CWJ Enterprise

[ad name=”Commission Junction”]Ransomware scams – where the attacker pretends to be local law enforcement, demanding a fake fine of between $100 to $500. First appearing in 2012 these threats escalated in 2013, and grew by 500 percent over the course of the year. These attacks are highly profitable and attackers have adapted them to ensure they remain profitable. The next step in this evolution was Ransomcrypt, commonly known as Cryptolocker. This is the most prominent of these threats and turns ransomware vicious by dropping all pretence of being law enforcement and is designed to encrypt a user’s files and request a ransom for the files to be unencrypted. This threat causes even more damage to businesses where not only the victims’ files are encrypted but also files on shared or attached network drives. Holding encrypted files for ransom is not entirely new, but getting the ransom paid has previously proven problematic for the crooks. With the appearance of online payment methods ransomcrypt is poised for growth in 2014. Small businesses and consumers are most at risk from losing data, files or memories. Prevention and backup are critical to protecting users from this type of attack.

[ad name=”G-Rectangle-left”]While the prevalence of mobile malware is still comparatively low, 2013 showed that the environment for an explosive growth of scams and malware attacks is here. Our Norton Report, a global survey of end-users, showed that 38 percent of mobile users had already experienced mobile cybercrime. Lost or stolen devices remain the biggest risk, but mobile users are behaving in ways that leave themselves open to other problems. Mobile users are storing sensitive files online (52 percent), store work and personal information in the same online storage accounts (24 percent) and sharing logins and passwords with families (21 percent) and friends (18 percent), putting their data and their employers’ data at risk. Yet only 50 percent of these users take even basic security precautions. The number of brand new malware families created slowed as malware authors worked to perfect existing malware. In 2012 each mobile malware family had an average of 38 variants. In 2013 each family had 58. However several events in 2013 showed that mobile users are highly susceptible to scams via mobile apps. It might be said that mobile malware has not yet exploded because the bad guys have not needed it to get what they want.

[ad name=”Commission Junction”]More zero-day vulnerabilities were discovered in 2013 than any other year Symantec has tracked. The 23 zero-day vulnerabilities discovered represent a 61 percent increase over 2012 and are more than the two previous years combined. Zero-day vulnerabilities are coveted because they give attackers the means to silently infect their victim without depending on social engineering. And by applying these exploits in a watering-hole attack they avoid the possibility of anti-phishing technology stopping them. Unfortunately legitimate web sites with poor patch management practices have facilitated the adoption of watering hole attacks. 77 percent of legitimate websites had exploitable vulnerabilities and 1-in-8 of all websites had a critical vulnerability. This gives attackers plenty of choices in websites to place their malware and entrap their victims. Typically cutting-edge attackers stop using a vulnerability once it is made public. But this does not bring an end to their use. Common cyber criminals rapidly incorporate zero-day vulnerabilities to threaten all of us. Even though the top five zero-day vulnerabilities were patched on average within four days, Symantec detected a total of 174,651 attacks within 30 days of these top five becoming known.

Computer Internet SecurityFrom the attacks on Google that originated in China to the Stuxnet worm that experts say was written to sabotage Iran’s nuclear program, 2010 was notable for international intrigue in the security world.

The year started out with a bang as Google announced in mid-January that its corporate network had been attacked by someone in China and intellectual property was heisted. The “highly sophisticated and targeted attack,” which was mirrored at about 30 other companies, exploited a hole in Internet Explorer. Separately, attackers tried to get into Gmail accounts of human rights activists and managed to access other accounts, probably via phishing. China denied any involvement in the attacks.

China was also at the center of some odd Internet happenings a few months later. In March, network operation centers around the world started noticing that traffic to Facebook, Twitter, YouTube, and a host of other sites was being redirected to servers in China. One of the main DNS (domain name system) root servers was effectively sending Web surfers behind the Great Firewall of China, a strictly controlled network of servers and routers the People’s Republic of China uses to filter the Internet and block its citizens from accessing content deemed politically sensitive.

Then, in April, something similar happened. In this case, Internet traffic was diverted through networks in China for about 17 minutes. This would have enabled operators of those servers in China to read, delete, or edit unencrypted e-mail and other communications passing through those servers during that time. China again denied any malfeasance in these cases, saying they were accidents.

This year also brought the first reported case of malware written specifically to target critical infrastructure and industrial control systems. Stuxnet showed up in June, spreading through Windows systems via a handful of holes in Windows. The worm drops its payload when it discovers a particular Siemens software. At first, security experts didn’t know what the payload was. Symantec eventually figured out that Stuxnet uploads encrypted code to Programmable Logic Controllers used to control processes inside power, manufacturing, and other plants.

Later analysis, also by Symantec, uncovered another key to the mysterious malware. The malware specifically targets systems with a frequency converter that controls the speed of a motor like those used for uranium enrichment. The speculation that Iran’s nuclear program was the intended target was bolstered when Iranian President Mahmoud Ahmadinejad accused enemies of the country of causing problems for some centrifuges with computer code. It’s unclear who is behind the multi-faceted, extremely complex malware.

The summer brought intrigue of a more domestic sort when a controversial hacker group exposed a security flaw in an AT&T Web site that was exploited to reveal thousands of e-mail addresses of iPad users. AT&T issued an apology for the security incident, but still placed the blame on the hackers.

In the course of investigating the hackers, federal agents discovered drugs in the home of the leader, Andrew Auernheimer, and arrested him. Other members of the group have been called in for questioning by a federal grand jury, but so far no charges have been filed.

Share This Using Popular Bookmarking Services