Feed aggregator

Google Adds Grace Period to Disclosure Policy

Threatpost for B2B - Fri, 02/13/2015 - 16:04
Google announced that it was adding a 14-day grace period to its 90-day vulnerability disclosure deadline if the affected vendor says it will have a patch ready inside the extension.

Threatpost News Wrap, February 13, 2015

Threatpost for B2B - Fri, 02/13/2015 - 13:18
Dennis Fisher and Mike Mimoso discuss Patch Tuesday, the Facebook ThreatExchange platform, Mozilla's extension signing plan, plus questions from readers!

Apple Extends 2FA to iMessage, FaceTime

Threatpost for B2B - Fri, 02/13/2015 - 12:14
Apple extended two-factor authentication (2FA) yesterday to both its iMessage and FaceTime services, adding an extra layer of security to the popular iPhone and iPad apps.

Spat Leads to Partial Leak of Rig Exploit Kit

Threatpost for B2B - Fri, 02/13/2015 - 11:12
A reseller of the Rig Exploit Kit has leaked some of the source code behind the pack after parting ways with the kit's developer. Experts don't expect a spike in Rig-based attacks.

Lack of CSPRNG Threatens WordPress Sites

Threatpost for B2B - Thu, 02/12/2015 - 12:47
WordPress has become a huge target for attackers and vulnerability researchers, and with good reason. The software runs a large fraction of the sites on the Internet and serious vulnerabilities in the platform have not been hard to come by lately. But there’s now a new bug that’s been disclosed in all versions of WordPress that […]

Patched Windows Kernel-Mode Driver Flaw Exploitable With One Bit Change

Threatpost for B2B - Thu, 02/12/2015 - 12:28
Details have been disclosed on a Windows kernel-mode driver privilege escalation vulnerability that was patched Tuesday by Microsoft.

Ryan Naraine on SAS 2015

Threatpost for B2B - Thu, 02/12/2015 - 10:10
Dennis Fisher talks with Ryan Naraine, the long lost co-founder of Threatpost, about the upcoming Kaspersky Security Analyst Summit in Cancun and how much the conference has grown in the last few years.

Financial cyber threats in 2014: things changed

Secure List feed for B2B - Thu, 02/12/2015 - 07:00

 Download Full Report PDF

In 2013 we conducted our first in-depth research into the financial cyber-threat landscape. At that time we registered a sudden surge in the number of attacks targeting users' financial information and money. The financial cyber threats landscape was discussed in detail in Kaspersky Lab's "Financial Cyber-threats in 2013" report.

In 2014, the situation changed considerably: the number of attacks and attacked users significantly decreased, as did the amount of financial phishing. The key findings of the study into the financial cyber-threat landscape in 2014 are as follows:

Attacks with Financial malware in 2013 and 2014

Financial phishing attacks
  • In 2014 financial phishing attacks, which include phishing that targets Banks, Payment Systems and E-shops, accounted for 28.73% of all phishing attacks (a decrease of 2.72 percentage points).
  • Bank-related phishing accounted for 16.27% of all attacks.
  • The amount of phishing against Payment Systems increased 2.4 p.p. (from 2.74% in 2013 to 5.14% in 2014)
Financial malware attacks
  • In 2014 Kaspersky Lab products detected 22.9 million attacks involving financial malware against 2.7 million users. This represents a YoY decrease of 19.23% for attacks and 29.77% of users.
  • Among the total number of users subjected to all types of malware attacks, 4.86% of users encountered attacks involving some kind of financial threat – that's 1.34 percentage points less than in 2013.
  • The amount of Banking malware rose 8.89 percentage points to 75.63% of all financial malware attacks in 2014.
  • The number of attacks involving Bitcoin mining malware tripled: from 360,065 attacks in 2013 to 1,204,987 in 2014

There are several possible reasons for these changes. First of all, law enforcement agencies around the world actively prosecuted cybercriminals who were spreading financial malware and phishing. In particular, last summer, law enforcement agencies in the US and the UK stopped the activities of two dangerous malicious campaigns – Gameover / Zeus and Shylock.

The second reason for the decline in the number of attacks might be a shift in the cybercriminals' focus – instead of attacking end-users they are now pursuing organizations that work with financial information and payment tools. Throughout the year there were frequent reports of malicious attacks on large stores, hotel chains and fast food restaurants that serve millions of customers a day. In each case the fraudsters used malicious software that could steal bank card data directly from the memory of the POS terminals used by the organizations under attack. Banks became yet another "new" cybercriminal target. In 2014, Kaspersky Lab investigated several attacks targeting banks rather than their users' accounts. Neither of these "new" types of attack prompted a rash of new AV detections simply because there are so few organizations involved compared with the number of private users running antivirus solutions, so it is difficult to compare the number of attacks. Nevertheless, the damage from such attacks amounted to millions of dollars so this threat can hardly be dismissed.

#Cybercriminals are less interested in "mass" malicious attacks, preferring fewer, more "targeted" #attacks #KLreport

Tweet

A third possible reason for the reduced number of cyberattacks lies in a general trend observed by Kaspersky Lab specialists in 2014. According to the company's experts, cybercriminals are less interested in "mass" malicious attacks on users, preferring fewer, more "targeted" attacks. This is shown by the increased levels of targeted phishing: fraudsters only go after a specific group of users (for example, online banking users) rather than spreading mass mailings with malicious links.

This tactic suggests that a selective malicious mailing is less likely to be detected by IT security specialists and the lifespan of malicious links and malware samples will be extended. The trick is not always successful, but one consequence of its use is a decline in the absolute number of registered cyberattacks.

Android financial malware attacks

And what about mobile financial threats?

First of all, when we talk about mobile cyberthreats we focus on Android cyberthreats. According to Kaspersky Lab experts, more than 99% of mobile malware they are aware of is designed to attack Android devices.

48.15% of the attacks against #Android users utilized malware targeting financial data (Trojan-SMS, Trojan-Banker)

Tweet

In 2014 Kaspersky Lab and INTERPOL released a joint study on Mobile Cyberthreats which – among others – covered financial malware targeting Android users. According to the findings, there were 3,408,112 attacks against 1,023,202 users recorded in the period from August 1st, 2013 to July 31st 2014. About 500,000 users have encountered Android malware designed to steal money at least once. More than half a year has passed since the end of the period covered by the Kaspersky Lab / INTERPOL study and here is how things changed since:

  • 48.15% of the attacks against users of Android-based devices blocked by Kaspersky Lab products utilized malware targeting financial data (Trojan-SMS and Trojan-Banker)
  • In comparison with 2013 the number of financial attacks against Android users increased 3.25 times (from 711,993 to 2,317,194 attacks) and number of attacked users was up 3.64 times (from 212,890 to 775,887 users)

Attacks against users of Android-based devices in 2013 and 2014

In other words, the ever-increasing numbers of financial attacks against users of Android-based devices is a strong trend that shows no sign of declining.

Read more about financial cyber-threats in 2014 in our whitepaper.

Chinese Hackers Compromised Forbes.com Using IE, Flash Zero Days

Threatpost for B2B - Wed, 02/11/2015 - 17:07
A Chinese APT group has been linked to a watering hole attack on Forbes.com used to target defense and financial targets.

Mozilla to Enforce Signing for Firefox Extensions Soon

Threatpost for B2B - Wed, 02/11/2015 - 16:09
In an effort to head off the problem of malicious or misbehaving browser add-ons, Mozilla is planning to require developers to have their Firefox extensions signed by the company in the near future. As much of users’ computing has moved into their browsers in the last few years, extensions and add-ons have become important tools. […]

Facebook ThreatExchange Platform Latest Hope for Information Sharing

Threatpost for B2B - Wed, 02/11/2015 - 14:52
Facebook announced ThreatExchange, an API-based platform for the exchange of attack and threat data.

Microsoft Group Policy Vulnerability Affects All Windows Computers

Threatpost for B2B - Wed, 02/11/2015 - 14:13
Details were released on two Microsoft Group Policy vulnerabilities affecting all Windows machines going back to Windows Server 2003. The flaws were addressed in separate Patch Tuesday security bulletins.
Syndicate content