Cyber Security -Threat Trends to Watch in 2014
Our team at Global Digital Forensics thought it would be a good time to look at some of the threat trends poised to make noise in 2014. Because when it comes to cyber security, what you don’t know can hurt you.
Ransomware - What is it and why should you be worried?
Ransomware has been around for a long time, but it soared to an entirely new level when CryptoLocker hit the scene in 2013. Originally, malware designers would create ransomware to lock up the functions of an infected system and force the operating system to display a splash screen with some kind of message disguised to look like it was coming from an official agency or bureau (the FBI, NSA, CIA, etc.) stating that due to some kind of deviant web-surfing behavior your system has been locked. By paying a fine, usually a few hundred dollars, your system would be unlocked. But this kind of ransomware had an important weakness. It could be removed without any long lasting effects to the most irreplaceable part of any system, your data.
The CryptoLocker designers decided to change the paradigm, they didn't design it to interrupt system function, instead they designed it to quietly seek out and encrypt as much personal data as possible in the background without the user's knowledge. And only after the malware did that job would the user see the ransom note, which basically says if you want the key to decrypt your data, a key only the hackers now have, you're going to have to pay X (again, usually a few hundred dollars). At this point the user is completely stuck. If they ever want to see their personal data again, they would either have to restore it from the backups they hopefully made, or pay up, because even professional cyber security experts wouldn't be able to reverse the encryption and regain access to the data once it is done.
Fast-forwarding to the start of 2014, rumors of an even nastier variation of CryptoLocker have already surfaced among the hacker underground. Enter PowerLocker (aka PrisonLocker). With the success CryptoLocker achieved, it was only a matter of time before malware designers were going to push that particular envelope to new limits. PowerLocker works on the same principle, but adds some impressive and troubling countermeasures. It disables escape functions and access to the start menu, it detects the environment, like if it's a virtual machine or sandbox, and takes appropriate measures (yet to be determined) to escape detection. It also scans for removable devices, like the backups you'll need, and encrypts those files too.
But the most worrisome aspect of PowerLocker, if/when the rumors come to fruition, is that it is going to be sold as an exploit kit license, very modestly priced no less. This means that anyone with the will to wreak havoc and blackmail a user or organization, will have access to the means even if they don't possess the skill themselves. Which leads us to exploit kits and script kiddies...
Exploit Kits, Script Kiddies & Anonymous Currencies
It takes real skill to identify weaknesses and design malware that can maneuver through the security holes of popular software programs. That always tended to keep the pool of potential attackers fairly shallow. But the escalating trend of powerful exploit kits, which are predesigned malware packs that are bought and sold in anonymous black market exchanges, is exploding. That means anyone with a grudge, a political or ideological agenda, or just a lust for easy money can become a competent and dangerous attacker without possessing any real skill of their own. Individuals that buy and use these premade exploit kits are known as script kiddies, and their numbers are growing.
One of the big reasons for the steady uptick in exploit kits and script kiddy attacks is the mainstream introduction of anonymous currencies, like BitCoins, that make "following the money" next to impossible. These aren't like older "currencies" which were relegated to the confines of the underground, BitCoins can be bought and sold by anyone for real cash. It was always bad enough that there were people out there that could build and deploy cyber versions of WMDs, but now anyone with some money to spend and the desire can put themselves in a position to have their own finger on the button to launch an attack. So whether it's an $1800 dollar investment to steal millions of credit card numbers, a one button operation to launch a crippling DDoS (Distributed Denial of Service) attack on an organization of their choosing, or a ransomware attack that can leave you in a real pickle, it's clear businesses will have their hands full like never before going forward, and the need to really take a hard look at getting professional security help to weather the incoming storm.
Getting Malware from Legitimate Sites
Getting compromised by a malware infection typically happens in one of three ways. Introducing the malware through a phishing or spear phishing email is still the most preferred and effective entry vector, relying on human error and curiosity to do the trick. Another is physically delivering the payload via media, like a USB stick, which is also is also gaining traction with trusted insiders often playing a big role. And then there is delivery through malicious sites. Long ago this type of compromise was relegated to sites of that were already more ominous in nature, like porn sites or piracy sites. Since these are sites few like to admit to visiting, it helped keep a lid on the sources. But today, hackers take great pride in compromising legitimate sites and using them as a springboard to ensnare unsuspecting users.
Case in point, Yahoo started the year making headlines for delivering ads containing malware to thousands of users in Europe. The ads forced their browsers to redirect to a "Magnitude" exploit kit, which according to the security firm investigating the breach said, " exploits vulnerabilities in Java and installs a host of different malware, including ZeuS, Andromeda, Dorkbot/Ngrbot, ad-clicking malware,Tinba/Zusy and Necurs." Their investigation also yielded that roughly 27,000 users an hour were infected. Yahoo is not alone, just the latest high profile organization to be "outted." The lesson here is, no matter how careful you are about visiting only reputable sites, it doesn't make you bulletproof against hackers.
So how can you protect the security of your network?
Finding and maintaining a relationship with a knowledgeable and competent cyber security solutions vendor is the first essential step. Keeping up with all the latest threats, techniques, and trends is a full time job. So it only makes sense to include professionals that know the trenches inside and out.
Global Digital Forensics can assist with:
- Network Vulnerability Assessments
- Comprehensive Penetration Testing (Pen-Testing)
- Social Engineering Testing and Awareness (Phishing, spear phishing, and other techniques)
- DDoS Protection
- Regulatory Compliance
- Emergency Incident, Intrusion & Breach Response
- Controlling Insider Threats
- Identifying and Removing Malware Infections (Viruses, Trojans, Keyloggers, spyware, adware, etc.)
- Application Security
- Post Disaster Data Recovery
- And much more ...
2014 is poised to be a big year for hackers. Let GDF help you survive and thrive in this increasingly dangerous digital world. Call today for a free consultation and let our specialist help craft a plan that suits your unique needs. With our proven ability to streamline effective solutions, it'll cost less than you think, but the benefits could prove priceless.