When it comes to spotting malware, signature-based detection, heuristics and cloud-based recognition and information sharing used by many antivirus solutions today work well up a certain point, but the polymorphic malware still gives them a run for their money. At the annual AusCert conference held this week in Australia a…
Author: admini
Fight against Cyber Crime is On the Right Track
Despite the numerous security incidents that took place during the first quarter of the year, the fight against cyber crime is on the right track, and though there is still a long way to go, international co-operation among security agencies is beginning to pay off and criminals around the world are being brought to justice.
“The start of the year has seen some serious cyber attacks, including the hacking of the Twitter accounts of major organizations such as the BBC or Burger King, and one of the biggest attacks ever, targeting some of the world’s leading technology companies: Apple, Facebook, Microsoft and Twitter. But there have been some victories for security forces as well, including the arrest of a group of hackers accused of extortion using the infamous ‘Police Virus,’” says Luis Corrons, technical director of PandaLabs.
Also in January, the FBI published details of an investigation that began in 2010 and thwarted a gang of cyber criminals who had infected more than a million computers since 2005.
On February 1, Twitter published an article on its blog (“Keeping our users secure”) detailing how the social network had fallen victim to an attack resulting in unauthorized access to the details of some 250,000 Twitter users. A couple of weeks later, Facebook also released an article on its blog, “Protecting People On Facebook,” acknowledging that their systems had been targeted by a sophisticated attack. The Twitter account of car company Jeep was also the victim of a similar attack, in this case stating that the company had been bought out by Cadillac. On January 30, The New York Times ran a front-page article explaining how they had been victims of an attack that had allowed their computers to be accessed and spied on for months.
Interestingly, in both incidents the attackers were able to access all types of data (customer details, etc.), yet only focused on information about journalists and employees, trying to find any reference to investigative journalism regarding China, and in particular, looking for the papers’ sources.
Some weeks later, Mandiant published a damning 76-page report (APT1: Exposing One of China’s Cyber Espionage Units, http://intelreport.mandiant.com/) explaining how Unit 61398 of the Chinese army has specialized in cyber-espionage. The report revealed more than 3,000 pieces of evidence showing how this unit has been running since at least 2006, stealing information from no less than 141 organizations worldwide.
For some years now, people have turned their gaze to China whenever this type of incident occurs, yet without any real evidence that the Chinese government is behind such attacks. Now, for the first time, it has been proven that the Chinese army is actively involved in espionage on a global scale, infiltrating companies across many sectors and stealing information,” explained Corrons.
Link: http://www.dfinews.com/news/2013/05/fight-against-cyber-crime-right-track
CommonKey Brings Password Management To Small Teams
CommonKey has launched as an extension for the Chrome web browser, but the plan is to soon bring it to Firefox, Safari then to iOS and Android as a mobile app. It works a lot like any other password manager available today, except that in its case, a business owner can create an organization and groups within that organization (e.g., PR, marketing, development, sales, etc.) in order to securely share common passwords among the team.
Users establish their own CommonKey accounts, which they can also use for one-click logins to personal services like Facebook, Twitter, email or anything else that’s not work-related. In fact, the service works just fine if you wanted to use it as an individual, and will also soon include a feature that automatically generates strong passwords for you, too.
During its beta period, CommonKey’s service is free, but the plan is to eventually charge companies based on number of employees with access to shared accounts.
New Computer Attacks Traced to Iran, Officials Say
The Obama administration has been focused on Iran because the attacks have given the Iranian government a way to retaliate for tightened economic sanctions against it, and for the American and Israeli program that aimed similar attacks, using a virus known as Stuxnet, on the Natanz nuclear enrichment plant.
In a letter to the editor of The Times, responding to a May 12 article that reported on the new attacks’ similarity to the Saudi Aramco episode, Alireza Miryousefi, the head of the press office of the Iranian mission to the United Nations, wrote that Iran “never engaged in such attacks against its Persian Gulf neighbors, with which Iran has maintained good neighborly relations.”
American officials have not offered any technical evidence to back up their assertions of Iranian authorship of the latest attacks, but they describe the recent campaign as different from most attacks against American companies — particularly those from China — which quietly siphon off intellectual property for competitive purposes.
The White House would not confirm that Iran was the source, but Laura Lucas, a spokeswoman for the National Security Council, said that “mitigating threats in cyberspace, whether theft of intellectual property or intrusions against our critical infrastructure” was a governmentwide initiative and that the United States would consider “all of the measures at its disposal — from diplomatic to law enforcement to economic — when determining how to protect our nation, allies, partners, and interests in cyberspace.” But Homeland Security was able to issue a broader warning because of an executive order, signed in February, promoting greater information sharing about such threats between the government and private companies that oversee the nation’s critical infrastructure. It said the government was “highly concerned about hostility against critical infrastructure organizations,” and included a link to a previous warning about Shamoon, the virus used in the Saudi Aramco attack last year.
Government officials also say Iran was the source of a separate continuing campaign of attacks on American financial institutions that began last September and has since taken dozens of American banks intermittently offline, costing millions of dollars.
2013 will see an explosion in malware
AV-Test says they expect to see five million new malware samples each month – about double the rate from last year.
“This dramatic development is also forcing the manufacturers of anti-virus software to adopt different strategies, for example whitelisting, an approach that has now been popular for a number of years.” “Instead of sending 100,000 users the identical malware sample, a malware writer generates 10,000 unique samples for 10 users each or even 100,000 completely unique samples.” “In the majority of cases, the malware writers are using the same executable and then, it will automatically be encrypted, packed and scrambled in different ways,” said Marx.
In the back and forth between the bad guys and security companies, attackers must constantly change their strategies if they hope to reach any ripe targets.
Perhaps 60 million new pieces of malware might just be the sign of a job well done, but nonetheless, it’s a scary number.
Link: http://www.itproportal.com/2013/05/24/2013-will-see-an-explosion-in-malware/
Zeus variants are back with a vengeance
The difference in GameOver variant is that it opens a random UDP port and sends encrypted packets before sending DNS queries to randomized domain names.”
Configuration files are, as usual, subject to change depending on which information the attackers want to steal, and the malware still tries to prevent browsers from being able to visit security sites. What was previously put in one folder in Windows’%System% folder is now in to random-named folders in the%Applications Data% folder.
“What we can learn from ZeuS / Zbot’s spike in recent months is simple: old threats like Zbot can always make a comeback because cybercriminals profit from these,” the researchers warn and advise: “It is important to be careful in opening email messages or clicking links.