Trickle Down Cybercrime

Uploaded on 2016-10-12 in FREE TO VIEW, GOVERNMENT-Law Enforcement, NEWS-Cybersecurity News

October is National Cyber Security Awareness and this week’s theme, cybercrime, is particularly apt with the holiday shopping season getting underway. Cybercrime is the fastest growing economic crime, jumping from fourth to 2nd place among the most reported types of economic crimes in PwC’s Global Economic Crime Survey 2016.

Attacks by cybercriminals are also growing more and more sophisticated and costly. Take the financial sector. While financial institutions have always been a target of choice, the stakes were raised significantly with this year’s hack of the SWIFT messaging system, which siphoned off $81m from the Bangladesh central bank and has caused problems for numerous other institutions.

The threat is so severe that last week the G7 group of nations jointly issued a cybersecurity framework for the financial sector. Unfortunately, while useful as a starting point for discussions, the framework offers little in the way of practical advice.

That is not surprising given the complicated nature of these threats. Advanced Persistent Threats (APTs), the type used in the SWIFT breach, employ sophisticated evasive techniques tailored for their target to avoid detection.

Upon infiltration, they persistently connect to an external command and control system to continuously monitor and extract data. The infamous Carbanak attacks, which took many dozens of banks for an estimated total of $1 billion, are another example. In that case, the malicious malware breached the banks’ systems for months, tracking the working process of the employees, and sending back video feeds to hackers.

The Trickle Down Effect

Once upon a time, the advanced evasive maneuvers used by such APTs could be safely ignored by the vast percentage of businesses and individuals. Not anymore. Advanced attack software and even technical support can be rented by anyone.

Malware-as-a-service has become a thriving organized crime industry. When put together with other “businesses,” like the black market in stolen credentials, or the sale of 0-day and 1-day vulnerabilities, cybercrime has become a huge chunk of organized crime’s revenue. A report by the Rand Corporation found that the cyber black market could be more profitable than the illegal drug trade.

With such readily available tools, even mass attacks, like malware spam (malspam), have begun incorporating advanced attack techniques.

Ground Zero

But how does malware get to the endpoint in the first place? Endpoint attack infiltration vectors can be grouped into two types.

The first, or the malspam type, requires user interaction or consent. Using some type of social engineering, a user is convinced to go to a specific site and enter credentials, or enable a macro (that then downloads ransomware or a key logger or password stealer), or download malicious software disguised as legitimate software or execute an executable file attachment.

A recent example is the Locky ransomware campaign that sends emails with a Word “invoice” attached. Victims are prompted to enable a macro to see the “invoice,” thereby downloading and launching the ransomware. However, the second type involves no user consent. It exploits vulnerabilities in browsers (often Internet Explorer or Firefox – JavaScript or VB), third party plugins (most commonly Flash, Silverlight, Java), document viewers (Office, Acrobat), scanning engines (Antivirus scanning for files) and graphic parsers (usually Windows OS drivers).

In the Carbanak attacks mentioned earlier, a Trojan-infected Word email attachment exploited the MS Office CVE-2015-2545 vulnerability to automatically download malicious code upon opening.

Attacks that exploit memory vulnerabilities are increasingly common and particularly difficult for cybersecurity systems to detect and block. A memory vulnerability results from possible wrong inputs into software. For example, inputs that are too long without proper validation can result in Buffer overflows (heap or stack). Additional memory vulnerabilities include Type confusion, Use-after-free condition and Integer overflow, among others.

Combating Cybercrime

While cybercrime methods have gotten smarter and cheaper to perpetrate, overall defenses have not kept up. All detection-based security products are necessarily limited by their detection logic, whether signature-based like traditional AV or more sophisticated solutions based on heuristics, reputation lists or machine learning. They also usually fall flat at dealing with file-less malware and can add significant administrative burden in terms of generating false positive results and update requirements.

Evasive techniques need likewise defense. Moving Target Defense (MTD) is one such emerging strategy. It uses counter-deception techniques to constantly change the target surface, concealing vulnerabilities in applications and web browsers and trapping attempts at access. MTD holds promise especially when combined with traditional antivirus, which is easy and cheap to administrate and still surprisingly adept at catching run-of-the-mill malware.
 
Information-Management

« Data Strategies Are Not Keeping Up With Cloud Migration
Google’s Ad Tracking Is Just As Creepy As Facebook's »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Irish Reporting & Information Security Service (IRISS)

Irish Reporting & Information Security Service (IRISS)

IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) to provide services to all users within Ireland.

StoneFly

StoneFly

StoneFly offers High Availability, high performance cluster and scale out storage, and backup and disaster recovery appliances.

Zivver

Zivver

Zivver is the effortless, secure email platform, powering the next generation of secure communications.

Wayra UK

Wayra UK

Wayra UK, part of Telefónica Open Future, has been chosen to run a new cyber accelerator facility to help UK start-ups grow and take the lead in producing the next generation of cyber security systems

CybeReady

CybeReady

CybeReady’s Autonomous Platform offers continuous adaptive training to all employees and guarantees significant reduction in organizational risk of phishing attacks.

Turkish Accreditation Agency (TURKAK)

Turkish Accreditation Agency (TURKAK)

TURKAK is the national accreditation body for Turkey. The directory of members provides details of organisations offering certification services for ISO 27001.

CyberDegrees.org

CyberDegrees.org

CyberDegrees.org aims to provide top-notch information for students seeking Cyber Security education and career guidance.

At-Bay

At-Bay

At-Bay offer an end-to-end solution to cyber risk with comprehensive risk assessment, a tailored cyber insurance policy and year-long, active, risk-management service.

Swarmnetics

Swarmnetics

Swarmnetics helps customers discover hard-to-find software vulnerabilities by hacking your system before the bad guys do.

Stratejm

Stratejm

Stratejm, a Next Generation Managed Security Services Provider, brings innovation and thought leadership to the fight against cyber criminals.

The Security Bulldog

The Security Bulldog

The Security Bulldog distills and assimilates open source cyber intelligence to enable security teams to understand threats more quickly, make better decisions, and accelerate detection and response.

Skyhawk Security

Skyhawk Security

Skyhawk Security is the originator of Cloud threat Detection and Response (CDR), helping hundreds of users map and remediate sophisticated threats to cloud infrastructure in minutes.

TriCIS

TriCIS

TriCIS design and engineer highly secure integrated solutions that meet the highest government and military security standards, providing information assurance to organisations across the globe.

CYTUR

CYTUR

CYTUR provide trusted and secured maritime cybersecurity solutions to keep ships safe, protecting them, their crews, cargo and all stakeholders from maritime cyber threats.

Cytex

Cytex

Cytex is the All-in-One solution for SMB data protection & compliance needs.

IT Voice

IT Voice

IT Voice specializes in Managed IT and VoIP solutions. Our focus is simplifying the technology so our customers can stay focused on what they do best.