Trickle Down Cybercrime

October is National Cyber Security Awareness and this week’s theme, cybercrime, is particularly apt with the holiday shopping season getting underway. Cybercrime is the fastest growing economic crime, jumping from fourth to 2nd place among the most reported types of economic crimes in PwC’s Global Economic Crime Survey 2016.

Attacks by cybercriminals are also growing more and more sophisticated and costly. Take the financial sector. While financial institutions have always been a target of choice, the stakes were raised significantly with this year’s hack of the SWIFT messaging system, which siphoned off $81m from the Bangladesh central bank and has caused problems for numerous other institutions.

The threat is so severe that last week the G7 group of nations jointly issued a cybersecurity framework for the financial sector. Unfortunately, while useful as a starting point for discussions, the framework offers little in the way of practical advice.

That is not surprising given the complicated nature of these threats. Advanced Persistent Threats (APTs), the type used in the SWIFT breach, employ sophisticated evasive techniques tailored for their target to avoid detection.

Upon infiltration, they persistently connect to an external command and control system to continuously monitor and extract data. The infamous Carbanak attacks, which took many dozens of banks for an estimated total of $1 billion, are another example. In that case, the malicious malware breached the banks’ systems for months, tracking the working process of the employees, and sending back video feeds to hackers.

The Trickle Down Effect

Once upon a time, the advanced evasive maneuvers used by such APTs could be safely ignored by the vast percentage of businesses and individuals. Not anymore. Advanced attack software and even technical support can be rented by anyone.

Malware-as-a-service has become a thriving organized crime industry. When put together with other “businesses,” like the black market in stolen credentials, or the sale of 0-day and 1-day vulnerabilities, cybercrime has become a huge chunk of organized crime’s revenue. A report by the Rand Corporation found that the cyber black market could be more profitable than the illegal drug trade.

With such readily available tools, even mass attacks, like malware spam (malspam), have begun incorporating advanced attack techniques.

Ground Zero

But how does malware get to the endpoint in the first place? Endpoint attack infiltration vectors can be grouped into two types.

The first, or the malspam type, requires user interaction or consent. Using some type of social engineering, a user is convinced to go to a specific site and enter credentials, or enable a macro (that then downloads ransomware or a key logger or password stealer), or download malicious software disguised as legitimate software or execute an executable file attachment.

A recent example is the Locky ransomware campaign that sends emails with a Word “invoice” attached. Victims are prompted to enable a macro to see the “invoice,” thereby downloading and launching the ransomware. However, the second type involves no user consent. It exploits vulnerabilities in browsers (often Internet Explorer or Firefox – JavaScript or VB), third party plugins (most commonly Flash, Silverlight, Java), document viewers (Office, Acrobat), scanning engines (Antivirus scanning for files) and graphic parsers (usually Windows OS drivers).

In the Carbanak attacks mentioned earlier, a Trojan-infected Word email attachment exploited the MS Office CVE-2015-2545 vulnerability to automatically download malicious code upon opening.

Attacks that exploit memory vulnerabilities are increasingly common and particularly difficult for cybersecurity systems to detect and block. A memory vulnerability results from possible wrong inputs into software. For example, inputs that are too long without proper validation can result in Buffer overflows (heap or stack). Additional memory vulnerabilities include Type confusion, Use-after-free condition and Integer overflow, among others.

Combating Cybercrime

While cybercrime methods have gotten smarter and cheaper to perpetrate, overall defenses have not kept up. All detection-based security products are necessarily limited by their detection logic, whether signature-based like traditional AV or more sophisticated solutions based on heuristics, reputation lists or machine learning. They also usually fall flat at dealing with file-less malware and can add significant administrative burden in terms of generating false positive results and update requirements.

Evasive techniques need likewise defense. Moving Target Defense (MTD) is one such emerging strategy. It uses counter-deception techniques to constantly change the target surface, concealing vulnerabilities in applications and web browsers and trapping attempts at access. MTD holds promise especially when combined with traditional antivirus, which is easy and cheap to administrate and still surprisingly adept at catching run-of-the-mill malware.
 
Information-Management

« Data Strategies Are Not Keeping Up With Cloud Migration
Google’s Ad Tracking Is Just As Creepy As Facebook's »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CCN-CERT

CCN-CERT

CCN-CERT is the Spanish national government computer security incident response centre.

Centre for the Protection of National Infrastructure (CPNI)

Centre for the Protection of National Infrastructure (CPNI)

CPNI works with the National Cyber Security Centre (NCSC), Cabinet Office and lead Government departments and agencies to drive forward the UK's cyber security programme to counter cyber threats.

FixMeStick

FixMeStick

FixMeStick is a virus removal device, a USB key that removes malware conventional antivirus software often can’t detect.

LIFARS

LIFARS

LIFARS is a global leader in Digital Forensics and Cyber Resiliency Services.

C2A Security

C2A Security

C2A Security offers a comprehensive suite of cyber security solutions for the automotive industry, providing in-vehicle end-to-end protection.

Vanbreda

Vanbreda

Vanbreda Risk & Benefits is the largest independent insurance broker and risk consultant in Belgium and the leading insurance partner in the Benelux.

Cowbell Cyber

Cowbell Cyber

Cowbell Cyber™ offers continuous risk assessment, comprehensive cyber liability coverage, and continuous underwriting through an AI-powered platform.

DreamIt Ventures

DreamIt Ventures

DreamIt Ventures is an early stage venture fund that accelerates startups building transformative tech products in the fields of Healthtech, Securetech, and Urbantech.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

ANSEC IA

ANSEC IA

ANSEC is a consultancy practice providing independent Information Assurance and IT Security focussed services to customers throughout the UK, Ireland and internationally.

Meditology

Meditology

Meditology Services is a top-ranked provider of information risk management, cybersecurity, privacy, and regulatory compliance consulting services exclusively for healthcare organizations.

Yogosha

Yogosha

Yogosha is a crowdsourced cybersecurity platform enabling a win-win collaboration with the most talented hackers to detect and fix vulnerabilities on your most critical systems.

RecoLabs

RecoLabs

Reco’s proprietary AI technology dynamically maps business interactions within your collaboration tools to identify sensitive assets shared and uncover incidents that are relevant to your business.

Sidcon International Consulting Company

Sidcon International Consulting Company

SIDCON International Consulting Company has been providing consulting services since 2002 for private and public organizations in Ukraine and other countries.

Flotek

Flotek

Flotek is an IT & Comms service provider delivering SMEs with trusted, innovative and cost effective cloud technology, with confidence, clarity and clout.

endpointX

endpointX

endpointX is a preventative cyber security company. We help companies minimize their risk of breach by improving cyber hygiene.