Weekly Security Roundup #34: Why the Good Guys Need to Stick Together
You’re probably thinking about the sunny weekend you’re going to spend relaxing after a hard week’s work. And so are we, but the thing is that cyber criminals don’t really let us catch a break.
It’s been quit the eventful week with extortion threats and cyber attacks on companies such as Kaspersky. When you work in cyber security, you have to always be on your toes, always ready to react and especially always thinking ahead.
This week’s news summary is meant to help you achieve just that. Let’s review the most important:
Security articles of the week
1. DDoS attacks – something old, something new and something red
On Monday, we published news of incoming attacks to major European companies carried out by the DD4BC extortion gang.
But the DD4BC gang is only the latest threat to make headlines. The surge in DDoS attacks in recent years shows no signs of slowing down.
Dave Larson, CTO & VP of Product at Corero Network Security, writes:
Adding to DDoS attacks’ changing toll is the fact that these attacks are now striking more diverse types of businesses because malicious actors can now apply common attack techniques. Attacks used to be launched against large organizations such as financial services firms. But more recently video game platforms, such as the PlayStation Network and Xbox, and the popular code repository GitHub have been high-profile victims.
DDoS attacks are beginning to resemble advanced persistent threats, evidenced by long durations, repetition and changing attack vectors aimed at evading simple, signature-based defense systems.
This is still a red-hot situation in companies and organizations all over the world, especially since it can take up to 100 days to clean up the aftermath of a cyber attack. Repelling DDoS attacks can bring on fatigue, so optimizing your company’s cyber security strategy to take this aspect into account has become a necessity.
2. The Website Security Statistics Report 2015 is out
Since 2006, WhiteHat Security has been consistently publishing the Website Security Statistics Report, highlighting statistical information about current website vulnerabilities.
This edition’s takeaways include:
- Application vulnerability likelihood has increased from 58% to 70% in the past 3 years, exposing web applications to a high risk of data leakage.
- Insufficient Transport Layer Protection (l Likelihood of Insufficient Transport Layer Protection: 70%), Information Leakage (likelihood of Information Leakage: 56%) and Cross-Site Scripting (likelihood of Cross-site Scripting: 47%) have been singled out as the most likely vulnerabilities in applications.
- Insufficient Transport Layer Protection and Information Leakage are also the 2 most likely vulnerabilities in Retail Trade, Health Car/Social Assistance, Information, and Finance/Insurance websites.
- Moreover, 55% of the Retail Trade sites, 50% of Healthcare/Social Assistance sites, and 35% of Finance/Insurance sites are always vulnerable!
3. Windows 10 will give developers a chance to join the fight against malware
In a recent blogpost, Microsoft announced the Antimalware Scan Interface (AMSI):
a generic interface standard that allows applications and services to integrate with any antimalware product present on a machine.
What does it mean for users?
That app developers will be able to integrate their applications with any antimalware programs that are installed on a user’s computer. This will allow applications to send content to the antivirus product installed locally, so that content can be checked for malware.
While this is a great improvement, it remains to be seen how effective it will be when the time comes to test its usefulness.
4. The Kaspersky hack – the most interesting targets for cyber criminals are cyber security companies themselves
This week’s unfortunate attack against Kaspersky shows that, once again, that cyber criminals are always looking for a challenge to make their attacks even more stealthy and damaging.
Allegations have been made regarding the cyber criminals responsible for the attack, but there is no identifiable suspect yet.
The Russian cyber security company dubbed the attack Duqu 2.0, bringing to light an even more sophisticated method that Duqu used. Tod Beardsley, engineering manager at Rapid7, said in article on CSO Online:
It’s very awesome for sure. It is definitely a milestone. It has a very modular framework, is able to swap out one zero-day for another, and uses new techniques for signaling and non-persistence.
Graham Cluley saluted Kaspersky’s way of managing this breach, as do we. When it comes to cyber criminal actions, we must contribute however we can to fighting malicious actions and their consequences.
5. You’re not out of the law’s reach: 49 suspected cyber criminals arrested in Europe
Sometimes, cyber criminals feel that they’re out of law’s reach and that legal consequences are easy to evade. But the good guys are as skilled as the bad guys, sometimes even more so.
Threatpost writes that:
Authorities from six nations worked in tandem on Tuesday to apprehend 49 suspects connected with allegedly carrying out a complex phishing scheme dubbed Operation Triangle that saw cybercriminals make off with more than $6 million.
The suspects broke into email accounts of victims across Europe using malware and social engineering techniques – a recipe that has been used for years and year and still works against employees in companies around the world.
Stealing financial funds was the next step. The cyber criminals were active in Italy, Spain, Poland, the United Kingdom, Belgium and Georgia, and security organizations across the continent worked together to apprehend them.
The operation was coordinated by Europol’s European Cybercrime Centre (EC3) and Eurojust, led by the Italian Polizia di Stato (Postal and Communications Police), the Spanish National Police, the Polish Police Central Bureau of Investigation, and supported by UK law enforcement bodies.
6. Adobe Flash malware increased by 300% in just one quarter!
Adobe Flash is notorious for its vulnerabilities, but the surge in Flash malware from Q4 of 2014 to the first quarter of 2015 is downright baffling!
And to these numbers adds up another worrisome statistic: there’s also been an 165% increase in ransomware attacks during the same timeframe.
The CTB-Locker ransomware family is still prolific and still difficult to detect, so cyber criminals are taking full advantage of these characteristics.
The data was revealed in the latest McAfee Labs Threat Report for Q1 2015, which is packed with information about the evolution of PC malware, mobile malware, SSL attacks, spam botnets and more.
7. Click here for instant infection: new malvertizing campaigns erupt
Malvertizing is a huge threat to Internet users everywhere. We’ve wrote about it more than once, and we’re saying it again now, especially under light of recent information.
Info Security Magazine writes:
Security experts are warning of another large-scale malvertising campaign targeting the OpenX ad platform, which could be exposing as many as 50 million global internet users to the Bunitu trojan.
Advertising platforms are usual targets for cyber criminals, but what singles out this attack is its scale and technique. The malicious campaign involves code that leads to the sophisticated Angler exploit kit and a very difficult to detect way to send the malicious exploit code.
From social media users to newsreaders, everyone can become a victim. This brings up, once again, the need to keep software updated to close vulnerabilities and security holes.
Malwarebytes warns users about a similar attack on Popcash, another advertising network. This attack uses the Magnitude exploit kit, which pushes crypto ransomware.
The fee to get your computer unlocked? A meager $500.
It’s never too late to start using a patching tool that keeps your software up to date, and never forget that you need a good antivirus solution as well!
In world of complex software, intricate integrations and sophisticated threats, the good guys need to stick together. By sharing intelligence and working in concert against cyber threats and cyber criminals, there’s a chance to do better progress than by fighting alone. Because it is a fight and the opponents are strong. They don’t need rest and many resources.
So whether you’re involved or not in the cyber security field, there’s always something you can do, from patching your software to helping others learn how to stay safe online.