Month: December 2015
Gamers have been put on high alert following news that TeslaCrypt ransomware attacks are on the increase. The file-encrypting malware was first identified in March of this year, but this month the number of attempted attacks has skyrocketed.
TeslaCrypt ransomware does not specifically attack computer game players, but it is gamers that are most likely to have to pay the ransom if their computers are infected. TeslaCrypt ransomware is likely to encrypt game files, maps, saved games, mods, and even game software, leaving gamers with little choice but to pay the ransom or lose everything.
About a month after the discovery of TeslaCrypt ransomware, security researchers had developed a tool that could be used to de-crypt files. However, during the past few months, the authors of the malware have been busy tweaking TeslaCrypt. The decryption tool that was developed in April is no longer guaranteed to work.
Businesses now being targeted with TeslaCrypt Ransomware
Not only has TeslaCrypt ransomware evolved, it has been sold on the black market to cybercriminals. The authors appear to have been selling their ransomware-as-a-service, and while they have had relatively few takers, that has now changed.
Known infections have remained relatively low throughout the course of the year, but December has seen a major increase. The number of attempted attacks in November remained fairly constant at approximately 200 per day. By mid-December that figure increased to around 1,800 per day.
The ransomware is also no longer just being used to target gamers, in fact, better rewards can be gained from attacking businesses. This fact has not been lost on the cybercriminals behind the latest wave of TeslaCrypt ransomware attacks.
The ransomware is known to encrypt 185 types of files, and while many of those are specific to gaming software, the file-encrypting malware is particularly damaging for businesses. If infected, files can be decrypted, but only if the ransom is paid or the malware is removed. Infected computers will have file extensions changed to a .vvv extension and files be encrypted.
User will have files saved to their desktops directing them to websites where they will be required to pay a ransom to unencrypt their files. Any business that has failed to perform a backup of their data may have little alternative but to pay the ransom.
Due to the increase in reported attacks in December, all businesses are advised to exercise extreme caution. Backups should be performed daily, and end users should be told to be particularly vigilant. The attack vector being used for the latest wave of attacks is mostly spam email. Account department executives are being targeted and fooled into opening file attachments which have been masked to appear to be invoices and receipts in pdf or doc formats. The subject lines typically refer to an order, invoice, or bank transfer.
The best way to prevent an attack is to ensure that spam emails are not delivered to end users and to make sure that end users know never to open an email attachment sent from an unknown user.
The rise in popularity of Macs, Macbooks, and iPhones has seen even more consumers make the switch from desktops and Android phones. As the number of Apple users grows, so too will the threat from malware. While previously thought of as totally secure, Apple devices have now been attacked and those attacks are likely to continue. Some security experts are now predicting an OS X and iOS malware boom in 2016, as hackers and cybercriminals attempt to tap into Apples user base.
Hackers have previously concentrated on Windows due to the sheer number of users using the operating system. It is more profitable to attack a system that virtually everyone uses rather than a system used by relatively few individuals.
Apple devices are more secure than their Windows-based counterparts, although in recent months a number of chinks have been found in Apples armor. Hackers are expected to take advantage with increasing frequency over the course of the next 12 months.
One of the ways that cybercriminals have started to attack apple users is via malicious apps that have been sneaked into the Apple App store. The Masque attack in 2014 replaced legitimate apps with nasty versions, and other methods have been developed that have allowed hackers to sneak malicious programs onto user’s devices.
First iOS Malware Discovered in the Wild in 2015
iOS malware may be less common than malware designed to attack Windows, but we have already seen a major increase in malicious programs designed to attack Apple devices. OS X malware has increased nine-fold over the course of the past year according to Symantec, and in October the first iOS malware – YiSpecter – that was capable of attacking non-jailbroken devices was discovered. This iOS malware implements malicious functionalities in iOS and is capable of downloading, installing, and launching malicious apps, displaying adverts, and uploading user data to remote servers. The iOS malware attack mostly affected users in Taiwan and China, but attacks such as this are expected to take place worldwide in 2016.
A fix for this iOS malware was rapidly issued by Apple, and the latest versions of the operating system is now immune to YiSpecter attacks. However, this is just the first of a number of new iOS malware that can be expected over the next few months.
Apple Pay is also expected to be targeted in 2016. The payment system was unveiled in 2014 amid claims that it was immune from attack and could not be used to commit fraud, yet only a few months later it was discovered that Apple Pay was being used to commit fraud. Accounts could be used with stolen credit card numbers and purchases made using iPhones.
Apple users are still less likely to be targeted by hackers than Windows users, but the devices are far from immune from attack. As more users make the switch to Apple and its market share increases, hackers are likely to respond and start targeting Apple software with increasing regularity and iOS malware will increase.
Further information has emerged on the Juniper Networks backdoor discovered last week, which suggests the NSA had a hand in the installation of a backdoor in the company’s source code.
Last week, a Juniper Networks backdoor was discovered after the company identified unauthorized code which could potentially allow hackers to gain access to secure communications and data that its customers had protected with its firewalls.
The malicious code would allow a hacker to decipher encrypted communications protected by the company’s Netscreen firewalls. It is not known at this stage how the code was installed, and whether this was an inside job or if it was inserted remotely. But what is known, is the person or group responsible installed the Juniper Networks backdoor as a result of an inherent weakness in the system. They were also helped by a coding configuration error believed to have been made by a company employee.
Juniper Networks Backdoor Installed Using NSA-Introduced Weakness
One security researcher, Ralf-Philipp Weinmann of German firm Comsecuris, has claimed that the weakness in the Dual_EC had been put there by the NSA, who championed the use of Dual_EC. It is not known whether the NSA or one of its spying partners was responsible for changing the source code, but it would appear that the NSA had, perhaps inadvertently, introduced a weakness that ultimately led to the system being compromised.
The weakness in the code that was first uncovered in 2007. The flaw was uncovered in the Dual_EC algorithm by two Microsoft researchers: Dan Shumow and Niels Ferguson. The Dual_EC algorithm had just been approved by NIST, and was used with three random number generators. Together, the encryption was believed to be secure enough to use to protect government data.
However, Shumow and Ferguson were able to demonstrate that the elliptic curve-based Dual_EC system could allow hackers to predict a random number used by the algorithm, which would make the encryption susceptible to being hacked.
Specific elliptic curve points were used as part of the random number generator. If one of those points was not a randomly generated number, and the person responsible for determining that point also generated a secret key, any holder of that key could potentially crack the encryption as it would be possible to determine the random number used by the algorithm. If that number could be predicted, the encryption could be cracked. Dan Shumow and Niels Ferguson believed this would be possible with just 32 bytes of output, if the key was known.
The flaw in Dual_EC is believed to be an intentional backdoor in the encryption that was introduced by the NSA, according to documents published by Edward Snowden. However, this was deemed not to be a problem as a second random number generator was used by Juniper. The second random number generator was supposed to have been used for the encryption, meaning even someone with a secret key would not be able to predict the random number used.
However, a coding error resulted in the original random number generator being used, rather than the second one. Someone had managed to break into the system and use their own constant, consequently, the encryption could be cracked.
The Juniper Networks backdoor has now apparently been plugged with the company recently issuing a patch to fix the problem. However, it would appear that the Juniper Networks backdoor had existed for at least three years.
Over the past few years, the number of anti-phishing solutions for enterprises has grown considerably. This is no surprise considering the volume of phishing emails now being used to target businesses. Phishing has become the leading strategy used by hackers and cybercriminals to gain access to corporate networks.
Phishing is not confined to email. Social media websites are also commonly used to spread phishing links, and hackers are compromising websites with increasing frequency and are installing malicious code. Malicious adverts are also used by cybercriminals to drive traffic to bogus websites where drive by malware attacks take place and criminals phish for sensitive information.
Fail to use any anti-phishing solutions and your employees will need to become experts at identifying phishing emails and malicious websites. Unfortunately, a recent study has shown that end users are not particularly good at identifying phishing emails. In fact, should a phishing email arrive in an employee’s inbox, it could be 50/50 as to whether that employee will respond.
Need for Robust Anti-Phishing Solutions for Enterprises Highlighted by Recent Phishing Report
A recent study of 400 companies conducted by PhishMe has produced some alarming figures. The company provides staff training to enterprises to help employees identify and avoid phishing emails. Training exercises were conducted that simulated phishing attacks. Over 4,000 fake phishing emails were sent to employees during the study. The company used numerous phishing templates that closely mirrored the phishing emails being sent by cybercriminals.
Phishing emails were sent requesting the recipients to action to update their computer software. Links to fake news stories were sent. Email recipients were sent special offers and emails mimicked office communications. The latter were found to have the highest overall response rates.
While many employees can identify a phishing email, when emails were sent with the subject “Unauthorized Access,” the average response rate across all industry sectors was 34%. When simulated phishing emails were sent with the subject “File from Scanner,” the average response rate was 36%.
However, some response rates were even higher. When the firm analyzed the results from failed package delivery phishing simulations, 49% of employees in the education industry were found to have responded to the emails. Agriculture and biotech/pharmaceutical company employees did not fare much better. 41% of employees responded to the campaigns. In the telecoms and media sectors, the response rate was 37%.
The study showed just how likely it is for untrained employees to fall for phishing emails. If a similar campaign was launched by a cybercriminal, as many as 4 or more employees out of 10 may fall for the scam and install malware or disclose sensitive information.
What Anti-Phishing Solutions for Enterprises Should be Used?
The study highlighted the importance of conducting staff training to teach employees how to identify phishing emails, but training alone is insufficient. Employees must have their knowledge put to the test. Phishing simulation emails should be sent to employees and the more frequently knowledge is tested – and feedback provided – the better employees become at identifying phishing campaigns.
Anti-phishing solutions for enterprises should also be implemented to reduce the volume of phishing emails that reach employees’ inboxes. It pays not to place too much reliance on end users to always be able to identify phishing emails.
Implementing a robust spam filtering solution is therefore essential. Spam filtering solutions reduce the volume of phishing emails that are delivered to employee inboxes. If as many as 49% of employees have been shown to respond to phishing emails, a spam filtering solution is essential. SpamTitan blocks 99.9% of all email spam, which gives your organization more than a fighting chance of resisting phishing attacks.
Training staff how to identify a phishing email can reduce the likelihood of individuals responding to a scam; however, identifying malicious websites can be much harder, especially when websites are hosting exploit kits. It may be impossible to tell whether a site is probing the browser or plug-ins for security vulnerabilities.
To prevent drive-by malware attacks a software solution is required. A web filtering solution such as WebTitan will provide protection from malicious websites, hijacked sites, and malvertising. Blocking access to websites known to host malware, and filtering the internet to prevent risky sites from being visited, will help you to reduce the risk of phishing attacks to the minimal level.
A recent Spiceworks survey conducted on 200 IT security professionals revealed that 51% of organizations had suffered a malware incident and 38% suffered a phishing attack in 2015. Fail to take any action to combat the risk from malware and phishing attacks and it is only a matter of time before your organization is attacked.
Quelles solutions anti-phishing pour les entreprises ?
Hackers are concentrating on developing mobile malware that targets Android devices, but Apple malware infections are increasing. Furthermore, security researchers are predicting Apple malware infections will grow steadily over the course of the next 12 months.
Apple malware infections are on the increase
Over the course of the past 12 months the number of Apple malware infections have doubled, and the problem is only likely to get worse for users of iOS devices according to security researchers.
Last year, researchers at Symantec discovered between 10,000 and 70,000 new Apple malware infections every month. This year there has been a 7-fold increase in malicious software infections affecting Apple OS X computers up until the end of September. Symantec has already discovered 400,363 Macs that have been infected with malware.
The researchers did point out that only 10 new types of Apple-infecting malware have been discovered so far this year, with the bulk of the OS X malware infections involving “grayware”. These are not purposely designed malicious software programs, rather apps that are capable of serving malicious adverts or tracking user behavior.
New malicious software that targets iOS is increasing, but only 7 new types of malware have been discovered by Symantec so far this year. That should be compared with the 9,839 new mobile malware variants that have been discovered to be targeting target Android devices.
There is a growing malware problem, but Apple remains the safest mobile platform
Users of Apple devices have had it easy for many years. Hackers have developed malware capable of infecting Apple devices, but there are far bigger gains to be had from developing malware that targets Windows and Android devices. The majority of iOS malware can also only infect devices that have been jailbroken, so most users remain relatively safe.
Apple’s share of the mobile device market is relatively small, and while the number of units expected to be shipped in the next 5 years is expected to grow, so too will the number of Android devices. IDC has predicted there will be a 2.2% drop in Apple’s market share over the course of the next 5 years, although with 237 million to 274.5 million Apple devices expected to be shipped, there will be plenty of devices for hackers to attack. In fact, in 2015, Apple device ownership is expected to grow by 23% according to IDC.
No need to panic just yet, but there is cause for concern
It is not yet time to panic, but there is growing concern over the number of Apple malware infections that are now being discovered. The majority of new mobile device malware now being discovered targets Android devices, and Apple remains the safest choice. What is clear is iOS and OS X are no longer as safe as they were once believed to be, and users of Apple devices should not become complacent.
Infections are possible and any user of a jailbroken Apple device who fails to take precautions against malicious software could well live to regret that decision.