Security News Curated from across the world
The victims would be taken to the compromised web site if they clicked on links contained in bogus spam emails such as this one: The majority of computers enslaved in the Cutwail botnet are at this time located in the U.S., India, the Russian Federation and Mexico.
As always, users are advised to keep their OS and software updated, as well as avoid clicking on links contained in unsolicited emails.
Link: http://www.net-security.org/malware_news.php?id=2386
[An] open lettered issued to Skype is requesting that the IP-based communications company re-affirm and better explain its commitment to privacy, particularly when it comes to chat logs, eavesdropping and local data retention.
Once an Estonian-based company before it was courted by eBay and changed hands to Microsoft, Skype is now thought to be subject to U.S-based telecommunications laws. Regulations like the Communications Assistance for Law Enforcement Act (CALEA) impose certain requirements which essentially guarantee that Skype is capable of eavesdropping — something the company explicitly denied was possible before its Microsoft acquisition in 2008.
The letter also asks that Skype periodically publish a “transparency report” — a common way of sharing who’s requesting what data and how often a company complies, along with other usage details and statistics.
Just a week ago, it was discovered that a trojan-banker malware named “Shylock” has been updated to infect users through Skype by exploiting a security flaw in the software. The malware essentially gives attackers full access to a PC, allowing them to upload and execute files, set up remote viewing programs like VNC and inject custom HTML into websites.
Link: http://www.techspot.com/news/51435-skype-calls-purportedly-being-tapped-skype-based-malware-spreads.html
The shift from single-server attacks to the use of multiple servers in different geographic locations has allowed attackers to quickly and effectively launch more powerful DDoS attacks than ever before. Just a few attacking servers can produce the same attack traffic as a large number of client botnets, with the 24/7 availability of servers allowing for greater reliability as well as command-and-control. In 2013, Radware expects this method to gain in popularity, requiring that organizations make sure their defense architecture can withstand these scaled up attacks.
The numbers are staggering – with 58 percent of attacks scoring a 7 or higher in complexity (out of 10), as compared to just 23 percent of attacks in 2011. Though conventionally associated with security on the web, hackers have managed to weaponize the encryption layer, using it to launch application-level and SSL attacks that can escape detection and remain hidden until its already too late.
With some of the worlds largest institutions victimized by cyber attacks in 2012, the question remains as to why many of these organizations continue to be vulnerable. The fact remains that less than a quarter of all organizations surveyed invest their efforts in mitigating attacks as they’re happening – a fact exploited by hackers. In 2013, Radware recommends that organizations dedicate resources to creating a “security war room” equipped to dynamically respond to and handle persistent security attacks during all phases of an attack and adopt a three-phased security approach.
The supply chain includes took kits and for-hire services that are available to anyone with minimal coding or advanced hacking skills for as little as $10 for a ransomware attack tool.
Key findings include:
– Server-based botnets represent a new and more powerful order in the DDoS environment.
– The number of DDoS and DoS attacks lasting more than one week doubled in 2012.
– Encrypted layer attacks fly below the radar – and can’t be ignored.
– In today’s security environment, most organizations are bringing a knife to a gunfight.
-The DIY phenomenon.
Link: http://www.net-security.org/secworld.php?id=14285
It’s the same method used in a typical drive-by download attack on random visitors, except the watering hole has been selected for the audience it attracts.
While recent watering hole attacks have relied on exclusive zero day flaws to compromise target systems, this one uses a recently patched IE flaw and two patched Java flaws to infect victims, wrote Kubec.
Features of the attack kit on Reporters without Borders’ website mean it’s likely to have been rigged by the same group behind recent attacks on Tibetan, Uygur human rights websites and political parties in Hong Kong and Taiwan, according to Kubec. Ahead of Christmas last year, Chinese hackers were suspected of planting a watering hole that used a zero day flaw to net victims that visited the website of foreign policy think tank, Council on Foreign Relations.
The attack only served an exploit to browsers that run on operating systems using US English, Chinese, Taiwanese Chinese, Russian, Japanese or Korean, according to security firm FireEye. http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html
Link:http://www.cso.com.au/article/451512/_watering_hole_attackers_hunt_from_reporters_without_borders/
In a different experiment, the targeted test server was set up inside a separate cloud instance from the same provider in order to test if the provider would detect malicious traffic sent over its own internal network. A third experiment involved the targeted server running inside a cloud instance at a different cloud provider in order to test how that provider would deal with incoming malicious traffic.
The experiments involved sending malformed network packets and performing aggressive port scanning; sending malware to the victim host via a reverse shell; performing a denial of service attack against a Web server running on the targeted host, performing a brute-force FTP password cracking attack; launching SQL injection, cross-site scripting, path traversal and other attacks against popular Web applications running on the targeted host; and sending known exploit payloads to various services running on the host.
In one experiment, some types of malicious activity, like port scanning, were executed for 48 hours in order to see if a large traffic volume and longer attack duration would trigger a response from the cloud provider.
“The results of the experiment showed that no connections were reset or terminated when transmitting inbound and outbound malicious traffic, no alerts were raised to the owner of the accounts, and no restrictions were placed on the Cloud instances,” Stratsec senior consultant Pedram Hayati said Monday in a blog post [http://stratsec.blogspot.com.au].
“Computing is becoming cheaper and cheaper and for something like $10 one can buy enough computing power to take down a small website for a few hours,” Costin Raiu, director of the Global Research & Analysis Team at antivirus vendor Kaspersky Lab, said Tuesday via email. “The experiment suggests that providers BAE looked at may not be prioritizing monitoring for malicious traffic and the sound implementation of security measures that you’d expect to be implemented on a corporate network,” David Harley, a senior research fellow at antivirus vendor ESET, said Tuesday via email.
http://www.arnnet.com.au/article/440522/lack_abuse_detection_allows_cloud_computing_instances_used_like_botnets_study_says/
The survey found the 329 organizations polled had collectively lost more than 86,000 laptops. Using that figure, Intel and Ponemon calculate that the 86,000 lost laptops cost the 329 enterprises approximately $2.1 billion.
“Laptops are the greatest risk that I find in my security assessments,” says Kevin Beaver, an independent consultant and expert witness for Principal Logic.
http://www.darkreading.com/smb-security/167901073/security/client-security/228500279/lost-laptops-cost-companies-billions-study-says.html