Trickle Down Cybercrime

Uploaded on 2016-10-12 in FREE TO VIEW, GOVERNMENT-Law Enforcement, NEWS-Cybersecurity News

October is National Cyber Security Awareness and this week’s theme, cybercrime, is particularly apt with the holiday shopping season getting underway. Cybercrime is the fastest growing economic crime, jumping from fourth to 2nd place among the most reported types of economic crimes in PwC’s Global Economic Crime Survey 2016.

Attacks by cybercriminals are also growing more and more sophisticated and costly. Take the financial sector. While financial institutions have always been a target of choice, the stakes were raised significantly with this year’s hack of the SWIFT messaging system, which siphoned off $81m from the Bangladesh central bank and has caused problems for numerous other institutions.

The threat is so severe that last week the G7 group of nations jointly issued a cybersecurity framework for the financial sector. Unfortunately, while useful as a starting point for discussions, the framework offers little in the way of practical advice.

That is not surprising given the complicated nature of these threats. Advanced Persistent Threats (APTs), the type used in the SWIFT breach, employ sophisticated evasive techniques tailored for their target to avoid detection.

Upon infiltration, they persistently connect to an external command and control system to continuously monitor and extract data. The infamous Carbanak attacks, which took many dozens of banks for an estimated total of $1 billion, are another example. In that case, the malicious malware breached the banks’ systems for months, tracking the working process of the employees, and sending back video feeds to hackers.

The Trickle Down Effect

Once upon a time, the advanced evasive maneuvers used by such APTs could be safely ignored by the vast percentage of businesses and individuals. Not anymore. Advanced attack software and even technical support can be rented by anyone.

Malware-as-a-service has become a thriving organized crime industry. When put together with other “businesses,” like the black market in stolen credentials, or the sale of 0-day and 1-day vulnerabilities, cybercrime has become a huge chunk of organized crime’s revenue. A report by the Rand Corporation found that the cyber black market could be more profitable than the illegal drug trade.

With such readily available tools, even mass attacks, like malware spam (malspam), have begun incorporating advanced attack techniques.

Ground Zero

But how does malware get to the endpoint in the first place? Endpoint attack infiltration vectors can be grouped into two types.

The first, or the malspam type, requires user interaction or consent. Using some type of social engineering, a user is convinced to go to a specific site and enter credentials, or enable a macro (that then downloads ransomware or a key logger or password stealer), or download malicious software disguised as legitimate software or execute an executable file attachment.

A recent example is the Locky ransomware campaign that sends emails with a Word “invoice” attached. Victims are prompted to enable a macro to see the “invoice,” thereby downloading and launching the ransomware. However, the second type involves no user consent. It exploits vulnerabilities in browsers (often Internet Explorer or Firefox – JavaScript or VB), third party plugins (most commonly Flash, Silverlight, Java), document viewers (Office, Acrobat), scanning engines (Antivirus scanning for files) and graphic parsers (usually Windows OS drivers).

In the Carbanak attacks mentioned earlier, a Trojan-infected Word email attachment exploited the MS Office CVE-2015-2545 vulnerability to automatically download malicious code upon opening.

Attacks that exploit memory vulnerabilities are increasingly common and particularly difficult for cybersecurity systems to detect and block. A memory vulnerability results from possible wrong inputs into software. For example, inputs that are too long without proper validation can result in Buffer overflows (heap or stack). Additional memory vulnerabilities include Type confusion, Use-after-free condition and Integer overflow, among others.

Combating Cybercrime

While cybercrime methods have gotten smarter and cheaper to perpetrate, overall defenses have not kept up. All detection-based security products are necessarily limited by their detection logic, whether signature-based like traditional AV or more sophisticated solutions based on heuristics, reputation lists or machine learning. They also usually fall flat at dealing with file-less malware and can add significant administrative burden in terms of generating false positive results and update requirements.

Evasive techniques need likewise defense. Moving Target Defense (MTD) is one such emerging strategy. It uses counter-deception techniques to constantly change the target surface, concealing vulnerabilities in applications and web browsers and trapping attempts at access. MTD holds promise especially when combined with traditional antivirus, which is easy and cheap to administrate and still surprisingly adept at catching run-of-the-mill malware.
 
Information-Management

« Data Strategies Are Not Keeping Up With Cloud Migration
Google’s Ad Tracking Is Just As Creepy As Facebook's »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Defense Media Group (CDMG)

Cyber Defense Media Group (CDMG)

CDMG is the leading global media group for all things cyber defense.

CERT.at

CERT.at

CERT.at is the Austrian national Computer Emergency Response Team.

Identity Automation

Identity Automation

Identity Automation is a leading provider of Identity and Access Management software.

Seceon

Seceon

Seceon OTM, is a cyber security advanced threat management platform that visualizes, detects, and eliminates threats in real time.

Montimage

Montimage

Montimage develops tools for testing and monitoring networks, applications and services; in particular, for the verification of functional, performance (QoS/QoE) and security aspects.

Dutch Accreditation Council (RvA)

Dutch Accreditation Council (RvA)

RvA is the national accreditation body for the Netherlands. The directory of members provides details of organisations offering certification services for ISO 27001.

Onward Security

Onward Security

Onward Security provides security solutions including network & application assessment, product security testing and security consulting services.

BlueRiSC

BlueRiSC

BlueRiSC invent cutting-edge system assurance solutions for the 21st century with novel software and hardware designs focusing on security technologies that can be game changing.

Fortiphyd Logic

Fortiphyd Logic

Fortiphyd Logic equips operators of the power grid, oil & gas, and other critical infrastructure with the tools and training they need to defend their industrial networks from advanced cyberattacks.

EnigmaSoft

EnigmaSoft

EnigmaSoft is known for its PC anti-malware remediation utility and service under the tradename SpyHunter.

Grip Security

Grip Security

Grip Security provides comprehensive visibility, governance and data security to help enterprises effortlessly secure a burgeoning and chaotic SaaS ecosystem.

Cymune

Cymune

At Cymune we help businesses to fight against cybercrime, protect patented data and diminish security risks.

Board of Cyber

Board of Cyber

Board of Cyber offers Security Rating: a fast, non-intrusive, continuous, 100% automated solution to evaluate the cyber performance of an organization.

NMi Group

NMi Group

NMi Group is a global pioneer in mission-critical Testing, Inspection, Certification, and Calibration (TICC) services.

Parried

Parried

Parried is a leading Managed IT Services and Cybersecurity provider, known for blending deep technical knowledge with business strategy.

ALSO Group

ALSO Group

ALSO is one of the leading technology providers for the ICT industry currently active in 31 countries in Europe and in many countries worldwide via PaaS (Platform as a Service) partners.