Feed aggregator

Avoiding Data Breaches with Context Aware Behavioral Analytics

Threatpost for B2B - Wed, 12/03/2014 - 08:22
Avivah Litan of Gartner explains how context aware behavioral analytics may have prevented recent retail breaches and the Snowden, NSA surveillance saga.

OpenVPN Patches Denial of Service Vulnerability

Threatpost for B2B - Tue, 12/02/2014 - 13:58
Open source VPN software providers OpenVPN released an update Monday that patches a critical denial-of-service vulnerability.

IBM Fixes Serious Code Execution Bug in Endpoint Manager Product

Threatpost for B2B - Tue, 12/02/2014 - 13:49
IBM has fixed a serious vulnerability in its Endpoint Manager product that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability lies in the Endpoint Manager for Mobile Devices component of the product and the researchers who discovered it said the bug could be used to compromise not […]

Report Connects Iran to Critical Infrastructure Hacks Worldwide

Threatpost for B2B - Tue, 12/02/2014 - 10:08
New research connects Iranian state-sponsored hackers to attacks against critical infrastructure worldwide.

FBI Warns US Businesses of Possible Wiper Malware Attacks

Threatpost for B2B - Tue, 12/02/2014 - 08:01
The FBI sent security professionals at US businesses a five-page confidential flash warning, alerting them to destructive malware attacks that overwrite hard drives leaving them inoperable.

Payment Card Data Accessed in Parking Management Provider Breach

Threatpost for B2B - Mon, 12/01/2014 - 17:05
SP+, a parking facilities management company, reported that it had been breached and hackers used malware to access payment card data.

Researcher Releases Database of Known-Good ICS and SCADA Files

Threatpost for B2B - Mon, 12/01/2014 - 14:20
A prominent security researcher has put together a new database of hundreds of thousands of known-good files from ICS and SCADA software vendors in an effort to help users and other researchers identify legitimate files and home in on potentially malicious ones. The database, known as WhiteScope, comprises nearly 350,000 files, including executables and DLLs, […]

F.B.I., Mandiant, Investigating Sony Pictures Breach

Threatpost for B2B - Mon, 12/01/2014 - 13:07
Officials from the Federal Bureau of Investigation (F.B.I.) and Mandiant have begun to investigate the Sony Pictures breach.

Cybercrime Group Preys on Wall Street Insider Information

Threatpost for B2B - Mon, 12/01/2014 - 10:41
A criminal hacking group, well versed on Wall Street, is targeting healthcare and pharmaceutical M&A intelligence.

Sandbox Escape Bug in Adobe Reader Disclosed

Threatpost for B2B - Mon, 12/01/2014 - 10:26
Details and exploit code for a vulnerability in Adobe Reader have surfaced and the bug can be used to break out of the Reader sandbox and execute arbitrary code. The bug was discovered earlier this year by a member of Google’s Project Zero and reported to Adobe, which made a change to Reader that made it […]

Kaspersky Security Bulletin 2014. Predictions 2015

Secure List feed for B2B - Mon, 12/01/2014 - 04:00

 Download PDF
 Download EPUB
 Download Full Report PDF
 Download Full Report EPUB

  1. Predictions 2015
  2. Overall statistics for 2014
  3. Malware Evolution
  4. A Look into the APT Crystal Ball
Cyber-criminals merge with APT

In 2015, we expect to see another stage in the evolution of cyber-criminal activity with the adoption of APT tactics and techniques in financially motivated online criminal activity.

During a recent investigation, we discovered an attack in which an accountant's computer was compromised and used to initiate a large transfer with a financial institution. It represented the emergence of an interesting trend: targeted attacks directly against banks.

We are seeing an upsurge in malware incidents where banks are being breached using methods coming directly from the APT playbook. Once the attackers got into the banks' networks, they siphon enough information to allow them to steal money directly from the bank in several ways:

  • Remotely commanding ATMs to dispose cash.
  • Performing SWIFT transfers from various customers accounts,
  • Manipulating online banking systems to perform transfers in the background.

A new trend is embracing #APT style attacks in the #cybercriminal world

Tweet

Such attacks are an indication of a new trend that is embracing APT style attacks in the cybercriminal world.

APT groups fragment, diversify attacks

The naming-and-shaming of APT groups in 2014 led to the public exposure and indictment of a hacking group that allegedly carried out cyber-espionage against U.S. businesses.

We expect to see a shift in 2015 where the #APT groups splinter into smaller units, operating independently

Tweet

As security research teams continue to push for exposure of nation-state APT crews, we expect to see a shift in 2015 where the bigger, noisy APT groups splinter into smaller units, operating independently of each other. This in turn will result in a more widespread attack base, meaning more companies will be hit, as the smaller groups diversify their attacks. At the same time it means that bigger companies that were previously compromised by two or three major APT groups (eg. Comment Crew and Webky) will see more diverse attacks, coming from more sources.

Old code, new (dangerous) vulnerabilities

Recent allegations of deliberate tampering and accidental failures in crypto implementations ("goto fail"), and critical vulnerabilities in essential software (Shellshock, Heartbleed, OpenSSL) have left the community suspicious of unaudited software. The reaction has been to either launch independent audits of key software or have security researchers poke them in search of critical vulnerabilities (tantamount to an unofficial audit). This means that 2015 will be another year of new, dangerous vulnerabilities appearing in old code, exposing the Internet infrastructure to menacing attacks.

Escalation of ATM and PoS attacks

Attacks against cash machines (ATM) seemed to explode this year with several public incidents and a rush by law enforcement authorities globally to respond to this crisis. A corollary of this publicity is an awareness that ATMs are ripe for the taking and cybercriminals are sure to notice. As most of these systems are running Windows XP and also suffer from frail physical security, they are incredibly vulnerable by default and, as the impersonal gatekeepers of the financial institutions' cash, cybercriminals are bound to come knocking here first.

The next stage will see attackers compromising the networks of banks to manipulate #ATM #machines in real time

Tweet

In 2015, we expect to see further evolution of these ATM attacks with the use of APT techniques to gain access to the "brain" of cash machines.  The next stage will see attackers compromising the networks of banks and using that level of access to manipulate ATM machines in real time.

Mac Attacks: OS X botnets

Despite efforts by Apple to lock down the Mac operating system, we continue to see malicious software being pushed via torrents and pirated software packages. The increasing popularity of Mac OS X devices is turning heads in the criminal world, making it more appealing to develop malware for this platform.

The increasing popularity of #MacOS X devices makes it more appealing to the #criminal world to develop #malware

Tweet

The closed-by-default ecosystem makes it harder for this malware to successfully take hold of the platform, but there remains a subsection of users who'll gladly disable Mac OS X security measures – especially people who use pirated software. This means that those looking to hijack OS X systems for a variety of reasons know that they simply need to bundle their malware with desirable software (probably in the form of a key generator) to enjoy widespread success. Due to widespread beliefs about the security of the OS X platform, these systems are also unlikely to have an antimalware solution installed that will flag the infection so once the malware is installed, so it's likely to go unnoticed for a very long time.

Attacks against ticketing machines

Incidents such as the NFC hack on Chilean public transport show an interest in abusing public resources such as transportation systems. Some hackers won't be looking to turn a profit from these types of attacks and will be satisfied to get some free rides and 'stick it to the man' by sharing this ability with others. However, ticketing systems are being shown to be vulnerable (many of them running Windows XP) and in many cities handle credit card transaction data directly. We expect to see bolder attacks on these systems to either game the system or steal credit card data for themselves.

Attacks against virtual payment systems

Conventional wisdom tells us that cybercriminals are looking to monetize their daring exploits as simply and efficiently as possible. What better target than virtual payment systems in their infancy? As some countries like Ecuador rush to adopt virtual payment systems, we expect criminals to leap at every opportunity to exploit these. Whether social engineering the users, attacking the endpoints (cellphones in many cases), or hacking the banks directly, cybercriminals will jump all over directly monetized attacks and virtual payment systems will end up bearing the brunt.

We expect to the appearance of vulnerability warnings about weaknesses in #virtual #payment #systems

Tweet

These fears can also be extended to the new Apple Pay, which uses NFC (Near Field Communications) to handle wireless consumer transactions.  This is a ripe market for security research and we expect to the appearance of vulnerability warnings about weaknesses in Apple Pay, virtual wallets and other virtual payment systems.

Apple Pay

Previous attacks have focused on NFC payment systems but, thanks to limited adoption, these have reaped limited rewards. Apple Pay is bound to change that. The enthusiasm over this new payment platform is going to drive adoption through the roof and that will inevitably attract many cybercriminals looking to reap the rewards of these transactions. Apple's design possesses and increased focus on security (like virtualized transaction data) but we'll be very curious to see how hackers will exploit the features of this implementation.

Compromising the Internet of Things

Attacks against the Internet of Things (IoT) have been limited to proof-of-concepts and (sometimes overhyped) warnings that smart televisions and refrigerators will be targeted by hackers to create botnets or launch mischievous attacks.

In 2015, there will surely be in-the-wild attacks against networked printers and other #connected #devices

Tweet

As more and more of these connected devices become available, we expect to see a wider discussion about security and privacy, especially among businesses in this space.  In 2015, there will surely be in-the-wild attacks against networked printers and other connected devices that can help an advanced attacker to maintain persistence and lateral movement within a corporate network.   We expect to see IoT devices form part of an APT group's arsenal, especially at high-value targets where connectivity is being introduced to the manufacturing and industrial processes. 

On the consumer side, IoT attacks will be limited to demonstrations of weaknesses in protocol implementations and the possibility of embedding advertising (adware/spyware?) into smart TV programming.

Syndicate content