Security Blog

Your source for information security news and views.

Subscribe to feed Viewing entries tagged malware

Break out the RAT traps, there is shady business afoot

Posted by Patrick Snyder
Patrick Snyder
Patrick Snyder has not set their biography yet
User is currently offline
on Thursday, 04 August 2011
in MyBlog

Forget about LulzSec and Anonymous. Those political hacktivist groups are only amateur script kiddies compared to hackers recently revealed by McAfee. The newly discovered groups five year long attack, which struck at least 72 identified organizations, seems to have originated out of China, although no official location has been determined.

Dubbed Operation Shady RAT, which stands for remote administration tools, employs spear phishing techniques which mimic legitimate email messages (just as many other phishing attacks do), then once users open attachments their systems become infected with malware allowing them to be controlled by a command-and-control server hosted by the hackers. Unlike other attacks we have seen, this hacking group doesn't seem to be out for laughs or a quick payout. It's data mining they are after, and lots of it.

The longevity of their attacks has led to the compromise of petabytes worth of data thus far. The damage and loss of proprietary information is far more valuable than anyone would have predicted, and until the attackers are shut down, it is only expected to get worse.

This attack brings to light a concept we have been throwing at IT security professionals for quite some time now. Anyone who has attended Ken Kousky's Strategy to Reality seminars has most definitely heard about Advanced Persistent Threats (APTs). This was the same attack approach used in the SCADA attacks on Iraq's nuclear facilities and in Operation Aurora against Google and a dozen or more organizations. For those that need a brush up on APT attacks think of them as interactive, polymorphic attacks with the ability of their controllers to evolve and adapt to any security system. You build a wall, they knock it down, you dig a moat, they swim across it. APT attacks represent an new revolution of unstoppable cyber attacks.

The only way to stop an APT attack is to cut it off at its driving source, the C&C; server. McAfee is working with a variety of US government agencies to shut down the C&C; server however the attackers 5 year head start along with jurisdictional issues is sure to make this quite the challenging task.

Another issue is many organizations failure to report or admit a compromise, thus making these attacks even more difficult to follow. Security professionals must keep in mind that despite your organizations reputation or pride, you have a duty to disclose attacks to the proper authority. These attacks cannot be ignored and cannot be fought alone.

Microsoft has even started a program offering a $250,000 incentive to anyone who contributes outstanding solutions to these attacks in defense of the future of computing technology.

If your wondering if your organization could be a target then just ask yourself one question. Does my information hold any value whatsoever? I'm guessing that for 95% of organizations this answer is yes.

Hits: 957 0 Comments

Mobile Malware: Coming soon to a PC near you!

Posted by Patrick Snyder
Patrick Snyder
Patrick Snyder has not set their biography yet
User is currently offline
on Wednesday, 25 May 2011
in MyBlog

The evolution of mobile apps has become a viral topic among technologists. Developers are rapidly transitioning their skills from PC based programming back to the minimalist programming seen in the early stages of computing where resources were limited. There are already an estimated 350,000 apps on the Android market and more than a half-million in the iOS App Store. With these mobile app environments growing so quickly, PC companies are struggling to keep up and searching for a beneficial solution.

Enterprises have been exploring the idea of virtualization of applications to allow functionality on various platforms for a long time now. Much of this development can already be seen today on mobile devices and PCs that run Java environments to power universal applications. What they are really searching for is a solution that allows for universal operation of applications that use little to no system resources. If these apps can run on less powerful smartphones then they should have potentially amazing capability on PC platforms.

Well now this solution is within reach. Bluestacks is currently developing technology that will allow Android apps to be run on a PC. Though this seems great for integrating our bulky yet powerful desktop and laptops in with our mobile devices, it should also be raising some red flags. 

According to research published by Juniper Networks, mobile malware on the Android operating system went up 400% in the six months prior to 2011. Thats should be a frightening statistic! Why would we ever want to allow these applications to run on our PCs?! As if our PCs didn't already have enough malware to defend against, we are going to add mobile malware into the equation.

The technology will be virtualized so there is an assumed level of security associated with such technologies. This security is usually provided through the use of a hypervisor to manage communications between software and hardware and also between the hosted operating systems themselves however, the technology pitched by Bluestacks seems like it will stray from this model. 

"End users don't have to toggle between operating systems. They can simply click on an icon for an Android application, for instance, to launch and use it." Rosen Sharma, president and CEO of Bluestacks said.

From a security standpoint, we find this methodology very risky. We expect to see malware propagating through this new attack vector very soon, you can count on it. "This will be the number one attack vector within a year!" Ken Kousky, president and CEO of IP3 Inc. said.


Hits: 785 0 Comments