F5 Threat Analysis: It’s a mad, mad, mad, mad … bot
F5’s State of Application Delivery 2015 survey found that 92% of customers were confident to very confident they were ready and able to handle such attacks. Given that a majority protect all three attack surfaces “all the time”, this confidence is likely warranted…
But as complacency is as dangerous to security as complexity,
Madness is, according to its authors, a superior successor to notorious DDoS malware families “BlackEnergy”, “gbot”, “DirtJumper”, “Darkness Optima”, “iBot” and “w3Bot”.
…Madness displays a growing awareness of the richer attack surfaces at layer 7 (application). While supporting traditional network-based DoS capabilities, Madness also offers a number of application layer attacks with growing detection evasion options. Madness’ HTTP flood options can be categorized into low-level and high-level attacks. Low-level attacks allow the attacker to control all aspects of the HTTP request.
Link: http://www.sys-con.com/node/3315922
BackDoor.Yebot [supposedly there is an uptick in infections, but not confirmed]
Multi-purpose and multi-module backdoor Trojan written in С. It is spread by means of Trojan.Siggen6.31836. URL contains further info…
Link: http://vms.drweb.com/virus/?i=4357803&lng=en
The 7 Truths Of Actionable Intelligence
We’ve talked in the past about Rick Holland’s (Forrester Research) thoughts on how to make sure the intelligence you receive is actionable and thus useful to your mission. Rick has some great guidance that you should take to heart (we have at iSIGHT Partners) – below we look at the seven core areas he details, with our own editorial below each header.
Link: http://www.isightpartners.com/2015/03/the-7-truths-of-actionable-intelligence/
New Report Promises Threat Intelligence 101
Global information security consultancy, MWR InfoSecurity, has produced a comprehensive new guide designed to provide organizations of all sizes with vendor-neutral advice on how to effectively build and evaluate threat intelligence programs. The report, Threat Intelligence: Collecting, Analysing, Evaluating, was produced with support from the UK’s Centre for the Protection of National Infrastructure (CPNI) and CERT-UK. The link to the report: https://www.mwrinfosecurity.com/articles/intelligent-threat-intelligence/
Link: http://www.infosecurity-magazine.com/news/new-report-promises-threat/
Google warns of fake digital certificates
Google has warned of unauthorised digital certificates issued for several of its domains that could be used to intercept data traffic to its services.
The fake certificates were issued by intermediate certificate authority CNNIC which is owned by MCS Holdings, said Google engineer Adam Langley.
Link: http://www.computerweekly.com/news/4500242932/Google-warns-of-fake-digital-certificates?asrc=EM_ERU_41061149&utm_medium=EM&utm_source=ERU&utm_campaign=20150325_ERU%20Transmission%20for%2003/25/2015%20(UserUniverse:%201429542)_myka-reports@techtarget.com&src=5373152
A Quarter of Businesses Have No Control over Network Privileges
A BeyondTrust survey, Privilege Gone Wild 2 shows that more than one out of four companies indicated they have no controls in place to manage privileged access. That’s even though nearly half of the survey respondents (47%) admit they have employees with access rights not necessary to their current role.
Workers that have excessive privilege rights can easily compromise company assets, via the ability to steal credentials and the ease of access to sensitive data. There’s a rise in crime carried out by malicious insiders, but unwitting employees can also become conduits for outside criminals who have targeted them through judicious, well-crafted social engineering tactics. Sometimes a grooming process takes place, where the employee is developed over a period of weeks or even months to become susceptible to cybercrime ploys.
Link: http://www.infosecurity-magazine.com/news/quarter-of-businesses-network/
‘.bank’ domains, which should be more secure, are coming this summer
The new, exclusive domains offer a higher level of security than .com addresses — a change designed to foil phishing attempts and cybercrime so customers know the website is legitimate, not one created by a hacker trying to steal information.
Firms can begin registering dot-bank domains in May, says Craig Schwartz, who runs the effort for .bank and .insurance domains as director of the fTLD Registry Services. The payments and financial services sectors were the targets of nearly 67% of all phishing attacks in the second quarter of 2014, according to the most recent report published by the Anti-Phishing Working Group. The .bank domains will include encryption measures and authenticate emails so customers can more easily discern if a message truly came from the bank.
Link: http://www.marketwatch.com/story/bank-domains-which-should-be-more-secure-are-coming-this-summer-2015-03-25
Secunia Report Highlights Critical Importance of Non-Microsoft Patches
Vulnerability management vendor Secunia on Wednesday released its annual “Secunia Vulnerability Review.” Overall findings were that the number of new vulnerabilities reported in 2014 went up by 18 percent compared to 2013. Newly reported vulnerabilities totaled 15,435 in 3,870 applications from 500 publishers, Secunia said. Among those thousands of new vulnerabilities were 25 zero-day vulnerabilities, which are security flaws that are already being exploited in the wild when a vendor publishes a security advisory about them. That figure is up from 14 zero-days in 2013.
Link: http://rcpmag.com/articles/2015/03/25/secunia-importance-of-non-microsoft-patches.aspx
Favicons used to update world’s ‘most dangerous’ malware
Developer Jakub Kroustek has found new features in the dangerous Vawtrak malware that allow it to send and receive data through encrypted favicons distributed over the Tor network.
The AVG security bod reveals the features in a report (pdf) into the malware which is considered one of the worst single threats in existence.
He says Vawtrak uses the Tor2Web proxy to receive updates from its criminal developers.
Kroustek says the latest Vawtrak sample uses steganography to conceal update files within favicons, the small images used to add colour to website bookmarks and browser tabs, in a novel trick that helps conceal the malicious downloads.
Link: http://www.theregister.co.uk/2015/03/25/blank/
root9B Announces Development of First-ever Credential Risk Assessment and Remediation Solution
NEW YORK, March 25, 2015 /PRNewswire/ — root9B, a leading provider of advanced cybersecurity services and tailored active defense capabilities, announced today the development of Orkos, a revolutionary product to identify critical credential theft risks in organizational networks. root9B is a root9B Technologies company (OTCMKTS: RTNB).
Orkos, root9B’s credential assessment capability, combines comprehensive data collection, advanced logic, and cutting-edge visualization to identify the critical links attackers will exploit in a major breach. It identifies not only immediate risks, but higher-order effects, showing the total risk of credential theft. Orkos also supports remediation through simulation of network changes that would prevent an attacker from compromising additional systems with stolen credentials. Orkos was designed to find and mitigate the types of dangers vividly illustrated by the recent Target and Sands breaches.
Link: http://www.otcmarkets.com/stock/RTNB/news?id=100303