Published on December 3rd, 2014 | by admin
Three of the most dangerous malware threats of 2014
Sydney, Australia, 3rd December 2014- 2014’s cyber security events have included high-level security breaches, large-scale vulnerabilities and endless privacy debates. These instances have reshaped the world’s perception of digital safety. Looking at the anatomy of the modern day security threats, we can safely say that:
- Companies have become the focus of targeted attacks and attacks against infrastructures have become increasingly sophisticated. Attackers want to take advantage of the reputation and availability of the wide attack surface area to launch ever-growing cybercrime campaigns and extract valuable data.
- Though the June takedown of the Zeus botnet temporarily stopped the spread of Cryptolocker, ransomware as a whole continues to evolve and is moving to new platforms and OS systems.
- Financial data remains among the most valuable and targeted information and the methods to capture it have become more elaborate.
Behind every cyber tragedy lies a malicious piece of code designed to cause as much damage as possible – to steal identities, corporate secrets or simply to prove a point.
In hope of a safer 2015, below is a list of the leading malware threats and how much cyber-chaos they created this year.
- BlackPOS as “The Salesman”
Point-of-sale malware targeting credit and debit card data swiped at POS systems running Microsoft Windows systems.
ORIGIN: Created by an individual identifying himself as the “Antikiller.”
SPREAD: Disguises itself as a known AV vendor software to avoid detection by PoS systems.
HOW IT WORKS: Uses RAM scraping to grab card data from the memory of the infected POS device. Exfiltrates collected data to a compromised server, then uploads it to a FTP.
KNOWN VICTIMS: Targets customers of major US banks, such as Chase, Capital One, Citibank, Union Bank of California and Nordstrom FSB Debit.
- Designed to bypass Firewall software.
- 207 kilobytes in size
- Crimeware kit costs between $1800-$2300
SAFETY TIP: Enterprises and large organizations should implement a multi-layered security solution to ensure their network is protected against vulnerabilities in systems and applications.
- KOLER as “The Policeman”
Android Trojan extorting mobile device users for money to unlock their data.
ORIGIN: First reported in May 2015.
SPREAD: Posing as a valid video player offering premium access to pornography, it downloads automatically during a browsing session.
HOW IT WORKS: After the drive-by Trojan infects a machine, it prevents the user from accessing mobile home screens and displays a bogus message purporting to be from the national police service. It claims the user has been monitored accessing child abuse websites and demands payment to escape prosecution.
VICTIMS: Mostly European users.
SAFETY TIP: Installing a mobile security solution will help protect mobile devices from hacking, malware, viruses and unauthorized access.
- CRYPTOLOCKER as “The Thief”
Prolific Ransomware Trojan using encryption to lock computer files and demanding the user to pay a ransom to decrypt them.
ORIGIN: First spotted in September 2013.
SPREAD: Comes bundled with spam messages carrying a malicious attachment.
HOW IT WORKS: If users open the attachment, the malicious .exe file is downloaded and executed. When CryptoLocker gains access to a computer, it connects to randomly generated domains to download a 2048-bit RSA public key used to encrypt computer files. The RSA public key can only be decrypted with its corresponding private key, which is hidden to make decryption almost impossible.
VICTIMS: More than 500,000 users, mostly from the US, UK and Canada.
SAFETY TIP: Ensure your operating system and security software are regularly updated.
What can we expect from 2015?
- Mobile payment technologies will bring new security challenges. The introduction of Apple Pay and similar technologies (NFC) will challenge hackers looking to intercept financial data.
- Botnet anonymisation will further help cybercriminals make huge profits. Using Tor anonymisation and multi-tier proxies to communicate and to command an entire network of “zombies” is a new trend that raises serious concerns about how large infrastructures could be dismantled.
- Vulnerabilities in open source software and intentional backdoors in technology products will continue to be exploited by malicious actors.
- Mobile spear-phishing attacks targeting employees will move mainstream. The widespread use of personal smart devices connecting to enterprise networks will continue to be exploited to access enterprise systems.
- Cybercrime, operating like a legitimate, sophisticated business network, will continue to profit from selling crimeware kits on specialised forums and black markets.