Quantcast
Channel: Webroot Blog
Viewing all 1110 articles
Browse latest View live

Threat Recap Week of March 11th

0
0

 

A lot happens in the security world, and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Tax Season Leads to Rise in Phishing Attacks

As we’ve seen in the past, corporations preparing their taxes for the April deadline are a lucrative target for phishing attacks. Most recently, Seagate Technologies had such a breach in which all current and former employees’ W-2 information was compromised. This incident follows a trend of attacks that target employees by spoofing the CEO’s email address and asking for highly sensitive information.

http://www.csoonline.com/article/3040626/security/three-more-firms-hit-by-targeted-phishing-attacks-seeking-w2-data.html#tk.rss_news

Ransomware Targets Mac OS X

In the past week, it was brought to light that a new form of ransomware had hit the market and was aimed specifically at Mac users. KeRanger comes bundled with the Transmission Bittorrent client and remains dormant for three days to avoid quick detection or suspicion of the torrenting app itself. After that time period, it gathers sensitive information about the Mac and uploads to a Command & Control server, thus starting the process of encryption.

http://www.webroot.com/blog/2016/03/07/18611/

Android Users Hit with Banking Malware

Recently, a new form of banking malware, labeled as Spy.Agent.SI, has been targeting Android mobile banking users. The program will lock the device until the user enters their bank login information from one of the targeted bank apps. Currently, it appears to be focused on several large banks in Australia and New Zealand, and only impacts users who downloaded the fake Adobe Flash Player app from a third-party app store.

http://www.csmonitor.com/World/Passcode/2016/0307/Sophisticated-banking-malware-targets-Android-users?mc_cid=db5948860e&mc_eid=aa7c64b687

Facebook Password Reset Vulnerability Found

A vulnerability was discovered this past week in Facebook’s password reset functionality. While a brute-force attack would be impossible on the facebook.com main website, due to a lock-out feature that triggers after a certain number of failed password tries, several of their other domains do not have this capability. This lack of security in the less trafficked sites within the facebook.com domain allowed the researcher to perform a brute-force attack on his own account, and successfully gain access to the account.

https://nakedsecurity.sophos.com/2016/03/08/how-one-man-could-have-broken-into-any-facebook-account/?

Hotel Chain Major Target for PoS Malware Attack

This week, Rosen Hotels & Resorts Inc. announced that they had fallen victim to a PoS malware infection on their credit card processing systems, which had first been discovered over a year earlier. The company is still unsure how many customers or locations were affected by the attack, which focused primarily on cardholder information, but have begun notifying customers whose information may be compromised.

http://news.softpedia.com/news/rosen-hotel-chain-had-a-pos-malware-infection-for-17-months-501530.shtml?

The post Threat Recap Week of March 11th appeared first on Webroot Threat Blog.


Malvertising: When Ads Go Rogue

0
0

 

Advertisements on the internet are no longer just a nuisance. They are now also potentially dangerous. Even sticking to widely used and trusted websites can be risky, as the banner ads they contain may be carrying malicious code.

“Malvertising”, a combination of “malware” and “advertising”, is the technique of using trusted ad networks to deliver malware-loaded advertisements to users on trusted websites. This is not a new technique, but over the last couple of years its use has grown exponentially by cybercriminals because it is so effective.

According to David Kennerley, Sr. Threat Research Manager at Webroot: “Malvertising is a big problem and its return on investment for fraudsters suggests it’s not going away anytime soon.”

Most websites that have advertisements use “ad networks” to manage those ads, giving the site options for what type of ads to deliver to visitors. In a malvertising scenario, a cybercriminal will either hack into an ad network’s server or even sign a fraudulent contract with an ad network, posing as an advertiser in order to gain trust. They will then upload a seemingly legitimate advertisement that is loaded with malicious content, such as a Flash or Javascript exploit. The ad network unwittingly adds this malicious ad into its database so that its customers can choose it as one of multiple rotating ads. Or, it can take more of a social engineering approach and appear on your screen based on your browsing habits, which are tracked by tracking cookies.

Ad-Website pic

“Unfortunately, simply keeping to trusted websites no longer means you’ll stay safe,” said Kennerley. “The outsourced, distributed and chaotic nature of the online advertising industry means that even the world’s most popular websites have no visibility on the ad content displayed on their pages or its original source.”

In recent months, an additional level of complexity has been employed in these types of attacks: “Fingerprinting”, a method of uniquely identifying computers based on meta-data and file dumps. As online advertisers move away from human transactions and toward real-time ad bidding, cybercriminals are finding ways to better target their victims. Ad networks provide user meta-data to advertisers so that they can better advertise to consumers, but this same data can be used by cybercriminals to identify systems that can be exploited. For instance, if the meta-data reveals that a PC’s Adobe Flash is not up to date and a known exploit exists for their version of Flash, they will identify that PC as a target for attack.

malvertising flow chart

 

In addition to identifying potential victims, cybercriminals also use fingerprinting to identify networks and devices to avoid. For instance, if they choose to target only people in specific countries and avoid people in their own country, they can do so using geolocation data. This technique has also been used to evade security researchers by avoiding networks of security companies, making it more difficult to replicate and research these types of attacks.

With malvertising gaining popularity among cybercriminals, protecting yourself from this type of attack is critically important. “Internet users should keep their browsers fully patched, with appropriate in-built phishing and malware protection switched on,” advised Kennerley. “Browser add-ons should be kept up-to-date, with auto-play turned off; or better yet, disable or remove these commonly exploited add-ons completely. Ad-blocking software is becoming a must and of course a strong endpoint protection product is essential.”

The post Malvertising: When Ads Go Rogue appeared first on Webroot Threat Blog.

Personal Security: Why you Should Update your OS & Internet Browser TODAY

0
0

 

If you’re one of the people who is still stubbornly holding onto Windows XP (which stopped receiving support and security updates as of April 8, 2014), it’s time to let go. Likewise, if you’re using an outdated version of your preferred internet browser, it’s time to update. Right now. Why? In both scenarios, you’re putting your personal online security at risk any time you browse the internet. Without current web browser support and critical security updates from Microsoft, your PC may become vulnerable to any number of harmful viruses, spyware, and other malicious software which can steal or damage your identity, personal finances, and information.

Microsoft Pulls the Plug on Windows XP; Users Should Upgrade

XP support

(Source: howtogeek)

Nearly two years ago, Microsoft finally made the decision to stop supporting the widely popular OS (operating system) after a 12 year run. Windows XP faithful (and there were many) were encouraged to say their farewells to the beloved OS and move on to newer Microsoft technologies, or continue to use XP at their own risk as the OS was no longer receiving security updates. Unfortunately, many users chose the latter option, leaving their computers susceptible to a myriad of threats. Worse yet, people stubbornly continue to use Microsoft XP, despite the security risks. If you fall into this category, I strongly advise you to upgrade to a version of Windows that Microsoft still supports.

For more information on the end of XP support as well as how to upgrade, you can check out this Microsoft FAQ.

Using an Up-to-Date Internet Browser on a Suported OS is Important As Well 

Making sure your operating system is supported is critical, but it’s not the only step users need to take to stay secure. If you’re using a supported OS, but fail to keep your internet browsers updated, you leave yourself vulnerable every time you browse the web. Likewise, if you’re using an updated browser on an OS that’s no longer supported,  same thing. Thus, browser support is also crucial for a safe internet-using experience. Here’s the current support status of each major web browser:

Internet Explorer:

IE 11

(Source: Microsoft)

Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates. Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10. In other words, if you’re using any prior version of I.E., you’re at risk and it’s time to update.

Fortunately, Internet Explorer 11 offers improved security, increased performance, better backward compatibility, and support for the web standards that power today’s websites and services, so the transition should prove a comfortable one. Microsoft encourages customers to upgrade and stay up-to-date on the latest browser for a faster, more secure browsing experience. You can download the latest version of Internet Explorer here.

Google Chrome:

Chrome 4

(Source: Google Images)

Chrome, Google’s wildly-popular take on the internet browser, came onto the browser scene (and subsequently onto users computers) in 2008. Now, it’s estimated that Chrome is the most widely-used browser on desktops, at 58% worldwide usage share.

Unlike Internet Explorer, Chrome automatically updates each time it detects that there’s a newer version available, so users don’t have to worry about being on a potentially-outdated version of the browser. However, last November, Google announced it will end support for Chrome on some older operating systems by April 2016, which means that less than a month from today, Chrome will stop getting updates if your computer is running any of the following operating systems:

Windows Vista, Windows XP, OS X 10.6 Snow Leopard, OS X 10.7 Lion and OS X 10.8 Mountain Lion

The April 2016 deadline is actually an extension to the life cycle of Google Chrome on Windows XP. Google originally announced back in October 2013 that support for Chrome on XP would end by April 2015, before pushing that deadline back to December 2015. For more information on system requirements as well as download links for different operating systems, check out this Google support page.

Mozilla Firefox:

Firefox

(Source: Mozilla)

Mozilla’s Firefox, created back in 2002, still remains a popular browser choice for users. Largely thanks to the decline in Internet Explorer usage, Firefox reportedly took over the number two slot for desktop browsers in February 2016.

Like Chrome, Firefox is set by default to automatically update to the latest version. You can find a list of all Firefox releases here.

As far as operating systems go, here are the ones currently supported by Mozilla: Windows XP SP2, Windows Server 2003 SP1, Windows Vista, Windows 7-10, Mac OS X 10.6-10.11. You can learn more about getting the latest version of Firefox on an older version of Windows here (although you should really not be using Windows XP at this point, as outlined earlier).

Safari

Safari

(Source: Apple)

 

Sure, some Mac users prefer to use Chrome or Firefox. However, Safari (the default internet browser on Mac OS X that was originally released in 2003) is also used by many Mac users worldwide.

While the browser doesn’t update automatically, users can easily check for updates by opening the App Store and clicking on ‘Updates’ in the toolbar. If there’s a new version of Safari available, users just need to click the ‘Update’ button (and enter their Apple ID), and the latest version will be installed.

To keep Safari up-to-date, Apple encourages users to upgrade to the latest version of OS X. Safari 9, which is currently in version 9.0.3, comes bundled with the latest version of OS X, El Capitan. However, users who are still using OS X Mavericks can also update to the latest version of Safari. You can find out more information on this Apple support page.

With some many options, updates and upgrades available today, it’s easy to find yourself using an outdated operating system or a internet browser that is no longer supported, and putting yourself at a security risk as a result. Hopefully this blog post and the included hyperlinks will help you take the necessary steps in ensuring your operating system and browsers are up-to-date, which in turn, will help safeguard your identity and personal information.

 

The post Personal Security: Why you Should Update your OS & Internet Browser TODAY appeared first on Webroot Threat Blog.

Threat Recap: Week of March 14th

0
0

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Credit Card Fraud Now Quicker Than Ever

There are thousands of cases of credit card fraud that occur every year, usually through a merchant breach. Lately, however, a new process has emerged and has shown to take almost no time at all, while also being nearly foolproof. By quickly attaching a face-plate skimmer to a credit card processor, hackers can retrieve any customer data they collect later by simply removing the skimmer or remotely connecting to the device via bluetooth.

http://www.csoonline.com/article/3043662/security/credit-card-terminal-goes-from-safe-to-compromised-in-less-than-three-seconds.html#tk.rss_news

Bank Breach in Bangladesh

It recently came to light that hackers had breached Bangladesh’s central bank and attempted to withdraw $101 million USD from their US-held account. The U.S. Federal Reserve allowed the initial transactions to occur, but the overall attack was halted when Deutsche Bank employees noticed a spelling error for the recipient party. While some of the cash had already been transferred to offshore casinos, the remainder that had been withdrawn was returned.

http://www.bankingtech.com/455732/typo-spells-confusion-in-101m-cyber-bank-heist/

Anti-DDoS Firm Hit with DDoS Attack

It has been confirmed that in the past week, the cyber security firm Staminus, has been the latest target of a severe DDoS attack. The attack left the Staminus website down for several days and finally resulted in a large information dump, containing mainly customer information. The information dump was preceeded by a note from the hacker that listed off various “tips” for running a security company, a likely jab at the security flaws used to initiate the breach.

https://nakedsecurity.sophos.com/2016/03/15/attacker-leaves-security-tips-after-invading-anti-ddos-firm-staminus/?utm_source=Naked+Security+-+Sophos+List&utm_campaign=7230822a23-naked%252Bsecurity&utm_medium=email&utm_term=0_31623bb782-7230822a23-454898153

Major News Sites Target of Malvertising

Recently, several high-profile domains were infiltrated by cybercriminals with the intent to distribute ransomware via the Angler Exploit Kit. With ransomware being a simple method for attackers to affect a large audience (as well as bring in a nice profit), more companies should be taking a closer look at their own systems and patching any vulnerabilities. While the attack lasted less than 24 hours, thousands of daily visitors to high-traffic sites such as the New York Times, BBC, and Newsweek could be affected.

http://www.csoonline.com/article/3044588/security/malvertising-campaign-hits-new-york-times-bbc-others.html#tk.rss_news

Typosquatting, Latest Mac OS X Scam

Cybercriminals are always on the lookout for the next method of targeting end-users. This time, they’re focusing on poor spelling. By implementing a method called ‘typosquatting’, attackers have been registering common US company domains using the “.om” suffix (belonging to the country of Oman), in hopes that people misspelling “.com” will be redirected to one of their phony sites. Aimed mainly at Mac OS users, when they land on a fake site, users are directed to a fake Adobe Flash update that actually attempts to install Genieo, a common Mac adware variant.

https://threatpost.com/typosquatters-target-apple-mac-users-with-new-om-domain-scam/116768/

The post Threat Recap: Week of March 14th appeared first on Webroot Threat Blog.

Threat Recap: Week of March 21st

0
0

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Microsoft Addresses Macro Malware Issue

With macros being a major vulnerability point in Microsoft Office software, the 2016 version of the product line will now offer protection against these infections. By allowing network admins to block execution of any macro that attempts to download content from the Internet, this will greatly reduce the number of systems that are compromised.

http://news.softpedia.com/news/microsoft-adds-new-feature-in-office-2016-that-can-block-macro-malware-502058.shtml

Ransomware Takes Aim At Healthcare

In the past week, three U.S. hospitals were targeted by ransomware attacks that left them in varying levels of functionality. Fortunately for patients, all hospitals have returned to full capacity, with little to no patient information being leaked. It is still unclear if the hospitals paid the ransom, however the cases are under FBI investigation.

http://www.bbc.com/news/technology-35880610

NASA Email Servers Hit with DDoS Attack

Recently, a group of hackers linked to Anonymous has made claims that they used a DDoS attack to take down NASA’s email servers all around the world. However, that claim appears to be unsubstantiated, as NASA’s main website was still accessible during the apparent outage. The attack was perpetrated because the hacker group claims that NASA is keeping important information regarding ISIS withheld from the public.

https://www.hackread.com/hackers-ddos-shutdown-nasa-website-email-server/

Local Utilities Need to Increase their Security Measures

In a recent study done by the Verizon RISK lab, it was determined that while many local utility services believe they are quite secure against an information-stealing attack, they are actually a major offender of vulnerabilities. The study also revealed that one customer, Kemuri Water Company, had a decade-old system infrastructure while also using a SCADA platform with direct internet access and no two-factor authentication.

http://www.zdnet.com/article/the-future-of-our-city-services-cyberattackers-target-core-water-systems/

Majority of IT Pros Use Basic AV Security Solutions

It was revealed recently that the vast majority of IT professionals believe that using only a basic Antivirus software is enough to defend against the latest cyber attacks. The study also showed that only 15% applied additional defensive measures. Fortunately for consumers, the trend is moving towards ever-improving security protocols and finding better ways to catch the latest malware variants.

http://www.computing.co.uk/ctg/news/2452094/ninety-seven-per-cent-of-it-professionals-think-standard-antivirus-software-will-stop-zero-day-attacks

 

 

The post Threat Recap: Week of March 21st appeared first on Webroot Threat Blog.

Malware as a Service: As Easy As It Gets

0
0

 

 

If you’ve ever been infected with serious malware, you may have assumed the culprit is a person sitting in the basement of their mom’s house, or a small group of people huddled in a garage somewhere. It’s really not that simple.  There’s a whole global cyber underground network that’s working diligently to make all this happen for you. It’s the lucrative cyber black market. Mostly everyone has heard the term “black market” at least a few times. It’s referenced in many movies and is often heard on the news when speaking of criminal activity and the purchasing of illegal materials or services.

Malware-as-a-Service is a prosperous business run on the black market that offers an array of services and isn’t just limited to malware or bits of code. And you don’t have to be a computer expert either. Anyone can purchase code that will cause harm to a person’s computers or even hold it for ransom. But once purchased, what are you going to do with it? How will investing in this piece of malware return a profit? There’s still the challenge of getting it out there, getting your potential victims to run the payload for the newly purchased malware on their computer. And most importantly, cashing out on the investment. This is where the entire business model of Malware-as-a-Service comes into play.

It’s all offered in the cyber black market and functions no different than the global markets we hear of. Due to its low key nature, it’s difficult to say exactly how much money is generated from Malware-as-a-Service in this market. But it would be no surprise if it stretched up into the billions.  In this market it’s possible to purchase all the necessary pieces to make it as easy as possible for the investors to profit.

 

MAAS

 

First level: The highly skilled elite programmers or engineers who write malware, develop exploits, and are general researchers. This can be an individual or individuals working together.

Second level: Here are the spammers, botnet owners, distributors, hosted system providers. These people are also skilled, but not always elite. This is where the distribution is handled

Third level: The money mules, treasurers, financial data providers.

These three levels fall under the umbrella of Malware-as-a-Service that can be sold and purchased as an entire package or individual services by a vendor.

The individuals involved aren’t always strictly black hat. There are also grey hat hackers, otherwise known as freelancers who are simply looking to make a profit. A programmer can sell a zero day exploit to the vendor of a software as a bounty. However that same exploit might be able to fetch a far greater profit if sold on the black market. A perfect example of this is Facebook, who offers a minimum of $500 for anyone who can hack their site. With over 700 million users, a Facebook exploit can sell for a pretty hefty price in the black market. As malware becomes more profitable this type of business model will continue to grow.

 

 

The post Malware as a Service: As Easy As It Gets appeared first on Webroot Threat Blog.

Threat Recap: Week of March 28

0
0

 

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

 

MedStar Health, Latest Medical Services Ransomware Target

Early this week, MedStar Health, one of the largest healthcare providers in Maryland, was the victim of a ransomware attack that lead to the complete shutdown of their computer systems. Fortunately, for patients, it appears no information was stolen and all of their facilities have remained open, though currently lacking access to digital patient records.

http://www.csoonline.com/article/3048825/security/ransomware-attack-hits-medstar-health-network-offline.html#tk.rss_news

College Board Reports Security Breaches Allow Leaked SAT Tests

Recently, it has been discovered that, due to many security vulnerabilities in the College Board, the most recent version of the SAT has been compromised in several Asian countries. The latest report confirms that many prep schools throughout China and South Korea are teaching past SAT questions that will likely be used again, allowing some students to attain perfect scores, by having studied the answers beforehand.

http://www.reuters.com/investigates/special-report/college-sat-one/

Phishing Attack Nearly Costs Mattel $3 Million

Last year, toy maker Mattel was the victim of a phishing attack that lead to $3 million USD being transferred to a bank in Wenzhou, China. In this case, the new CEO’s email was spoofed to a financial executive that requested a large transfer, that was luckily caught and the account frozen before it was withdrawn. With social engineering being a prevalent source of corporate information, authentication for highly sensitive transfers of information or funds should be mandatory.

http://www.csoonline.com/article/3049392/security/chinese-scammers-take-mattel-to-the-bank-phishing-them-for-3-million.html#tk.rss_news

Federal Court Phone Scams On the Rise

Many people have been the victims of a scam call asking for access to your computer, or scaring you into giving up credit card information, but lately a new call has people worried. It comes in the form of a demand to quickly pay a fine for missing a jury duty summons, or have a warrant issued for your arrest. This type of scare tactic has become more aggressive, but also more detailed with the information they seem to “know” about you.

https://nakedsecurity.sophos.com/2016/03/31/us-federal-court-you-didnt-show-up-for-jury-duty-scammers-slicker-than-ever/

Computer Science Student Finds Valve Vulnerability

This week, a 16-year old student from the University of Salford successfully exploited a vulnerability that allowed him to publish a game to Steam without being reviewed by a Valve employee. He also made a blog post explaining how he was able to go about exploiting the bug, which has since been fixed.

https://www.helpnetsecurity.com/2016/03/30/steam-review-bypass/

The post Threat Recap: Week of March 28 appeared first on Webroot Threat Blog.

Threat Recap: Week of April 4th

0
0

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Credit Card Breach at Trump Hotels

It has recently been reported that the Trump Hotel chains have been the target of yet another credit card breach, which is currently affecting several locations around the world. This comes less than a year after their last report of suspicious payment activity, in which they confirmed their systems had been hit with info-stealing malware.

http://krebsonsecurity.com/2016/04/sources-trump-hotels-breached-again/

Panama Papers Released

In what is currently considered to be the largest data leak in history (containing over 2.6 TB of information), a laundry list of celebrities and major political figures have been tied to offshore bank accounts. While having an offshore corporation is perfectly legal, many of those listed were using tax havens to hide their considerable wealth by using an offshore law firm, Mossack Fonseca, to manage their funds.

http://www.theguardian.com/news/2016/apr/03/what-you-need-to-know-about-the-panama-papers

Updating Passwords Occurs Less Among IT Admins

Most people understand the importance of changing passwords for sensitive accounts regularly, but those who often recommend these changes are at times ending up as the worst offenders. In a recent survey, IT Admins were shown to insist users change their credentials more often than they changed the credentials themselves. Furthermore, an astounding 10% of IT Admins admitted to having never changed the administrative credentials used in their organizations.

http://www.techweekeurope.co.uk/security/security-management/lieberman-software-it-admins-passwords-189155

Visa Database Potential Identity Risk

In the past week, an internal study conducted by the U.S. State Dept. revealed vulnerabilities in the visa application database, which contains hundreds of millions of confidential personal records. Currently, there has been no indication of a breach, but work is being done to seek out any vulnerabilities that haven’t already been resolved. Many of the issues they’re facing are related to aging technical systems and lack of upgrades.

http://www.fiercegovernmentit.com/story/vulnerabilities-visa-database-could-put-290m-personal-records-risk/2016-04-04?

LA Times Confirms their Site was Hacked

On Wednesday, it was reported that someone was able to access the LA Times website using a vulnerability in WordPress, and was offering this access for purchase. According to the LA Times, the security flaw has been resolved and they have added additional security precautions to prevent future breaches.

http://www.csoonline.com/article/3051598/security/la-times-said-to-be-compromised-shell-access-offered-up-for-sale.html?

The post Threat Recap: Week of April 4th appeared first on Webroot Threat Blog.


Bringing Threat Intelligence to the Device

0
0

Previous posts in this series provided an overview of threat intelligence, its role within the IoT space, and how it can be used to prevent threats at the network perimeter in IoT Gateways. With the evolution of internet-connected devices and their growing resource capabilities, these “things” will increasingly become connected directly to the internet, forgoing connectivity through traditional perimeter appliances, and in essence becoming their own gateways or firewalls. This evolution will require a new approach to security in terms of moving protective mechanisms from robust perimeter equipment into the devices themselves. This post focuses on how the use of separation kernel technology can help in this move from security at the perimeter to enabling the use of threat intelligence on the device.

 

An effective way of bringing threat intelligence to devices is through the use of a separation kernel. Separation kernel technology provides a mechanism for controlling the flow of data and commands between an operating system and the hardware on which the operating system resides. In its simplest form, it is a tiny kernel that sits between all hardware functions on a device and the operating system. This separation provides a mechanism for identifying threats outside of a host operating system. Here are two very straightforward ideas on how to quickly implement threat intelligence at the device level through the use of separation kernels:

 

  • Traffic Flow Monitoring: Most gateway or perimeter devices provide a mechanism for traffic flow analysis through the use of packet inspection and threat intelligence. This can be achieved on a device by building tiny monitoring applications that live in a secure memory space outside of a host operating system, but are accessible by the separation kernel. Traffic can be analyzed in this secure space for threats so action can be taken before it is allowed to pass into the operating system or out of the device. This essentially brings the ability to apply network security and policy management to the “thing”.

 

  • Malicious File Identification: Using the same model described above, it would be possible to analyze files outside of a user’s operating system by identifying threats before they have access to user memory and application space. Files could be assembled in a secure memory space for hashing and looked up in a cloud-based ecosystem for threat determination. In the case of unknown files, additional analysis could be performed locally to identify any threats before they have access to the user memory or application space.

 

These are only two basic examples of what could be done through the use of cyber threat intelligence on a device. As the Internet of Things continues to expand, there will undoubtedly be more and more approaches that bring existing network and perimeter security to the device. The next and final installment of this series will explore some of these ideas.

The post Bringing Threat Intelligence to the Device appeared first on Webroot Threat Blog.

Threat Recap: Week of April 22nd

0
0

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Quicktime for Windows No Longer Supported

This week, Microsoft announced they would no longer be supporting the Quicktime media player and strongly recommended to completely uninstall it in order to avoid any malicious attack through the software, which will no longer receive patches. Several flaws have been found that could leave users open for attackers to access and infect the system. At present, the Mac version of Quicktime is still being supported with security updates.

http://n4bb.com/uninstall-quicktime-windows-microsoft-stops-support/

Security Flaw Leaves Phone Users Vulnerable

Most telecom companies around the world use the same routing protocol, SS7, for allowing users to contact others around the globe. However, SS7 also allows access to an individual phone and can even be maliciously aimed at gaining call recordings, geographical locations, and other personal information. This flaw, while dangerous in the hands of cyber criminals, is also used by the NSA and other intelligence agencies for data gathering and monitoring for suspicious activities.

http://arstechnica.com/security/2016/04/how-hackers-eavesdropped-on-a-us-congressman-using-only-his-phone-number/

Cyber Security Lacking in Majority of Companies

In a recent threat intelligence report, it was discovered that over 75% of business organizations have no method of response for cyber attacks, and only obtain these critical services after they have been targeted. While individual sectors are seeing a steady rise in malware attacks on their systems, it’s difficult to believe that a large portion are still unprepared for the attacks being reported in the news on a daily basis. And yet, here we are.

http://www.channelpartnersonline.com/news/2016/04/most-businesses-have-no-cyberattack-response-capa.aspx

Latest Encrypting Ransomware Aims at Bitcoin

In the past week, a new ransomware variant known as CryptXXX has been spotted in the wild that will both encrypt your data and steal bitcoins and other sensitive information located on the system. It appears to be from the same creators as Reveton, an older variant of encrypting ransomware, but with several advances that help it access stored passwords and lock users out of the system.

http://bravenewcoin.com/news/cryptxxx-set-to-become-the-worst-bitcoin-stealing-ransomware-yet/

End-to-End Message Encryption On the Rise

With the recent news about the FBI breaking Apple’s encryption to access sensitive information, more and more companies are working towards enhancing their current encryption standards. Viber, which makes the popular messaging app, has just announced they will be providing full end-to-end encryption for any and all data sent in messages, though it will take some time for all of its 700 million users to update to the latest version. Moreover, with Viber being an Israel-based company, they will not be directly affected by any US Congress decisions regarding encryption and the governments ability to access encrypted information.

http://www.wired.com/2016/04/viber-encrytpion/

The post Threat Recap: Week of April 22nd appeared first on Webroot Threat Blog.

Threat Recap: Week of April 29th

0
0

 

Bangladesh Bank Still Attempting to Recover

In the months following one of the largest cyber heists in history, the Bangladesh Central Bank is still in the process of retrieving the $81 Million that was stolen from it, and which remains unaccounted for. The latest update comes from SWIFT, the financial transaction co-op, that has publicly stated that the Bangladesh Central Bank incident was not singular, but rather part of a larger string of cyber attacks. With this declaration, SWIFT has also pushed out a security update that will hopefully make these types of attacks more difficult in the future.

http://www.reuters.com/article/us-cyber-banking-swift-exclusive-idUSKCN0XM2DI

Uber User’s Data Security is Not So Secure

With the rise in app-based ride services across the globe, Uber riders are seeing spikes in fraudulent charges from distant locations. In other words, users are getting charged for rides they couldn’t possibly have been on. While Uber is still confident they’ve had no security breach of user information, more and more accounts are popping up on the Dark Web, at surprisingly reasonable costs. The most likely explanation is that consumers are using the same usernames and passwords for multiple apps, an ill-advised practice that’s not secure by default, which could be causing the harvesting of these credentials.

http://www.csoonline.com/article/3059461/data-breach/uber-fraud-scammer-takes-the-ride-victim-gets-the-bill.html?

Qatar National Bank is the Latest Financial Target of Cyber Attacks

In the past week, Qatar National Bank has stated they were the victim of a cyber attack, which allowed 1.4GB-worth of sensitive customer information to be leaked onto the Dark Web. Among the data, researchers have found transactions and other financial records of many high profile clients, including the Qatar Royal Family, possible intelligence agents from around the world, and even data on Al Jazeera employees. Qatar National Bank has made no confirmation of a security breach, although the leaked information would appear to be legitimate.

http://abcnews.go.com/International/wireStory/large-qatari-bank-investigating-alleged-data-breach-38698362 

Lifeboat Breach Could Lead to More Vulnerabilites

Recently, it was reported that Lifeboat Network, a Minecraft server provider, was hacked, with usernames/passwords being compromised. While Lifeboat issued a password reset to all users, who aren’t required to enter any personal or financial information when creating a login, users should still be cautious if they have re-used their passwords for other sites and change their passwords if this is the case.

https://www.helpnetsecurity.com/2016/04/27/lifeboat-data-breach/

Dating Site Exposes User Data

This week, yet another online dating site has been hacked and this time, the personal information of over 1 million individuals has been leaked. The site in question, Beautifulpeople.com, has stated that the leaked data was from a test server containing no user data. The server, which had no admin password to access, has since been taken offline.

https://www.wired.com/2016/04/beautiful-people-hack/ 

Separate tags with commas

SWIFT, Uber, Bangladesh Central Bank Breach, Dating site breach, Uber data security, data security, Minecraft, Lifeboat breach, cyber attacks, financial breach

 

 

The post Threat Recap: Week of April 29th appeared first on Webroot Threat Blog.

Personal Security: Why you Should Update your OS & Internet Browser TODAY

0
0

 

If you’re one of the people who is still stubbornly holding onto Windows XP (which stopped receiving support and security updates as of April 8, 2014), it’s time to let go. Likewise, if you’re using an outdated version of your preferred internet browser, it’s time to update. Right now. Why? In both scenarios, you’re putting your personal online security at risk any time you browse the internet. Without current web browser support and critical security updates from Microsoft, your PC may become vulnerable to any number of harmful viruses, spyware, and other malicious software which can steal or damage your identity, personal finances, and information.

Microsoft Pulls the Plug on Windows XP; Users Should Upgrade

XP support

(Source: howtogeek)

Nearly two years ago, Microsoft finally made the decision to stop supporting the widely popular OS (operating system) after a 12 year run. Windows XP faithful (and there were many) were encouraged to say their farewells to the beloved OS and move on to newer Microsoft technologies, or continue to use XP at their own risk as the OS was no longer receiving security updates. Unfortunately, many users chose the latter option, leaving their computers susceptible to a myriad of threats. Worse yet, people stubbornly continue to use Microsoft XP, despite the security risks. If you fall into this category, I strongly advise you to upgrade to a version of Windows that Microsoft still supports.

For more information on the end of XP support as well as how to upgrade, you can check out this Microsoft FAQ.

Using an Up-to-Date Internet Browser on a Supported OS is Important As Well 

Making sure your operating system is supported is critical, but it’s not the only step users need to take to stay secure. If you’re using a supported OS, but fail to keep your internet browsers updated, you leave yourself vulnerable every time you browse the web. Likewise, if you’re using an updated browser on an OS that’s no longer supported,  same thing. Thus, browser support is also crucial for a safe internet-using experience. Here’s the current support status of each major web browser:

Internet Explorer:

IE 11

(Source: Microsoft)

Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates. Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10. In other words, if you’re using any prior version of I.E., you’re at risk and it’s time to update.

Fortunately, Internet Explorer 11 offers improved security, increased performance, better backward compatibility, and support for the web standards that power today’s websites and services, so the transition should prove a comfortable one. Microsoft encourages customers to upgrade and stay up-to-date on the latest browser for a faster, more secure browsing experience. You can download the latest version of Internet Explorer here.

Google Chrome:

Chrome 4

(Source: Google Images)

Chrome, Google’s wildly-popular take on the internet browser, came onto the browser scene (and subsequently onto users computers) in 2008. Now, it’s estimated that Chrome is the most widely-used browser on desktops, at 58% worldwide usage share.

Unlike Internet Explorer, Chrome automatically updates each time it detects that there’s a newer version available, so users don’t have to worry about being on a potentially-outdated version of the browser. However, last November, Google announced it will end support for Chrome on some older operating systems by April 2016, which means that less than a month from today, Chrome will stop getting updates if your computer is running any of the following operating systems:

Windows Vista, Windows XP, OS X 10.6 Snow Leopard, OS X 10.7 Lion and OS X 10.8 Mountain Lion

The April 2016 deadline is actually an extension to the life cycle of Google Chrome on Windows XP. Google originally announced back in October 2013 that support for Chrome on XP would end by April 2015, before pushing that deadline back to December 2015. For more information on system requirements as well as download links for different operating systems, check out this Google support page.

Mozilla Firefox:

Firefox

(Source: Mozilla)

Mozilla’s Firefox, created back in 2002, still remains a popular browser choice for users. Largely thanks to the decline in Internet Explorer usage, Firefox reportedly took over the number two slot for desktop browsers in February 2016.

Like Chrome, Firefox is set by default to automatically update to the latest version. You can find a list of all Firefox releases here.

As far as operating systems go, here are the ones currently supported by Mozilla: Windows XP SP2, Windows Server 2003 SP1, Windows Vista, Windows 7-10, Mac OS X 10.6-10.11. You can learn more about getting the latest version of Firefox on an older version of Windows here (although you should really not be using Windows XP at this point, as outlined earlier).

Safari

Safari

(Source: Apple)

 

Sure, some Mac users prefer to use Chrome or Firefox. However, Safari (the default internet browser on Mac OS X that was originally released in 2003) is also used by many Mac users worldwide.

While the browser doesn’t update automatically, users can easily check for updates by opening the App Store and clicking on ‘Updates’ in the toolbar. If there’s a new version of Safari available, users just need to click the ‘Update’ button (and enter their Apple ID), and the latest version will be installed.

To keep Safari up-to-date, Apple encourages users to upgrade to the latest version of OS X. Safari 9, which is currently in version 9.0.3, comes bundled with the latest version of OS X, El Capitan. However, users who are still using OS X Mavericks can also update to the latest version of Safari. You can find out more information on this Apple support page.

With so many options, updates and upgrades available today, it’s easy to find yourself using an outdated operating system or a internet browser that is no longer supported, and putting yourself at a security risk as a result. Hopefully this blog post and the included hyperlinks will help you take the necessary steps in ensuring your operating system and browsers are up-to-date, which in turn, will help safeguard your identity and personal information.

 

The post Personal Security: Why you Should Update your OS & Internet Browser TODAY appeared first on Webroot Threat Blog.

Threat Recap: Week of March 14th

0
0

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Credit Card Fraud Now Quicker Than Ever

There are thousands of cases of credit card fraud that occur every year, usually through a merchant breach. Lately, however, a new process has emerged and has shown to take almost no time at all, while also being nearly foolproof. By quickly attaching a face-plate skimmer to a credit card processor, hackers can retrieve any customer data they collect later by simply removing the skimmer or remotely connecting to the device via bluetooth.

http://www.csoonline.com/article/3043662/security/credit-card-terminal-goes-from-safe-to-compromised-in-less-than-three-seconds.html#tk.rss_news

Bank Breach in Bangladesh

It recently came to light that hackers had breached Bangladesh’s central bank and attempted to withdraw $101 million USD from their US-held account. The U.S. Federal Reserve allowed the initial transactions to occur, but the overall attack was halted when Deutsche Bank employees noticed a spelling error for the recipient party. While some of the cash had already been transferred to offshore casinos, the remainder that had been withdrawn was returned.

http://www.bankingtech.com/455732/typo-spells-confusion-in-101m-cyber-bank-heist/

Anti-DDoS Firm Hit with DDoS Attack

It has been confirmed that in the past week, the cyber security firm Staminus, has been the latest target of a severe DDoS attack. The attack left the Staminus website down for several days and finally resulted in a large information dump, containing mainly customer information. The information dump was preceeded by a note from the hacker that listed off various “tips” for running a security company, a likely jab at the security flaws used to initiate the breach.

https://nakedsecurity.sophos.com/2016/03/15/attacker-leaves-security-tips-after-invading-anti-ddos-firm-staminus/?utm_source=Naked+Security+-+Sophos+List&utm_campaign=7230822a23-naked%252Bsecurity&utm_medium=email&utm_term=0_31623bb782-7230822a23-454898153

Major News Sites Target of Malvertising

Recently, several high-profile domains were infiltrated by cybercriminals with the intent to distribute ransomware via the Angler Exploit Kit. With ransomware being a simple method for attackers to affect a large audience (as well as bring in a nice profit), more companies should be taking a closer look at their own systems and patching any vulnerabilities. While the attack lasted less than 24 hours, thousands of daily visitors to high-traffic sites such as the New York Times, BBC, and Newsweek could be affected.

http://www.csoonline.com/article/3044588/security/malvertising-campaign-hits-new-york-times-bbc-others.html#tk.rss_news

Typosquatting, Latest Mac OS X Scam

Cybercriminals are always on the lookout for the next method of targeting end-users. This time, they’re focusing on poor spelling. By implementing a method called ‘typosquatting’, attackers have been registering common US company domains using the “.om” suffix (belonging to the country of Oman), in hopes that people misspelling “.com” will be redirected to one of their phony sites. Aimed mainly at Mac OS users, when they land on a fake site, users are directed to a fake Adobe Flash update that actually attempts to install Genieo, a common Mac adware variant.

https://threatpost.com/typosquatters-target-apple-mac-users-with-new-om-domain-scam/116768/

The post Threat Recap: Week of March 14th appeared first on Webroot Threat Blog.

Threat Recap: Week of March 21st

0
0

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Microsoft Addresses Macro Malware Issue

With macros being a major vulnerability point in Microsoft Office software, the 2016 version of the product line will now offer protection against these infections. By allowing network admins to block execution of any macro that attempts to download content from the Internet, this will greatly reduce the number of systems that are compromised.

http://news.softpedia.com/news/microsoft-adds-new-feature-in-office-2016-that-can-block-macro-malware-502058.shtml

Ransomware Takes Aim At Healthcare

In the past week, three U.S. hospitals were targeted by ransomware attacks that left them in varying levels of functionality. Fortunately for patients, all hospitals have returned to full capacity, with little to no patient information being leaked. It is still unclear if the hospitals paid the ransom, however the cases are under FBI investigation.

http://www.bbc.com/news/technology-35880610

NASA Email Servers Hit with DDoS Attack

Recently, a group of hackers linked to Anonymous has made claims that they used a DDoS attack to take down NASA’s email servers all around the world. However, that claim appears to be unsubstantiated, as NASA’s main website was still accessible during the apparent outage. The attack was perpetrated because the hacker group claims that NASA is keeping important information regarding ISIS withheld from the public.

https://www.hackread.com/hackers-ddos-shutdown-nasa-website-email-server/

Local Utilities Need to Increase their Security Measures

In a recent study done by the Verizon RISK lab, it was determined that while many local utility services believe they are quite secure against an information-stealing attack, they are actually a major offender of vulnerabilities. The study also revealed that one customer, Kemuri Water Company, had a decade-old system infrastructure while also using a SCADA platform with direct internet access and no two-factor authentication.

http://www.zdnet.com/article/the-future-of-our-city-services-cyberattackers-target-core-water-systems/

Majority of IT Pros Use Basic AV Security Solutions

It was revealed recently that the vast majority of IT professionals believe that using only a basic Antivirus software is enough to defend against the latest cyber attacks. The study also showed that only 15% applied additional defensive measures. Fortunately for consumers, the trend is moving towards ever-improving security protocols and finding better ways to catch the latest malware variants.

http://www.computing.co.uk/ctg/news/2452094/ninety-seven-per-cent-of-it-professionals-think-standard-antivirus-software-will-stop-zero-day-attacks

 

 

The post Threat Recap: Week of March 21st appeared first on Webroot Threat Blog.

Malware as a Service: As Easy As It Gets

0
0

 

 

If you’ve ever been infected with serious malware, you may have assumed the culprit is a person sitting in the basement of their mom’s house, or a small group of people huddled in a garage somewhere. It’s really not that simple.  There’s a whole global cyber underground network that’s working diligently to make all this happen for you. It’s the lucrative cyber black market. Mostly everyone has heard the term “black market” at least a few times. It’s referenced in many movies and is often heard on the news when speaking of criminal activity and the purchasing of illegal materials or services.

Malware-as-a-Service is a prosperous business run on the black market that offers an array of services and isn’t just limited to malware or bits of code. And you don’t have to be a computer expert either. Anyone can purchase code that will cause harm to a person’s computers or even hold it for ransom. But once purchased, what are you going to do with it? How will investing in this piece of malware return a profit? There’s still the challenge of getting it out there, getting your potential victims to run the payload for the newly purchased malware on their computer. And most importantly, cashing out on the investment. This is where the entire business model of Malware-as-a-Service comes into play.

It’s all offered in the cyber black market and functions no different than the global markets we hear of. Due to its low key nature, it’s difficult to say exactly how much money is generated from Malware-as-a-Service in this market. But it would be no surprise if it stretched up into the billions.  In this market it’s possible to purchase all the necessary pieces to make it as easy as possible for the investors to profit.

 

MAAS

 

First level: The highly skilled elite programmers or engineers who write malware, develop exploits, and are general researchers. This can be an individual or individuals working together.

Second level: Here are the spammers, botnet owners, distributors, hosted system providers. These people are also skilled, but not always elite. This is where the distribution is handled

Third level: The money mules, treasurers, financial data providers.

These three levels fall under the umbrella of Malware-as-a-Service that can be sold and purchased as an entire package or individual services by a vendor.

The individuals involved aren’t always strictly black hat. There are also grey hat hackers, otherwise known as freelancers who are simply looking to make a profit. A programmer can sell a zero day exploit to the vendor of a software as a bounty. However that same exploit might be able to fetch a far greater profit if sold on the black market. A perfect example of this is Facebook, who offers a minimum of $500 for anyone who can hack their site. With over 700 million users, a Facebook exploit can sell for a pretty hefty price in the black market. As malware becomes more profitable this type of business model will continue to grow.

 

 

The post Malware as a Service: As Easy As It Gets appeared first on Webroot Threat Blog.


Threat Recap: Week of March 28

0
0

 

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

 

MedStar Health, Latest Medical Services Ransomware Target

Early this week, MedStar Health, one of the largest healthcare providers in Maryland, was the victim of a ransomware attack that lead to the complete shutdown of their computer systems. Fortunately, for patients, it appears no information was stolen and all of their facilities have remained open, though currently lacking access to digital patient records.

http://www.csoonline.com/article/3048825/security/ransomware-attack-hits-medstar-health-network-offline.html#tk.rss_news

College Board Reports Security Breaches Allow Leaked SAT Tests

Recently, it has been discovered that, due to many security vulnerabilities in the College Board, the most recent version of the SAT has been compromised in several Asian countries. The latest report confirms that many prep schools throughout China and South Korea are teaching past SAT questions that will likely be used again, allowing some students to attain perfect scores, by having studied the answers beforehand.

http://www.reuters.com/investigates/special-report/college-sat-one/

Phishing Attack Nearly Costs Mattel $3 Million

Last year, toy maker Mattel was the victim of a phishing attack that lead to $3 million USD being transferred to a bank in Wenzhou, China. In this case, the new CEO’s email was spoofed to a financial executive that requested a large transfer, that was luckily caught and the account frozen before it was withdrawn. With social engineering being a prevalent source of corporate information, authentication for highly sensitive transfers of information or funds should be mandatory.

http://www.csoonline.com/article/3049392/security/chinese-scammers-take-mattel-to-the-bank-phishing-them-for-3-million.html#tk.rss_news

Federal Court Phone Scams On the Rise

Many people have been the victims of a scam call asking for access to your computer, or scaring you into giving up credit card information, but lately a new call has people worried. It comes in the form of a demand to quickly pay a fine for missing a jury duty summons, or have a warrant issued for your arrest. This type of scare tactic has become more aggressive, but also more detailed with the information they seem to “know” about you.

https://nakedsecurity.sophos.com/2016/03/31/us-federal-court-you-didnt-show-up-for-jury-duty-scammers-slicker-than-ever/

Computer Science Student Finds Valve Vulnerability

This week, a 16-year old student from the University of Salford successfully exploited a vulnerability that allowed him to publish a game to Steam without being reviewed by a Valve employee. He also made a blog post explaining how he was able to go about exploiting the bug, which has since been fixed.

https://www.helpnetsecurity.com/2016/03/30/steam-review-bypass/

The post Threat Recap: Week of March 28 appeared first on Webroot Threat Blog.

Threat Recap: Week of April 4th

0
0

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Credit Card Breach at Trump Hotels

It has recently been reported that the Trump Hotel chains have been the target of yet another credit card breach, which is currently affecting several locations around the world. This comes less than a year after their last report of suspicious payment activity, in which they confirmed their systems had been hit with info-stealing malware.

http://krebsonsecurity.com/2016/04/sources-trump-hotels-breached-again/

Panama Papers Released

In what is currently considered to be the largest data leak in history (containing over 2.6 TB of information), a laundry list of celebrities and major political figures have been tied to offshore bank accounts. While having an offshore corporation is perfectly legal, many of those listed were using tax havens to hide their considerable wealth by using an offshore law firm, Mossack Fonseca, to manage their funds.

http://www.theguardian.com/news/2016/apr/03/what-you-need-to-know-about-the-panama-papers

Updating Passwords Occurs Less Among IT Admins

Most people understand the importance of changing passwords for sensitive accounts regularly, but those who often recommend these changes are at times ending up as the worst offenders. In a recent survey, IT Admins were shown to insist users change their credentials more often than they changed the credentials themselves. Furthermore, an astounding 10% of IT Admins admitted to having never changed the administrative credentials used in their organizations.

http://www.techweekeurope.co.uk/security/security-management/lieberman-software-it-admins-passwords-189155

Visa Database Potential Identity Risk

In the past week, an internal study conducted by the U.S. State Dept. revealed vulnerabilities in the visa application database, which contains hundreds of millions of confidential personal records. Currently, there has been no indication of a breach, but work is being done to seek out any vulnerabilities that haven’t already been resolved. Many of the issues they’re facing are related to aging technical systems and lack of upgrades.

http://www.fiercegovernmentit.com/story/vulnerabilities-visa-database-could-put-290m-personal-records-risk/2016-04-04?

LA Times Confirms their Site was Hacked

On Wednesday, it was reported that someone was able to access the LA Times website using a vulnerability in WordPress, and was offering this access for purchase. According to the LA Times, the security flaw has been resolved and they have added additional security precautions to prevent future breaches.

http://www.csoonline.com/article/3051598/security/la-times-said-to-be-compromised-shell-access-offered-up-for-sale.html?

The post Threat Recap: Week of April 4th appeared first on Webroot Threat Blog.

Bringing Threat Intelligence to the Device

0
0

Previous posts in this series provided an overview of threat intelligence, its role within the IoT space, and how it can be used to prevent threats at the network perimeter in IoT Gateways. With the evolution of internet-connected devices and their growing resource capabilities, these “things” will increasingly become connected directly to the internet, forgoing connectivity through traditional perimeter appliances, and in essence becoming their own gateways or firewalls. This evolution will require a new approach to security in terms of moving protective mechanisms from robust perimeter equipment into the devices themselves. This post focuses on how the use of separation kernel technology can help in this move from security at the perimeter to enabling the use of threat intelligence on the device.

 

An effective way of bringing threat intelligence to devices is through the use of a separation kernel. Separation kernel technology provides a mechanism for controlling the flow of data and commands between an operating system and the hardware on which the operating system resides. In its simplest form, it is a tiny kernel that sits between all hardware functions on a device and the operating system. This separation provides a mechanism for identifying threats outside of a host operating system. Here are two very straightforward ideas on how to quickly implement threat intelligence at the device level through the use of separation kernels:

 

  • Traffic Flow Monitoring: Most gateway or perimeter devices provide a mechanism for traffic flow analysis through the use of packet inspection and threat intelligence. This can be achieved on a device by building tiny monitoring applications that live in a secure memory space outside of a host operating system, but are accessible by the separation kernel. Traffic can be analyzed in this secure space for threats so action can be taken before it is allowed to pass into the operating system or out of the device. This essentially brings the ability to apply network security and policy management to the “thing”.

 

  • Malicious File Identification: Using the same model described above, it would be possible to analyze files outside of a user’s operating system by identifying threats before they have access to user memory and application space. Files could be assembled in a secure memory space for hashing and looked up in a cloud-based ecosystem for threat determination. In the case of unknown files, additional analysis could be performed locally to identify any threats before they have access to the user memory or application space.

 

These are only two basic examples of what could be done through the use of cyber threat intelligence on a device. As the Internet of Things continues to expand, there will undoubtedly be more and more approaches that bring existing network and perimeter security to the device. The next and final installment of this series will explore some of these ideas.

The post Bringing Threat Intelligence to the Device appeared first on Webroot Threat Blog.

Threat Recap: Week of April 22nd

0
0

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Quicktime for Windows No Longer Supported

This week, Microsoft announced they would no longer be supporting the Quicktime media player and strongly recommended to completely uninstall it in order to avoid any malicious attack through the software, which will no longer receive patches. Several flaws have been found that could leave users open for attackers to access and infect the system. At present, the Mac version of Quicktime is still being supported with security updates.

http://n4bb.com/uninstall-quicktime-windows-microsoft-stops-support/

Security Flaw Leaves Phone Users Vulnerable

Most telecom companies around the world use the same routing protocol, SS7, for allowing users to contact others around the globe. However, SS7 also allows access to an individual phone and can even be maliciously aimed at gaining call recordings, geographical locations, and other personal information. This flaw, while dangerous in the hands of cyber criminals, is also used by the NSA and other intelligence agencies for data gathering and monitoring for suspicious activities.

http://arstechnica.com/security/2016/04/how-hackers-eavesdropped-on-a-us-congressman-using-only-his-phone-number/

Cyber Security Lacking in Majority of Companies

In a recent threat intelligence report, it was discovered that over 75% of business organizations have no method of response for cyber attacks, and only obtain these critical services after they have been targeted. While individual sectors are seeing a steady rise in malware attacks on their systems, it’s difficult to believe that a large portion are still unprepared for the attacks being reported in the news on a daily basis. And yet, here we are.

http://www.channelpartnersonline.com/news/2016/04/most-businesses-have-no-cyberattack-response-capa.aspx

Latest Encrypting Ransomware Aims at Bitcoin

In the past week, a new ransomware variant known as CryptXXX has been spotted in the wild that will both encrypt your data and steal bitcoins and other sensitive information located on the system. It appears to be from the same creators as Reveton, an older variant of encrypting ransomware, but with several advances that help it access stored passwords and lock users out of the system.

http://bravenewcoin.com/news/cryptxxx-set-to-become-the-worst-bitcoin-stealing-ransomware-yet/

End-to-End Message Encryption On the Rise

With the recent news about the FBI breaking Apple’s encryption to access sensitive information, more and more companies are working towards enhancing their current encryption standards. Viber, which makes the popular messaging app, has just announced they will be providing full end-to-end encryption for any and all data sent in messages, though it will take some time for all of its 700 million users to update to the latest version. Moreover, with Viber being an Israel-based company, they will not be directly affected by any US Congress decisions regarding encryption and the governments ability to access encrypted information.

http://www.wired.com/2016/04/viber-encrytpion/

The post Threat Recap: Week of April 22nd appeared first on Webroot Threat Blog.

Threat Recap: Week of April 29th

0
0

 

Bangladesh Bank Still Attempting to Recover

In the months following one of the largest cyber heists in history, the Bangladesh Central Bank is still in the process of retrieving the $81 Million that was stolen from it, and which remains unaccounted for. The latest update comes from SWIFT, the financial transaction co-op, that has publicly stated that the Bangladesh Central Bank incident was not singular, but rather part of a larger string of cyber attacks. With this declaration, SWIFT has also pushed out a security update that will hopefully make these types of attacks more difficult in the future.

http://www.reuters.com/article/us-cyber-banking-swift-exclusive-idUSKCN0XM2DI

Uber User’s Data Security is Not So Secure

With the rise in app-based ride services across the globe, Uber riders are seeing spikes in fraudulent charges from distant locations. In other words, users are getting charged for rides they couldn’t possibly have been on. While Uber is still confident they’ve had no security breach of user information, more and more accounts are popping up on the Dark Web, at surprisingly reasonable costs. The most likely explanation is that consumers are using the same usernames and passwords for multiple apps, an ill-advised practice that’s not secure by default, which could be causing the harvesting of these credentials.

http://www.csoonline.com/article/3059461/data-breach/uber-fraud-scammer-takes-the-ride-victim-gets-the-bill.html?

Qatar National Bank is the Latest Financial Target of Cyber Attacks

In the past week, Qatar National Bank has stated they were the victim of a cyber attack, which allowed 1.4GB-worth of sensitive customer information to be leaked onto the Dark Web. Among the data, researchers have found transactions and other financial records of many high profile clients, including the Qatar Royal Family, possible intelligence agents from around the world, and even data on Al Jazeera employees. Qatar National Bank has made no confirmation of a security breach, although the leaked information would appear to be legitimate.

http://abcnews.go.com/International/wireStory/large-qatari-bank-investigating-alleged-data-breach-38698362 

Lifeboat Breach Could Lead to More Vulnerabilites

Recently, it was reported that Lifeboat Network, a Minecraft server provider, was hacked, with usernames/passwords being compromised. While Lifeboat issued a password reset to all users, who aren’t required to enter any personal or financial information when creating a login, users should still be cautious if they have re-used their passwords for other sites and change their passwords if this is the case.

https://www.helpnetsecurity.com/2016/04/27/lifeboat-data-breach/

Dating Site Exposes User Data

This week, yet another online dating site has been hacked and this time, the personal information of over 1 million individuals has been leaked. The site in question, Beautifulpeople.com, has stated that the leaked data was from a test server containing no user data. The server, which had no admin password to access, has since been taken offline.

https://www.wired.com/2016/04/beautiful-people-hack/ 

Separate tags with commas

SWIFT, Uber, Bangladesh Central Bank Breach, Dating site breach, Uber data security, data security, Minecraft, Lifeboat breach, cyber attacks, financial breach

 

 

The post Threat Recap: Week of April 29th appeared first on Webroot Threat Blog.

Viewing all 1110 articles
Browse latest View live




Latest Images