Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

Malware

Unwanted apps high on 2020 cyber threat list

960 640 Stuart O'Brien

So-called ‘fleeceware’ apps and aggressive adware software are among the key cyber threats posed to businesses and the public in 2020.

That’s according to the 2020 Threat Report, produced by SophosLabs to explore changes in the threat landscape over the past 12 months.

The Report focuses on six areas where researchers noted particular developments during this past year – here are the key findings:-

  • Ransomware attackers continue to raise the stakes with automated active attacks that turn organizations’ trusted management tools against them, evade security controls and disable back ups in order to cause maximum impact in the shortest possible time. 
  • Unwanted apps are edging closer to malware. In a year that brought the subscription-abusing Android Fleeceware apps, and ever more stealthy and aggressive adware, the Threat Report highlights how these and other potentially unwanted apps (PUA), like browser plug-ins, are becoming brokers for delivering and executing malware and fileless attacks.  
  • The greatest vulnerability for cloud computing is misconfiguration by operators. As cloud systems become more complex and more flexible, operator error is a growing risk. Combined with a general lack of visibility, this makes cloud computing environments a ready made target for cyberattackers.
  • Machine learning designed to defeat malware finds itself under attack. 2019 was the year when the potential of attacks against machine learning security systems were highlighted. Research showed how machine learning detection models could possibly be tricked, and how machine learning could be applied to offensive activity to generate highly convincing fake content for social engineering. At the same time, defenders are applying machine learning to language as a way to detect malicious emails and URLs. This advanced game of cat and mouse is expected to become more prevalent in the future. 

Other areas covered in the 2020 Threat Report include the danger of failing to spot cybercriminal reconnaissance hidden in the wider noise of internet scanning, the continuing attack surface of the Remote Desktop Protocol (RDP) and the further advancement of automated active attacks (AAA).

“The threat landscape continues to evolve – and the speed and extent of that evolution is both accelerating and unpredictable. The only certainty we have is what is happening right now, so in our 2020 Threat Report we look at how current trends might impact the world over the coming year.  We highlight how adversaries are becoming ever stealthier, better at exploiting mistakes, hiding their activities and evading detection technologies, and more, in the cloud, through mobile apps and inside networks. The 2020 Threat Report is not so much a map as a series of signposts to help defenders better understand what they could face in the months ahead, and how to prepare,” said John Shier, senior security advisor, Sophos.

For additional and detailed information on threat landscape trends and changing cybercriminal behaviours, check out the full SophosLabs 2020 Threat Report at https://www.sophos.com/threatreport

Do you specialise in Anti-Malware solutions? We want to hear from you!

960 640 Stuart O'Brien

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in November we’re focussing on Anti-Malware solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re an Anti-Malware solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here are the areas we’ll be covering, month by month:

Nov – Malware
Dec – Network Security Management

For information on any of the above topics, contact Chris Cannon on c.cannon@forumevents.co.uk.

Document-based malware increase ‘alarming’

960 640 Stuart O'Brien

Researchers have uncovered what they’re calling an ‘alarming’ rise in the use of document-based malware.

A recent email analysis conducted by Barracuda Networks revealed that 48% of all malicious files detected in the last 12 months were some kind of document. 

More than 300,000 unique malicious documents were identified.

Since the beginning of 2019, however, these types of document-based attacks have been increasing in frequency – dramatically. In the first quarter of the year, 59% of all malicious files detected were documents, compared to 41% the prior year.

The team at Barracuda has taken a closer look at document-based malware attacks and solutions to help detect and block them.

Cybercriminals use email to deliver a document containing malicious software, also known as malware. Typically, either the malware is hidden directly in the document itself or an embedded script downloads it from an external website. Common types of malware include viruses, trojans, spyware, worms and ransomware.  

The Modern Framework for Malware Attacks

After decades of relying on signature-based methods, which could only be effective at stopping a malware strain once a signature was derived from it, Barracuda says security companies now think about malware detection by asking “What makes something malicious?” rather than “How do I detect things I know are malicious?”.

The focus is on attempting to detect indicators that a file might do harm before it is labeled as being harmful.

A common model used to better understand attacks is the Cyber Kill Chain, a seven-phase model of the steps most attackers take to breach a system:

·       Reconnaissance –target selection and research

·       Weaponisation –crafting the attack on the target, often using malware and/or exploits

·       Delivery –launching the attack

·       Exploitation –using exploits delivered in the attack package

·       Installation –creating persistence within the target’s system

·       Command and control –using the persistence from outside the network

·       Actions on objective –achieving the objective that was the purpose of the attack, often exfiltration of data

Barracuda says most malware is sent as spam to widely-circulated email lists, that are sold, traded, aggregated and revised as they move through the dark web. Combo lists like those used in the ongoing sextortion scams are a good example of this sort of list aggregation and usage in action.

Now that the attacker has a list of potential victims, the malware campaign (the delivery phase of the kill chain) can commence, using social engineering to get users to open an attached malicious document. Microsoft and Adobe file types are the most commonly used in document-based malware attacks, including Word, Excel, PowerPoint, Acrobat and pdf files.

Once the document is opened, either the malware is automatically installed or a heavily obfuscated macro/script is used to download and install it from an external source. Occasionally, a link or other clickable item is used, but that approach is much more common in phishing attacks than malware attacks. The executable being downloaded and run when the malicious document is opened represents an installation phase in the kill chain.

Archive files and script files are the other two most common attachment-based distribution methods for malware. Attackers often play tricks with file extensions to try to confuse users and get them to open malicious documents. 

Barracuda says modern malware attacks are complex and layered; the solutions designed to detect and block them are, too.

Detecting and Blocking Malware Attacks

Blacklists  —With IP space becoming increasingly limited, spammers are increasingly using their own infrastructure. Often, the same IPs are used long enough for software to detect and blacklist them. Even with hacked sites and botnets, it’s possible to temporarily block attacks by IP once a large enough volume of spam has been detected. 

Spam Filters / Phishing-Detection Systems —While many malicious emails appear convincing, spam filters, phishing-detection systems and related security software can pick up subtle clues and help block potentially-threatening messages and attachments from reaching email inboxes.

Malware Detection — For emails with malicious documents attached, both static and dynamic analysis can pick up on indicators that the document is trying to download and run an executable, which no document should ever be doing. The URL for the executable can often be flagged using heuristics or threat intelligence systems. Obfuscation detected by static analysis can also indicate whether a document may be suspicious.

Advanced Firewall — If a user opens a malicious attachment or clicks a link to a drive-by download, an advanced network firewall capable of malware analysis provides a chance to stop the attack by flagging the executable as it tries to pass through.

Do you provide Anti-Malware solutions to business? We want to hear from you!

960 640 Stuart O'Brien

Each month on IT Security Briefing we’ll be shining the spotlight on a different part of the cyber security market – in December we’re focussing on Anti-Malware solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re a Anti-Malware specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Stuart O’Brien on stuart.obrien@mimrammedia.com.

Olympic Destroyer malware returns

960 640 Stuart O'Brien

Researchers at Kaspersky Lab have revealed that the malware that caused crippling sabotage on networks during their year’s Winter Games in Pyeongchang, South Korea, has returned.

Olympic Destroyer caused digital havoc during the games, and while the activity seen by Kaspersky has not yet turned destructive, early indicators suggest similar activity and point to the same group behind both attacks.

This time, however, the group look to be targeting financial organisations in Russia, and worryingly, biological and chemical threat prevention laborites throughout Europe and the Ukraine.

Tactics include spearphishing emails that present themselves as coming from a college or acquaintance with a decoy document attached. The emails target specific groups associated with an event, with every document opened triggering a malicious micro allowing multiple scripts that enable access to the target computer to run in the background.

Researchers at Kaspersky noted that lures suggest that they were “probably prepared with the help of a native [Russian] speaker and not automated translation software,” along with ties to the Ukraine, too.

That said, during the Winter Games Destroyer planted several false flags that were meant to confuse and misdirect attribution, making it very difficult to determine the group behind the latest attacks.

In a post from the website, Kaspersky concluded: “The best thing we can do as researchers is to keep tracking threats like this. We will keep monitoring Olympic Destroyer and report on new discovered activities of this group.”

RECOMMENDED: ANTI VIRUS

960 640 Stuart O'Brien

IT Security Briefing highlights some of the industry’s key suppliers of anti-virus solutions…

Glasswall-Logo-small-450x230

Glasswall 

Glasswall’s patented deep file inspection, remediation, sanitisation and document regeneration technology eliminates the threat from document-based malware. Glasswall processes files such as PDF, Word, Excel and image files in milliseconds, without relying on detection signatures.

Glasswall does not look for bad but ‘looks for good’, checking every byte of a document against the manufacturer’s file design standard, completely disarming and regenerating clean, standard-compliant files whilst preserving their full usability. The technology seamlessly integrates within email architectures and via an API into web, file transfer, data guards and diodes to deliver real-time protection from file-borne threats.

www.glasswallsolutions.com

 

logo_barracuda_main_black

Barracuda Networks

Barracuda Networks offers industry-leading solutions designed to solve mainstream IT problems – efficiently and cost effectively – while customer support and satisfaction remain at the heart of what it does.

Its products span three distinct markets, including: 1) content security, 2) networking and application delivery and 3) data storage, protection and disaster recovery. Barracuda simplifies IT with cloud-enabled solutions that empower customers to protect their networks, applications and data, regardless of where they reside.

Barracuda develops its products for ease of use and ease to deploy, to appeal to SMEs and the mid-market. Therefore, all of the documentation associated with its products is extremely easy for customers to digest and understand. Barracuda also maintains a continuous feedback loop including in-person seminars, user groups, online customer feedback forums, regular customer surveys and ongoing communication and assistance.

While Barracuda maintains a strong heritage in email and web security appliances, its award-winning portfolio includes more than a dozen purpose-built solutions that support all aspects of the network – providing organisations of all sizes with end-to-end protection that can be deployed in hardware, virtual, cloud and mixed form factors.

www.barracuda.com

If you’d like to highlight your Anti Virus solutions, contact lisa.carter@mimrammedia.com

Malware-infected prize handed out at cyber quiz

960 640 Stuart O'Brien

Winners of a cyber security quiz in Taiwan got more than they bargained for when the prizes were given out – they received malware-infected USB thumb drives.

The quiz, which took place in December 2017, was hosted by the Taiwanese Presidential Office and included 250 8GB thumb drives as prizes. 54 contained malware.

Winners realised after inserting the thumb drive into computers and being alerted to the possible risks from antivirus software. An investigation by the Criminal Investigation Bureau found that the USB drives came from a third-party contractor and contained a strain of malware named XtbSeDuA.exe.

The malware was designed to collect data from infected devices and send information to a web server located ion Poland.

The Bureau has apologised to the Presidential Office and quiz participants.

Scottish Government outlines cyber security plans

960 640 Stuart O'Brien

The Scottish government has outlined its cyber strategy in a 48-page document – The Public Sector Action Plan on Cyber Resilience.

 The plan offers details to local authorities, Government departments and NHS boards on best practices for protecting themselves against cyber attacks. The Scottish Government fast-tracked the strategy in wake of the global cyber attack in May when 11 Scottish health boards were targeted by hackers.

 Discussing the plan, First Minister John Swinney said it would “encourage all public bodies, large or small, to achieve common standards of cyber resilience,” before adding: “I want our public sector to lead by example on strengthening cyber security, to help ensure Scotland is ready to deal with all emerging threats.”

 Some £200,000 is to be made available for organisations to assess, identify and improve cyber security issues, while ministers will also write to chief executives of Scottish public bodies to urge them to ensure all firewalls and security procedures are up-to-date with companies in public service chains asked to demonstrate how they have protected themselves.

 Colin Slater, head of cyber security at PwC in Scotland said: “To date we’ve been reacting to cyber security using frameworks that are almost 30 years old. That’s not representative of the risk we’re dealing with these days.

 “During that attack NHS trusts couldn’t take appointments, they couldn’t do imaging, they couldn’t prescribe drugs, couldn’t admit patients. The ultimate consequence is that you can’t deliver your public service.

 “Cyber criminals are brilliantly tooled up, they’re very dogged, they’re very very clever and they’re very fast and agile.”

 Dr Keith Nicholson, joint chair of the National Cyber Resilience leaders’ board’s public sector steering group, said by following the plan “Scotland’s public sector will be better protected against cyber attacks to the benefit of both the organisation and the citizens of Scotland.”