Top 10 Security Threats of 2016 vol 5, rel 7

From the automated coffee maker at first light to the alarm set just before we go to bed, we are in a symbiotic relationship with computers.  Unfortunately, as much as they can help, our dependency on them can also hurt.  This is a concept that does not escape malware programmers.  Today, both individuals and businesses are under siege by cyber criminals and their inventions of chaos.  The question that looms the typical technology professional has evolved from if, to when will their systems will be attacked.

The days of individuals threatening the system are pretty much over and along with it is the idea that your system being secure under the cloak of anonymity.  Mal-bots are systematically, without discretion, hitting all systems with a combinatoric array of exploits 24/7, and if your system isn’t amply protected, it will fail.

As your IT News public servant, Wasabi Roll asks the question, “So what do these attacks look like?” We have identified ten types of attacks that seem to dominate the incident response teams, compiled the top ten malefactors, and we have listed them according to their severity.  We start by the least damaging to the absolute fatal.

10  Adware

Our research indicates that hundreds of PUPs and ad-supported browser add-ons are released on a daily basis. To stay protected against the annoying third party intrusion, users should pay close attention to what they are downloading. Always read the EULA (End User License Agreement), Download Agreement, and Privacy Policy. Going for the advanced software installed that gives you the opportunity to view and deselect any added programs is also crucial.

9   Rogue Antivirus Software

Rogue AV software is any software that is promoted as a useful anti-malware one. Instead of doing what it is advertised to do – shield the system against malware, the rogue AV program will do exactly the opposite. It will slow down the PC, compromise the user’s online safety, and make the system more vulnerable to malware attacks.

One example of a popular rogue is Antivirus Pro 2017. It is from the same family as Antivirus PRO 2015 and Defender Pro 2015.

Once installed, the rogue antivirus tool start will begin performing a fake system scan. While scanning the system, multiple issues will be found. To regain control of his computer, running a real AV piece is a good idea.

8   Third-Party Attacks

Cybercriminals generally take the path of least resistance, and they’ve learned that

contractors and other third-party providers can provide an opening into otherwise-secured corporate networks. Major data breaches at retailers like Target and Home Depot occurred because attackers were able to obtain valid network credentials from trusted, third-party providers, and just walk right in.

This vulnerability extends far beyond corporations, though. Steve Durbin, managing director of the Information Security Forum, stresses that everyone needs to consider who has been entrusted to connect to or access sensitive information, and whether those entities or individuals have appropriate security measures in place.

This list is by no means comprehensive or conclusive. The very nature of innovative exploits means that we may be caught off guard by a completely new attack. And you may not be able to do much, personally, to prevent third-party attacks or DDoS attacks. But you can keep all of your hardware, software and services updated, and employ security controls to defend against attacks. There is no substitute for awareness and common sense.

7   Social Engineering Attacks

In security, social engineering is any psychological manipulation, resulting in making people perform certain actions or give away sensitive information. What differentiates social engineering from a regular con is the fact that it usually is a small junk of a more elaborate scheme. In 2015, we have already observed several attacks that employed some form of social engineering. Curiously enough, cyber crooks often turn to social media to utilize social engineering. E.g., a recent Facebook scam promised users 300 iPhones in exchange for clicking the Like button.Whether you like it or not technology is an integral part of our lives. 

 Social engineering attacks performed on the Web can be divided into four categories:

• Phishing – aimed at obtaining personal information.
• Pretexting – focused on making up a good pretext, a smart scenario, which will later be used in the attempt to gather compromised users’ personal information.
• Baiting – similar to phishing, with the difference that a prize item is offered to the victim.
• Quid pro quo – related to phishing and baiting. A service is offered instead of an item.

6   Social Media Attacks

A rise in social media and waterholing attacks is being witnessed — compromising a website or service commonly used by the target group in an effort to infect one or more of them, and allow the malware to spread from there. Attackers continue to develop new techniques to exploit social networks.  No security measures can overcome stolen credentials and click-through’ s.

Malicious social media content is expected to grow 400 percent as attackers target enterprise social media accounts to perpetrate confidence schemes, distribute malware, and steal customer data. Greater awareness and vigilance are the best defenses. 

5   Mobile Malware

Security experts have been banging the drum about the threat of mobile malware for years. The fact that it hasn’t yet materialized in a major attack has eroded the credibility of the claims, though, which means many users don’t take it seriously and have let their guard down. The sheer volume of mobile devices, and the prevalence of new mobile malware threats only increase the likelihood that a major mobile malware attack will happen. Will 2015 finally be the year?

As consumers and businesses shift to using mobile devices for a greater percentage of their daily activities, so shall the cybercriminals —specifically Android and jail-broken IOS devices. Remote find, lock and wipe aren’t enough.

4   Banking Trojans

Two major financial stealers were eliminated back in 2014 – Gameover Zeus and Shylock. However, instead of being shocked by their eradication, cybercriminals quickly moved forward and introduced Dyreza and Dridex to the financial world.

The Dridex Trojan, also known as Feodo, Bugat or Geodo, continuously attacked banking organizations. At one point, the malicious Trojan was exploiting the macros of the Microsoft Office Package. Even though macros are usually disabled by default by companies, cyber criminals are still trying to lure employers into enabling them.

Another vicious banking Trojan dubbed Vawtrak, Neverquest or Snifula, was also spotted. Once Vawtrak is activated, it gains access to the victim’s bank accounts and steals his login credentials. Vawtrak was distributed via:

• Drive-by downloads executed after opening a spam email attachment.
• Malware downloader.
• Exploit kit.

To stay protected against Trojans, users should:

• Enable automated patches for the operational system and the web browsers.
• Limit to downloading software from safe providers.
• Do not open emails sent by unknown senders.
• Deploy new archetype anti-malware solution using the Mathematical method - see previous article: Five Secrets Your Anti-Virus Manufacturer is Not Telling You…

3   Exploit Kits

Since 2012, when the infamous Blackhole EK was detected in the wild, exploit kits have also generated a considerate amount of infections and are regarded a serious cyber threat. Even though different exploit kits may deploy different contamination tactics, the story usually goes as it follows:

• The user visits a compromised website that has been attacked by cyber criminals.
• The user experiences a series of redirects and ends up at a server hosting the EK.
• The EK collects information about the victim’s system and determines how to proceed with the payload.
• If the procedure is successful, the payload – malware, banking Trojan or Ransomware – is downloaded to the user’s PC.

Notable examples of exploit kits that have recently been detected are:

• Nuclear exploit kit
• RIG Exploit Kit (recently used to deliver CryptoWall)
• HanJuan exploit kit (also known as Timba Trojan and Fobber)
• Angler exploit kit

2   DDoS Attacks

Denial-of-service attacks are more of an annoyance than anything else. They don’t directly steal your information, or cause any overt harm—they just flood a site or service with so much traffic that it becomes overwhelmed and prevents legitimate users from connecting to it. As many Xbox and PlayStation gamers learned over the holidays, though, DDoS attacks are becoming more advanced, and have a very real impact.

DDoS attacks became much more sophisticated. Though much of the reporting focused on the size of attacks, a more troubling trend was the advancement in attack techniques.  Attackers have evolved beyond simple flooding of traffic, and can now morph and adapt based on the defenses in place on the target network.

To stay protected against DDoS Attacks users should:

• Not rely on freebee DNS servers provided by software manufacturers
• Deploy DNS appliances that thwart such attacks - preferably one that is a hybrid, i.e., does both cloud (for high volume) and local (for low volume).

1   Ransomware

Ransomware first entered the online space in 1989 when the AIDS Trojan a.k.a. PC Cyborg designed by Joseph Popp was introduced. AIDS Trojan is the first file-encrypting threat to encrypt the user’s files on the hard drive and demand money to unlock them. Since then, ransomware has evolved so much that a single ransomware piece – Cryptowall, has cost the world economy $18 million in less than a year. To put it in other words, Cryptowall’s creators have made millions of dollars while extorting money from individuals and businesses.

Other notable ransomware threats that have successfully ‘robbed’ users during the past year are:

• CryptoLocker
• Troldesh
• Bit Cryptor
• Tox Ransomware
• Alpha Crypt
• Los Pollos Hermanos
• Locker

To stay protected against ransomware, users should:

• Enable automated patches for the operational system and the web browsers.
• Limit to downloading software from safe providers.
• Block pop-up windows.
• Do not open emails sent by unknown senders.
• Deploy new archetype anti-malware solution using the Mathematical method - see previous article: Five Secrets Your Anti-Virus Manufacturer is Not Telling You…

________________________________________

Source(s)

• http://cfoc.org/top-10-malware-attacks-of-2015/
• https://heimdalsecurity.com/blog/top-financial-malware/
• http://www.enigmasoftware.com/top-6-scariest-most-dangerous-malware/
• http://www.pcworld.com/article/2867566/experts-pick-the-top-5-security-threats-for-2015.html

So “Once more unto the breach, dear friends, once more;”

____________________________________________________________

About Rick Ricker

An IT professional with over 23 years experience in Information Security, wireless broadband, network and Infrastructure design, development, and support.

For more information, contact Rick at (800) 399-6085 x502

---

Continuity Focus, Inc. (800) 399-6085 x502