in number.”

Real and present danger

The advanced persistent threat, which many simply call a prolonged targeted attack, is a fine example of hype becoming reality.

Criminal hackers used to cast their malware nets far and wide to try to ensnare as many random computers as possible, and many still do. Many crooks have shifted to focusing on specific companies and specific individuals within them.

Thanks to increasing trust in social networks, from Facebook to Linkedin, it is easy to glean valuable information about employees from the public internet. That can then be used to craft phishing emails that trick workers into handing over useful data, such as an application login, or to have them open files that launch executables and infect the machine.

It is then simply a case of escalating privileges and spreading across the network to set up a surreptitious surveillance operation.

“Targeted attacks have definitely arrived,” says Javvad Malik, an analyst at 451 Research.

“There was some shoulder-shrugging and chin-rubbing when targeted attacks were first introduced to the mainstream and initially many assumed it would affect only the largest of enterprises with the biggest payloads.

“But this has come downstream and even consumers are affected. One could almost say that everything is targeted these days. We’ve seen increased sophistication in phishing as well as reports of an exponential rise in ransomware.”

Attackers are developing and using zero-day vulnerabilities to target high-level organisations, from governments to energy companies. This has been evidenced numerous times in 2014.

A recent Microsoft Word zero-day was used in attacks on Taiwanese government bodies in May, while the Elderwood gang has been identified as a zero-day provider for multiple groups, including the Hidden Lynx team connected to targeted attacks on Google and Bit9.

Targeted attacks are a global problem too. The Verizon Data Breach Investigations report from April uncovered 511 incidents of cyber espionage in 2013. Almost half of those were thought to have emanated from east Asia, while a fifth came from eastern Europe.

Et tu, router

Hackers are also turning their attentions to hit various levels of the network. Over the last year, there has been an explosion in router and modem attacks, causing something of a panic in security circles.

“A couple of years ago we published an article about insecurities in small network devices, such as DSL modems and Wi-Fi routers, and the emerging threats that had already started to exploit these vulnerabilities,” says Marta Janus, security researcher at Kaspersky Lab.

“We were aware of a limited number of real-life cases and just a handful of malware samples related to this kind of attack. Having noticed that this approach may prove fruitful for cyber criminals, we predicted it would become a serious issue.”

In March, things reached a head when security-focused non-profit Team Cymru released a report detailing a network of 300,000 hacked routers.

Weak authentication and various vulnerabilities in the firmware used by the routers were exploited by a hacker crew to redirect users to certain websites. Devices from some of the best known manufacturers, including TP-Link, D-Link, Micronet and Tenda, were hacked.

Various kinds of malware specifically target routers, including families such as Darlioz and Moon, while some Windows viruses use routers to re-infect machines, as with a malware variant known as Sality.

“When we look at the widely publicised cyber threat stories from the past year or so, we see attacks on home network devices are now widely used to steal online banking credentials,” says Janus.

Hang on to your Bitcoins

Janus is also unsurprised by the growing range and quality of attacks on crypto-currencies and the organisations dealing in them.

Consumers and businesses using the likes of Bitcoin now have to fear a deluge of malware trying to pilfer wallets. The attacks are cross-platform too, putting any system in danger.

“Another trend that is currently maturing is attacks against the crypto-currencies. In addition to the growing number of Bitcoin-mining Trojans, this year we also discovered Windows and Mac OS X malware designed to steal Bitcoins, in addition to Android SMS-Trojans capable of stealing money from wallets.”

The Bitcoin exchanges are taking a battering too. Mt. Gox suffered the worst, effectively shutting down following a breach that robbed the Bitcoin exchange of $460m.

“I think we can expect more attacks on Bitcoin stock exchanges as this can be very profitable for cyber criminals,” says Janus.

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.