3.1 C
London
Sunday, November 19, 2017
Home Tags Malware

Tag: malware

Malware, short for malicious software, is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising. Malicious software was called computer virus before the term malware was coined in 1990 by Yisrael Radai. The first category of malware propagation concerns parasitic software fragments that attach themselves to some existing executable content. The fragment may be machine code that infects some existing application, utility, or system program, or even the code used to boot a computer system. Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency.

Malware may be stealthy, intended to steal information or spy on computer users for an extended period without their knowledge, as for example Regin, or it may be designed to cause harm, often as sabotage (e.g., Stuxnet), or to extort payment (CryptoLocker). ‘Malware’ is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruseswormstrojan horsesransomwarespywareadwarescareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware is often disguised as, or embedded in, non-malicious files. As of 2011 the majority of active malware threats were worms or trojans rather than viruses.

Malware creation hits a new milestone, according to PandaLabs, thanks to higher incentives for cyber-criminals. Although security vendors continue to do their best to conquer malware, malware authors continue to up the ante.

According to Panda Labs' third-quarter 2013 report, new malware creation is now at an all-time high. PandaLabs reported that from January to September 2013, there have been nearly 10 million new malware strains identified, which is as many as PandaLabs saw in all of 2012. There are a number of reasons for such malware strain growth, Luis Corrons, PandaLabs' technical director, told eWEEK. "They have always grown really fast; [however,] figures are higher now as the incentives for cyber-criminals are higher too," Corrons said. "There are many ways to make more money with cybercrime: more users online and more online shopping." While the growth of malware continues unabated, malware authors are not necessarily inventing new forms of malware in 2013. Most of the malware strains that have been detected are just variants of existing threats, Corrons said. Looking at the types of malware that are being created, PandaLabs has identified Trojans as being the top threat, accounting for nearly 77 percent of all new malware. Worms account for 13 percent of new threats, viruses represent 9 percent, and adware is responsible for less than 1 percent of new malware detected by PandaLabs. Malware is a global plague, but some countries are affected more than others. In China, PandaLabs reports that 59 percent of computers are infected with malware.

There are a number of factors as to why the malware infection rate is so high in China, according to Corrons.

For one, he said, software piracy levels are much higher in China. Plus, China has its own local malware ecosystem on top of what PandaLabs sees in the rest of the world, Corrons added. The malware infection rate in the United States is much lower than in China—reported at 31 percent—although it is in Europe where the lowest rates of infection are found. PandaLabs found an infection rate of only 19 percent in the Netherlands, 20 percent in the U.K.

And 21 percent in Germany. "Users are, in general, more concerned about security," Corrons said about the European infection statistics. "In Europe, there are many security awareness campaigns trying to teach citizens to recognize risks." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
The new National Crime Agency (NCA) has changed the UK law enforcement landscape, says Andy Archibald, head of the NCA’s National Cyber Crime Unit (NCCU) “And the NCCU is a core part of that,” he told the Govnet Cyber Security Summit 2013 in London. According to Archibald, the difference is due to the fact that the NCA is the mandated lead, co-ordinator and support for the UK’s response to serious and organised crime. “The NCCU is building on the work of previous cyber crime fighting agencies, but its leadership role enables it to harness skills across government, law enforcement, industry and internationally,” he said. This means that the NCCU is able to work in partnership with all these stakeholders to better assess, understand and prioritise cyber threats. “The NCA has been about doing things very differently from the outset through strategic partnerships and international collaboration,” said Archibald. A top priority for the NCCU for 2014 will be tackling those who develop and distribute malware, but he said, success in this will require a level of international collaboration at an unprecedented scale. “I believe the UK is in a unique position to take a leadership role in law enforcement through its key partnerships and links with Europol, Interpol, FBI and the Five Eyes strategy group,” he said. Most cyber investigations are across multiple jurisdictions, which presents legal and cultural challenges. “It is therefore essential that we develop new alliances and new ways of doing things to develop a new international model for tackling cyber crime,” said Archibald. The effectiveness of the new approach taken by the NCA and NCCU was endorsed by fellow speaker, Richard Cox, CIO for anti-spam organisation, The Spamhaus Project. In March 2013, activists unleashed the largest recorded distributed denial-of-service (DDoS) attack on Spamhaus. According to Cox, existing UK cyber-crime fighting agencies were unable to understand and respond to the information that Spamhaus was able to provide. “The shadow NCCU, however, was able to understand and respond because of the way it is structured,” he said. Cox said the NCCU is not merely a question of rebranding, but represents a new way of thinking and acting that led to an arrest. However, he said he was unable to go into any further details as legal proceedings are still pending. Cox also vented his frustration at the frequent inability of the Crown Prosecution Service (CPS) to act to bring cyber criminals to justice. “The CPS cyber skills are weak; it is an Achilles heel that the government has got to address,” he said. According to Cox, if the CPS had had the necessary skills to prosecute hacker Gary McKinnon as they should have done, the years of a threatened extradition to the US could have been avoided. He complained that some issues that affect the functioning of the internet have typically not been dealt with in the past because of inadequate UK legislation and law enforcement organisations. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
A string of recent attacks against oil and gas companies as well as the recent Cryptolocker ransomware incident are examples of current threats that Cisco researchers are now warning about. While there is a certain amount of focus by security vendors on zero-day threats that have not yet been patched, networking giant Cisco Systems doesn't want people to forget about the need for good Internet hygiene to protect against all the other types of online threats. In a press briefing today, Craig Williams, technical leader of Threat Research Analysis & Communications (TRAC) at Cisco, talked about three recent sets of attacks, all of which could have been prevented if the victims had properly followed a few simple Internet security best practices. One of the attacks, known as a "watering hole" attack, targeted oil and gas companies. In a watering hole attack, a commonly visited Website (the watering hole) is infected with some form of malware, which is then distributed to all subsequent visitors to the site. Cisco TRAC discovered 10 Websites in the oil and gas sector that had become watering hole sites. Williams did not specifically identify all 10 sites, though he did note that they include a large firm with operations in Africa, Morocco and Brazil; a natural gas power station in the U.K.; and a gas distributor in France. From a technical perspective, the watering hole attack involved the placement of a snippet of malicious JavaScript code that points to a malicious domain.

The malicious page includes an exploit inject by way of an iframe that could enable the attacker to infect a user by browser.

An iframe is an embedded element within a Website, Williams said. In the oil and gas industry attack, Cisco TRAC found that three publicly reported vulnerabilities were to blame as the root cause of the infections.

The vulnerabilities included CVE 2012-1723, which is a Java exploit, as well as the Microsoft IE 8 CVE 2013-1347 exploit and the Firefox CVE 2013-1690 exploit. Williams said all three of the vulnerabilities have already been patched by the affected software vendors with updates that are generally available for organizations and end users to deploy. "There is no reason why these boxes should have been vulnerable except for the fact that they weren't following best practices," he said. The oil and gas vendors, or anyone else for that matter, could have protected themselves from the watering hole attack with patching vigilance, Williams said.

He recommends that users and organizations keep all servers up-to-date with the latest patches. It's also important to update all plug-ins for Web browsers, especially Java—an oft-targeted technology that is frequently updated. Network security solutions, including antivirus and intrusion prevention systems (IPSes), can further reduce the risk, Williams said. Another type of attack that good hygiene could easily prevent is the Cryptolocker ransomware attack, Williams added.

The way Cryptolocker works is it infects user desktops and then encrypts data.

The only way users get access back to their data is if they pay the ransom (hence the term "ransomware") to the hackers.
The ubiquity of public Wi-Fi is a blessing and a curse. It can be very convenient as a quick, easy and usually cheap way of getting online when you are away from home, the office or abroad, and it is perfect for firing up the laptop or tablet and getting a bit of work done while you sip a coffee. On the flip side, there is no way of knowing how safe a public Wi-Fi network really is. It is possible the important work email you have just sent over a latte is being read by someone other than its intended recipient. Unsecured Wi-Fi networks are a godsend for cyber criminals; any information sent across them – whether it’s log-in details for your company email or your favourite website or payment information – can be intercepted. Data loss That is how Google ended up grabbing private data from unsuspecting people across the world.

Its Google Street View cars collected unsecured and unencrypted data as they drove around the world.

The collected data included IP addresses, usernames, passwords, emails (metadata as well as content) and internet usage history. Google has so far paid out millions in fines across the world as a result of its actions. A poorly secured Wi-Fi network was also behind one of the biggest cyber thefts of all time. In 2007, US retailer TJ Maxx left a Wi-Fi network inadequately secured and hackers used nothing more than an antenna and a laptop to intercept traffic as it moved across. Using stolen information, they gained access to a central server and made off with the details of 500,000 people and 45 million credit and debit cards. The truth is it is difficult to know how secure a public Wi-Fi network really is. But sometimes you have to connect to one, maybe to send an important email, attend a meeting online or download a must-have document. Ease of use Often when you do find somewhere offering free Wi-Fi, the authentication process can be laborious; a long, complicated password containing upper and lower case letters as well as numbers; a one-time username and password combination that gives you 45 minutes access before it cuts off; or a password sent as a text message to your phone. That is where an initiative from Facebook and Cisco could come in. Called Cisco Connected Mobile Experiences (CMX) for Facebook Wi-Fi, it enables people to sign in to public Wi-Fi via their Facebook account. Checking in at a venue grants the user access to the wireless network. It aims to make signing on to public Wi-Fi much quicker and easier for the customer and benefit the supplier by enabling them to push customer offers to those Facebook users who have checked in. Cisco’s role is to provide the wireless infrastructure, with access points sold via its subsidiary Meraki and APIs that Cisco offers through its Connected Mobile Experience platform. The user will have to deal with targeted adverts popping up and will have to publicly “check in” to wherever they are, but apart from that, the procedure for getting on to the wireless network should be painless. But what are the drawbacks? And how safe is it? Fake log-in pages According to Andrew Buss of analyst group IDC, logging in through Facebook could in fact be a more secure way of using public Wi-Fi. “Public Wi-Fi is notoriously difficult to secure,” he said. “How do you trust the sign-in page you give your details to? There are examples of people setting up fake pages with fake log-in and payment info. I think wildly trusting any public Wi-Fi hotspot through a Facebook log-in probably doesn’t hit the mark.” “As with any public Wi-Fi connection, any sensitive information should be hidden away and avoid where possible giving personal information and payment details. Be sensible and treat it in the same way as any open connection.” Individuals would be forgiven for worrying about what happens to their data when they connect via Facebook, but the social network points out users can make the check-in private, so it doesn’t appear on their news feed. In addition to this, data sent to the merchant – which includes age, gender and other demographic data – is anonymous.

If a user doesn’t have a Facebook account, or simply does not want to use it to authenticate, then suppliers will offer a more traditional way of logging on, Facebook said. Protecting corporate data But what of those workers who may be on a work laptop and need to get online when away from the office? Then the issue becomes about protecting corporate data, not just personal data, according to Simon Shooter, partner at law firm Bird & Bird. Using public Wi-Fi and authenticating via Facebook, rather than a company’s own system, could expose the corporate network to malware and other cyber attacks. “Looking after data is a company’s own responsibility,” Shooter said. “One of the possibilities of the new EU directive – which is still very much up for discussion – is that companies will be under obligation to take prudent measures to protect themselves against cyber attacks.” “If, for example, it was identified that access through Facebook and/or public Wi-Fi was a gap in your armament, then not having a policy statement that says staff may not use these services may make it difficult to prove you had adequate defences in place.” Both Shooter and Buss agree businesses will find it very difficult to stop workers using free public Wi-Fi, and they will often bypass tough security measures if there is a quicker and easier alternative.

Authenticating via Facebook to get online with one click is an easy step to take, but then workers will often skip the next step, such as connecting to a VPN, if that is a complicated procedure. Secured networks To discourage users from taking the easy option and risk exposing corporate data, businesses should make it easier for workers to connect to a secured network. “If it’s not as easy to do it in the proffered way, people will always find an alternative way,” said Shooter. “People default to what’s easy. But from a corporate point of view you want to have a commonality of log-in points. So you’re ensuring your devices are marshalled at the same point; herding your staff through a common gate is the way to go.” Buss added: “I’m all for something that makes it much easier to sign in, especially in today’s age of smartphones where you have to keep typing in usernames and passwords; it quickly becomes tiring. However, I really can’t see the need to tie-in with Facebook.

If you’re providing it as a service, a business shouldn’t need to acquire identity information. Clicking an ‘accept terms and conditions’ button should be enough.” “The main thing is to try to avoid sending sensitive information over a public network.

If you have to do it, make sure it’s through a VPN with a secure connection, and make sure you’re using your own device rather than a public one.” The future of authentication Ultimately, it is advisable for businesses to discourage workers from using public Wi-Fi where possible, and it is difficult to see how this Facebook initiative will help improve security and data protection in enterprises.

If individuals want to use it, then it is certainly a quick and easy way to get online, and should not compromise personal privacy any more than other Facebook activities and general web habits do. It is likely authentication of this sort will be on the rise over the next few years - merchants get to send targeted adverts and offers to users, as well as increase their profile on Facebook, while users get a quick and easy way to access free Wi-Fi.

The key for businesses is to ensure workers are aware of any policies regarding accessing sensitive information over a public network and, where possible, ensure any public network is supplemented by something more secure, such as a VPN connection. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
Dutch media outlet NRC publishes yet another Snowden-leaked NSA slide.    
The new "Disarm" feature in Symantec's messaging security software sanitizes common file formats, stripping away scripts and anything that could be malware. Antivirus software does quite well against opportunistic attacks sent out to a massive number of people in hopes of getting some small fraction to click on a link or open a file. But attacks targeting just a few people, or even a single person, are much harder to detect. Security firm Symantec aims to tackle the problem, announcing this week it will add a new feature to its messaging security software that will create clean versions of any file sent to a company's employees. In addition to attempting to detect malicious files, the company's email gateway software will clone any Microsoft Office or Adobe PDF file—two formats commonly used by attackers to deliver malicious code—creating a copy that has been cleansed of any potential scripts and malware.

The approach, which the company calls Disarm, will sanitize the files, rather than attempt to detect whether they will do something bad, said Kevin Haley, director of Symantec's security response group. "We don't have to sit there and decide whether is it a targeted attack or not, is there an exploit in there or not," Haley said. "We are just going to make sure that every document has been cleaned, so there is no chance of one of these things getting through." Targeted attacks, also known as advanced persistent threats (APTs), typically use email messages specifically crafted to persuade the target to click on the malicious link or open the attachment. Because the messages appear to come from a recognizable contact or colleague, targeted employees are more likely to fall for the fraud. Known as spearphishing, the technique has led to the compromise of many major companies, including security firm RSA, the New York Times, and numerous other companies, government agencies and nonprofit organizations. Since attackers have access to the types of antivirus software used by their victims, they can tailor attacks to evade the defenses. Sanitizing the files allows Symantec to make the files safe. To test the approach, Symantec processed every targeted attack that the company recovered in the past year and found that 98 percent were blocked by Disarm. "These are attacks that were entirely unknown and would therefore have likely evaded all traditional scanners, heuristics, emulators and even Virtual Execution (VX) solutions," Symantec said in a blog post about the new technology. Sanitizing files is not necessarily a new approach.

A variety of scripts exist on the Internet to pull out personal information from documents, a simplified version of what Symantec has done.

And companies have had the ability in the past to create a policy to block all scripts from running in Office documents. Yet, the technique is promising as a way to prevent malicious software from running on corporate systems. "It is a simple solution, but a very powerful one," Haley said.
The network-security executive argues that the high-profile botnet takedowns in recent years are not helping the Internet, but are more of a distraction. Kelihos keeps coming back, Citadel is hard to kill, and Z...
CryptoLocker operators may be ruthless, but they don't lack business smarts.    
Employee-owned smartphones and tablets used as part of bring your own device (BYOD) policies will increase to over one billion devices globally by 2018, according to a study by Juniper Research. The report stated that this predicted figure, which accounts for 35% of all consumer mobile devices, is the result of increased mobile adoption and the realisation that mobile devices can help to improve work-life balance. This trend has led to growth in the mobile device security market, with Western Europe leading the sector as the largest source of revenue for sales of mobile security software. The increase in mobile security spending is a result of more malware targeting smartphones and mobile devices over the past two years.

Almost two-thirds of internet users now access the web using a mobile device, and almost 70% of online threats can damage devices or compromise mobile users’ data. There has been a huge increase in hackers targeting mobile devices as opposed to PCs or laptops, with supplier Trend Micro recently predicting there will be more than one million mobile device-directed malware exploits by the end of 2013. Despite the increase in mobile threats, Juniper’s research found that 80% of consumer and enterprise smartphones will remain unprotected throughout 2013. Due to an increase in awareness of mobile security, Juniper predicted that the number of mobile devices with appropriate security will increase to 1.3 billion by 2018, up from 325 million in 2013. Juniper also predicted that by 2018 more than 50% of mobile devices in the US will be equipped with mobile security apps. Nitin Bhas, senior analyst for Juniper Research and one of the authors of the report, said: “The BYOD trend is something that CIOs and IT managers cannot ignore given the increasing number of employees bringing their own devices to the business, whether such activity is officially sanctioned or not.” Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
The platform offers protection against malware, Web-based threats and data loss, and gives IT managers the ability to manage devices. Security specialist Lookout announced the launch of its mobile security and device management platform, Lookout for Business, which is designed to help businesses adopting bring-your-own-device (BYOD) policies secure their mobile devices from threats, data loss and device loss. The platform offers protection against malware, Web-based threats and data loss and gives IT managers the ability to manage devices including remote locate, lock and wiping of devices. "Employees are a major part of the mobile security equation, and solutions that will be adopted and effective will be the ones with a minimal learning curve," Jenny Roy, head of Lookout for Business, said in a statement. "Businesses want products that both their IT team and employees will use and love, and Lookout has taken that to heart." In addition, a cloud-based console provides visibility and insight into the security and management of devices and employee-facing features that allow users to find and secure their phone. "Companies can no longer ignore the fact that employees are often carrying their most sensitive data on mobile phones," Nushin Vaiani, an analyst with Canalys, said in a statement. "Mobile security will be a priority as IT executives seek to protect phones from a myriad of threats, and in order for IT managers to see adoption of security it needs to be something employees are willing to use." Lookout also released a white paper titled "Key Business Insights For Mobile Security in a BYOD World," which reports on the results of a commissioned survey conducted by Forrester Consulting.

According to the survey, 69 percent of IT executives report that they are very concerned about the threat of mobile malware, viruses and spyware. In addition, the report found 60 percent have experienced lost or stolen phones in the past year. Seventy-two percent agree there is a gap between current mobile security solutions and the security threats that businesses face today. Three-quarters of IT administrators surveyed in the report agree that BYOD has made mobile security more challenging in the workplace, and 47 percent reported lost productivity associated with a mobile security event. The results of another survey, released by the Ponemon Institute, indicated that while businesses have several options when it comes to choosing a BYOD security package, the results have left owners underwhelmed. Sixty percent of respondents said they are unsatisfied with current BYOD solutions, mostly due to cost and inadequate security, 60 percent of respondents say employees are concerned about privacy and personal data retention, and 56 percent of respondents say their companies are looking to replace their current BYOD security solution.
Cyber attackers are using new methods to circumvent digital signature app validation on PCs and Android-based devices, according to the latest threat report from security firm McAfee. The firm’s researchers have identified a new family of mobile malware that allows attackers to bypass the digital signature validation of apps on Android devices. The researchers said this new security control evasion technique has contributed to a 30% increase in Android-based malware. At the same time, traditional malware signed with digital signatures grew by 50% to more than 1.5 million samples. At McAfee Focus 2013 in October, researchers said digitally signed malware was a fast-growing threat aimed at bypassing whitelisting and sandboxing security controls. “We found 1.2 million pieces of new signed malware in the last quarter alone,” said David Marcus, director of advanced research and threat intelligence at McAfee. This is malware that is signed using legitimate digital certificates that have not been stolen or forged, but acquired from certificate authorities (CAs) or their sub-contractors, he told Computer Weekly. The latest report reveals the top 50 certificates used to sign malicious payloads, noting that this growing threat calls into question the validity of digital certificates as a trust mechanism. Researchers said efforts to bypass code validation on mobile devices and commandeer it altogether on PCs represent attempts to circumvent trust mechanisms upon which digital ecosystems rely. McAfee Labs researchers identified one new family of Android malware, Exploit/MasterKey.A, which allows an attacker to bypass the digital signature validation of apps, a key component of the Android security process. McAfee Labs researchers also found a new class of Android malware that downloads a second-stage payload without the user’s knowledge. “The industry must work harder to ensure the integrity of these technologies as they become more pervasive in every aspect of our daily lives,” said Vincent Weafer, senior vice president , McAfee Labs. The third quarter also saw notable events in the use of Bitcoin for illicit activities such as contract killings, drugs, weapons, and other illegal goods on websites such as Silk Road. The growing presence of Bitcoin-mining malware highlights the increasing popularity of the currency. Researchers found malware designed to infect systems, mine their processing power, and produce Bitcoins for commercial transactions “As these currencies become further integrated into our global financial system, their stability and safety will require both financial monetary controls and oversight, and the security measures our industry provides,” said Weafer. The International Cyber Security Protection Alliance (ICSPA) has called for international collaboration in outlawing currencies such as Bitcoin because they are enabling a large proportion of cyber crime. John Lyons, ICSPA chief executive told the ISSE 2013 security conference in Brussels that if US and European financial institutions collaborated, they could shut down virtual currencies overnight by requiring all financial transactions to go through auditable channels only. “This is the safest and most secure way of shutting down funding to criminal groups,” he said. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
Tomdep harnesses strength of servers to wage powerful denial-of-service attacks.