Trickle Down Cybercrime

Uploaded on 2016-10-12 in FREE TO VIEW, GOVERNMENT-Law Enforcement, NEWS-Cybersecurity News

October is National Cyber Security Awareness and this week’s theme, cybercrime, is particularly apt with the holiday shopping season getting underway. Cybercrime is the fastest growing economic crime, jumping from fourth to 2nd place among the most reported types of economic crimes in PwC’s Global Economic Crime Survey 2016.

Attacks by cybercriminals are also growing more and more sophisticated and costly. Take the financial sector. While financial institutions have always been a target of choice, the stakes were raised significantly with this year’s hack of the SWIFT messaging system, which siphoned off $81m from the Bangladesh central bank and has caused problems for numerous other institutions.

The threat is so severe that last week the G7 group of nations jointly issued a cybersecurity framework for the financial sector. Unfortunately, while useful as a starting point for discussions, the framework offers little in the way of practical advice.

That is not surprising given the complicated nature of these threats. Advanced Persistent Threats (APTs), the type used in the SWIFT breach, employ sophisticated evasive techniques tailored for their target to avoid detection.

Upon infiltration, they persistently connect to an external command and control system to continuously monitor and extract data. The infamous Carbanak attacks, which took many dozens of banks for an estimated total of $1 billion, are another example. In that case, the malicious malware breached the banks’ systems for months, tracking the working process of the employees, and sending back video feeds to hackers.

The Trickle Down Effect

Once upon a time, the advanced evasive maneuvers used by such APTs could be safely ignored by the vast percentage of businesses and individuals. Not anymore. Advanced attack software and even technical support can be rented by anyone.

Malware-as-a-service has become a thriving organized crime industry. When put together with other “businesses,” like the black market in stolen credentials, or the sale of 0-day and 1-day vulnerabilities, cybercrime has become a huge chunk of organized crime’s revenue. A report by the Rand Corporation found that the cyber black market could be more profitable than the illegal drug trade.

With such readily available tools, even mass attacks, like malware spam (malspam), have begun incorporating advanced attack techniques.

Ground Zero

But how does malware get to the endpoint in the first place? Endpoint attack infiltration vectors can be grouped into two types.

The first, or the malspam type, requires user interaction or consent. Using some type of social engineering, a user is convinced to go to a specific site and enter credentials, or enable a macro (that then downloads ransomware or a key logger or password stealer), or download malicious software disguised as legitimate software or execute an executable file attachment.

A recent example is the Locky ransomware campaign that sends emails with a Word “invoice” attached. Victims are prompted to enable a macro to see the “invoice,” thereby downloading and launching the ransomware. However, the second type involves no user consent. It exploits vulnerabilities in browsers (often Internet Explorer or Firefox – JavaScript or VB), third party plugins (most commonly Flash, Silverlight, Java), document viewers (Office, Acrobat), scanning engines (Antivirus scanning for files) and graphic parsers (usually Windows OS drivers).

In the Carbanak attacks mentioned earlier, a Trojan-infected Word email attachment exploited the MS Office CVE-2015-2545 vulnerability to automatically download malicious code upon opening.

Attacks that exploit memory vulnerabilities are increasingly common and particularly difficult for cybersecurity systems to detect and block. A memory vulnerability results from possible wrong inputs into software. For example, inputs that are too long without proper validation can result in Buffer overflows (heap or stack). Additional memory vulnerabilities include Type confusion, Use-after-free condition and Integer overflow, among others.

Combating Cybercrime

While cybercrime methods have gotten smarter and cheaper to perpetrate, overall defenses have not kept up. All detection-based security products are necessarily limited by their detection logic, whether signature-based like traditional AV or more sophisticated solutions based on heuristics, reputation lists or machine learning. They also usually fall flat at dealing with file-less malware and can add significant administrative burden in terms of generating false positive results and update requirements.

Evasive techniques need likewise defense. Moving Target Defense (MTD) is one such emerging strategy. It uses counter-deception techniques to constantly change the target surface, concealing vulnerabilities in applications and web browsers and trapping attempts at access. MTD holds promise especially when combined with traditional antivirus, which is easy and cheap to administrate and still surprisingly adept at catching run-of-the-mill malware.
 
Information-Management

« Data Strategies Are Not Keeping Up With Cloud Migration
Google’s Ad Tracking Is Just As Creepy As Facebook's »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Intrinsic-ID

Intrinsic-ID

Intrinsic-ID's authentication technology creates unique IDs and keys to authenticate chips, data, devices and systems.

CertiKit

CertiKit

CertiKit produce toolkit products that accelerate the adoption of ISO/IEC standards, including ISO 27001, helping organizations all over the world to realize the benefits as soon as possible.

TWNCERT

TWNCERT

TWNCERT is the National Computer Emergency Response Team of Taiwan.

INCIBE-CERT

INCIBE-CERT

INCIBE-CERT is the reference security incident response center for citizens and private law entities in Spain

KPN Security

KPN Security

KPN Security is the largest and most complete provider of IT security services in the Netherlands.

Miradore

Miradore

Miradore is a software company specializing in effective, cloud-based device management. Our goal is to help IT Service Providers and IT departments secure and control devices.

ForAllSecure

ForAllSecure

ForAllSecure’s mission is to make the world’s software safe by pioneering autonomous cybersecurity tools that automatically find and fix vulnerabilities in run-time executable software.

eSec Forte Technologies

eSec Forte Technologies

eSec Forte Technologies is a CMMi Level 3 certified Global Consulting and IT Security Services company.

Pyxsoft PowerWAF

Pyxsoft PowerWAF

Pyxsoft PowerWAF responds to the problem of business cybersecurity. We protect our clients' websites and data against attacks and exploitation of all kinds of vulnerabilities.

BastionZero

BastionZero

BastionZero is leveraging cryptography to reimagine the tools used to manage remote access to servers, containers, clusters, applications and databases across cloud and on-prem environments.

RevealSecurity

RevealSecurity

RevealSecurity's TrackerIQ detects malicious activities in enterprise applications.

Execweb

Execweb

Execweb are a cybersecurity executive network, comprised of 400+ security practitioners who work at Fortune 500 and SME companies.

B2Bcert

B2Bcert

B2BCERT one of the top companies offering ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001, ISO 20000,CE Marking, HACCP, and other globally accepted standards and Management solutions.

OutKept

OutKept

OutKept offers the highest quality phishing simulation campaigns, supported by a community of ethical phishers, to build awareness, and maintain alertness.

Prowler

Prowler

Prowler is at the forefront of the Open Cloud Security movement, championing a new era of transparency, customizability, and community-driven security for cloud environments.

Xeliumtech Solutions

Xeliumtech Solutions

Xeliumtech Solutions are a Digital Transformation partner with quality offerings in Mobile App Development, Ecommerce, Devops, RPA, AI, IoT development, Cybersecurity and more.