Trickle Down Cybercrime

Uploaded on 2016-10-12 in FREE TO VIEW, GOVERNMENT-Law Enforcement, NEWS-Cybersecurity News

October is National Cyber Security Awareness and this week’s theme, cybercrime, is particularly apt with the holiday shopping season getting underway. Cybercrime is the fastest growing economic crime, jumping from fourth to 2nd place among the most reported types of economic crimes in PwC’s Global Economic Crime Survey 2016.

Attacks by cybercriminals are also growing more and more sophisticated and costly. Take the financial sector. While financial institutions have always been a target of choice, the stakes were raised significantly with this year’s hack of the SWIFT messaging system, which siphoned off $81m from the Bangladesh central bank and has caused problems for numerous other institutions.

The threat is so severe that last week the G7 group of nations jointly issued a cybersecurity framework for the financial sector. Unfortunately, while useful as a starting point for discussions, the framework offers little in the way of practical advice.

That is not surprising given the complicated nature of these threats. Advanced Persistent Threats (APTs), the type used in the SWIFT breach, employ sophisticated evasive techniques tailored for their target to avoid detection.

Upon infiltration, they persistently connect to an external command and control system to continuously monitor and extract data. The infamous Carbanak attacks, which took many dozens of banks for an estimated total of $1 billion, are another example. In that case, the malicious malware breached the banks’ systems for months, tracking the working process of the employees, and sending back video feeds to hackers.

The Trickle Down Effect

Once upon a time, the advanced evasive maneuvers used by such APTs could be safely ignored by the vast percentage of businesses and individuals. Not anymore. Advanced attack software and even technical support can be rented by anyone.

Malware-as-a-service has become a thriving organized crime industry. When put together with other “businesses,” like the black market in stolen credentials, or the sale of 0-day and 1-day vulnerabilities, cybercrime has become a huge chunk of organized crime’s revenue. A report by the Rand Corporation found that the cyber black market could be more profitable than the illegal drug trade.

With such readily available tools, even mass attacks, like malware spam (malspam), have begun incorporating advanced attack techniques.

Ground Zero

But how does malware get to the endpoint in the first place? Endpoint attack infiltration vectors can be grouped into two types.

The first, or the malspam type, requires user interaction or consent. Using some type of social engineering, a user is convinced to go to a specific site and enter credentials, or enable a macro (that then downloads ransomware or a key logger or password stealer), or download malicious software disguised as legitimate software or execute an executable file attachment.

A recent example is the Locky ransomware campaign that sends emails with a Word “invoice” attached. Victims are prompted to enable a macro to see the “invoice,” thereby downloading and launching the ransomware. However, the second type involves no user consent. It exploits vulnerabilities in browsers (often Internet Explorer or Firefox – JavaScript or VB), third party plugins (most commonly Flash, Silverlight, Java), document viewers (Office, Acrobat), scanning engines (Antivirus scanning for files) and graphic parsers (usually Windows OS drivers).

In the Carbanak attacks mentioned earlier, a Trojan-infected Word email attachment exploited the MS Office CVE-2015-2545 vulnerability to automatically download malicious code upon opening.

Attacks that exploit memory vulnerabilities are increasingly common and particularly difficult for cybersecurity systems to detect and block. A memory vulnerability results from possible wrong inputs into software. For example, inputs that are too long without proper validation can result in Buffer overflows (heap or stack). Additional memory vulnerabilities include Type confusion, Use-after-free condition and Integer overflow, among others.

Combating Cybercrime

While cybercrime methods have gotten smarter and cheaper to perpetrate, overall defenses have not kept up. All detection-based security products are necessarily limited by their detection logic, whether signature-based like traditional AV or more sophisticated solutions based on heuristics, reputation lists or machine learning. They also usually fall flat at dealing with file-less malware and can add significant administrative burden in terms of generating false positive results and update requirements.

Evasive techniques need likewise defense. Moving Target Defense (MTD) is one such emerging strategy. It uses counter-deception techniques to constantly change the target surface, concealing vulnerabilities in applications and web browsers and trapping attempts at access. MTD holds promise especially when combined with traditional antivirus, which is easy and cheap to administrate and still surprisingly adept at catching run-of-the-mill malware.
 
Information-Management

« Data Strategies Are Not Keeping Up With Cloud Migration
Google’s Ad Tracking Is Just As Creepy As Facebook's »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Hack Miami

Hack Miami

HackMiami is the premier resource in South Florida for highly skilled hackers that specialize in vulnerability analysis, penetration testing, digital forensics, and all manner of IT security.

Puppet

Puppet

Puppet is a leader in IT automation. Our software helps DevOps securely automate configuration and management of machines and the software running on them.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

Waratek

Waratek

Waratek is a pioneer in the next generation of application security solutions known as Runtime Application Self-Protection or RASP.

Zettaset

Zettaset

Zettaset’s XCrypt Data Encryption Platform delivers proven protection for Object, Relational/SQL, NoSQL, and Hadoop data stores…in the cloud and on-premises.

Dell Technologies

Dell Technologies

Dell Technologies Consulting Services enables a highly resilient business amidst the proliferation of cloud-based IT services and constant threats to your most critical information.

Cyber Security Jobs

Cyber Security Jobs

Cyber Security Jobs was formed to help job seekers find jobs and recruiters fill cyber security job vacancies.

Netsecurity AS

Netsecurity AS

Netsecurity is a Norwegian owned company focused and specialised within IT security and cybersecurity-as-a service.

SafeHouse Technologies

SafeHouse Technologies

SafeHouse is a cloud-based, high-end cybersecurity platform that can secure and insure any device that is connected to it.

eCentre@LindenPointe

eCentre@LindenPointe

The eCenter@LindenPointe provides assistance to the development, management and promotion of STEM (Science, Technology, Engineering, Mathematics) related business ventures.

Picnic

Picnic

Picnic is a gritty, pioneering team of intelligence and cybersecurity specialists focused on solving the security challenge of our time - social engineering.

Paubox

Paubox

Paubox offers secure, HIPAA compliant email and marketing solutions to fit the needs of modern healthcare organizations of every size.

SkillsDA

SkillsDA

SkillsDA is pureplay company in cyber security involved in capacity building towards National Security.

Securin

Securin

Securin offers a comprehensive portfolio of solutions including Attack Surface Management, Vulnerability Intelligence, Penetration Testing, and Vulnerability Management.

Merlin Ventures

Merlin Ventures

Merlin Ventures is a strategic investor focused on driving growth and value for cybersecurity software companies with market-leading potential.