Table of Contents The Need for an Evolved Threat Intel LifecycleDan ColeThreat ConnectThe Traditional Intelligence CyclePlanning and DirectionCollectionProcessingAnalysis and ProductionDissemination and IntegrationLimitationsLack of AccountabilityWhile the intel cycle does have a “feedback” step, it’s not strictly enforced and very often is not properly quantified.Lack of Stakeholder InvolvementIntelligence doesn’t exist for its…
Category: Malware
Gameover malware targets accounts on employment websites – Techworld.com
A new variant of the Gameover computer Trojan is targeting job seekers and recruiters by attempting to steal log-in credentials for Monster.com and CareerBuilder.com accounts. Gameover is one of several Trojan programs that are based on the infamous Zeus … Link: http://news.techworld.com/security/3508691/gameover-malware-targets-accounts-on-employment-websites/
Cybercrime-as-a-Service, the rise of hacking services
The service doesn’t utilize Google for finding vulnerable Web sites on a mass scale, instead it allows the cybercriminal to manually enter the Web site about to get unethically pen-tested. Even if the service cannot automatically hack into the Web site (based on what the service claims are private techniques for exploitation) the specially displayed output is supposed to increase the probability for a successful compromise
At the moment the impact of the specific service is limited due its actual inability cause widespread damage but the availability of a huge quantity of tools and hacking services represents an alarming reality that is causing a sensible increase in blended, automated attacks.
The same Danchev already profiled other DIY tools such as Google Dorks Web site exploitation tools, brute forcing applications and stealth Apache module for backdoor distribution, the greater the number of these tools on the market and the greater the number of cyber criminals who provide for the complete outsourcing of attacks.
According last McAfee report “Cybercrime-as-a-Service” security experts observed a sensible increase for attack-as-a-service proposal, the study profiled as example Password cracking services and Denial-of-services.
“If the budget allows, a budding cybercriminal can skip the process of conducting research, building appropriate tools, and developing an infrastructure to launch a cyberattack by choosing a service that will outsource the entire process.” the report states.
Linux gets hit by a trojan — it’s time to sudo apt-get scared!
“The Trojan’s developer claims it has been tested on 15 different Linux desktop distributions, including Ubuntu, Fedora and Debian.
While this trojan does seem nasty and scary, it is unlikely to spread easily given Linux users’ propensity towards common-sense about installing software.
Sophisticated Malware Is Stumping Security Pros
“Many organizations lack the right staff size or skills necessary to address malware threats, but given their current workload and the information security skills shortage, it is unlikely they can fill this void quickly,” Oltsik said in his report.
Sixty-two percent of those surveyed believe their host-based security software is not effective for detecting zero-day attacks and other malware designed to bypass the software and remain stealthy on systems.
Security professionals should become intimately familiar with these phases so they can implement appropriate security controls for each phase and recognize anomalous behavior that may be associated with one or many phases of an attack.”
In addition, the survey found that 42 percent of organizations are testing or implementing security technologies that use sandboxing technology, virtual environments where files are quickly analyzed before being passed on to the end user.
About 39 percent of those surveyed said a group of security analysts dedicated to malware intelligence and analysis was created at their organization.
“While security professionals understand the basic concepts about malware, the [Enterprise Strategy Group] research indicates that a large number are unfamiliar with advanced malware properties.
Link: http://www.crn.com/news/security/240158935/sophisticated-malware-is-stumping-security-pros.htm
New Trojan could create headaches for banks, customers
The Trojan is entering the market at an opportune time, as developers of such major banking malware have either retired, gone into hiding or otherwise removed their skills from the open market.
In a message posted to a Russian language underground forum and translated by RSA, KINS’ developer said the malware has been developed from scratch and not a modification of another product.
One plug-in is already available for $2,000, according to the malware developer’s forum posting, to counter Rapport, a popular fraud protection program currently used by banks.
“The bad guys have figured out that they can make the most money by selling plug-ins, which provide extra functionality,” Roel Schouwenberg, a senior researcher with Kaspersky Lab, said in an email.
KINS is also compatible with Zeus web injections and works with RDP, as was SpyEye, and won’t work in former Soviet Union countries — a practice introduced by Citadel.
“The American police aren’t going to go after the developer so he doesn’t mind if computers in the states get infected,” RSA’s Kessem explained.
For instance, it’s build to stay away from Trojan trackers, can be spread by popular exploit packs like Neutrino and will more deeply infect a Windows machine by poisoning its Volume Boot Record.