ISRT IS 376 OCTOBER 28, 2014 INTERNET SECURITY THREAT REPORT 2014.

ISRTIS 376

OCTOBER 28, 2014

INTERNET SECURITY THREAT REPORT 2014

COMPUTER SECURITYCOMPUTERS AND NETWORKS WERE ORIGINALLY DEVELOPED TO FACILITATE ACCESS,

NOT TO RESTRICT IT.

SOFTWARE/HARDWARE SYSTEMS KNOWN AS FIREWALLS ARE OFTEN USED TO PROVIDE “CHOKE POINTS” FOR COMPUTER SYSTEMS.

• THEY PREVENT UNAUTHORIZED LOGINS FROM THE OUTSIDE WORLD.

• THEY AUDIT THE TRAFFIC ENTERING AND EXITING THE SYSTEM.

• THEY MAY BE USED TO BLOCK OUTGOING DATA TO UNAUTHORIZED DESTINATIONS.

INTERNET SECURITYIS 376OCTOBER 28, 2014 PAGE 2


DENIAL OF SERVICE ATTACKS“DENIAL OF SERVICE” ATTACKS CONSIST OF THE CONSUMPTION OF A

LIMITED RESOURCE, USUALLY NETWORK CONNECTIVITY, IN AN EFFORT TO DENY LEGITIMATE ACCESS TO THAT RESOURCE.

IN THIS TYPE OF ATTACK, THE ATTACKER BEGINS THE PROCESS OF ESTABLISHING A CONNECTION TO THE VICTIM MACHINE, BUT DOES IT IN

SUCH A WAY AS TO PREVENT THE ULTIMATE COMPLETION OF THE CONNECTION.

IN THE MEANTIME, THE VICTIM MACHINE HAS RESERVED ONE OF A LIMITED NUMBER OF DATA STRUCTURES

REQUIRED TO COMPLETE THE IMPENDING CONNECTION.

THE RESULT IS THAT LEGITIMATE CONNECTIONS ARE DENIED WHILE THE VICTIM MACHINE IS WAITING TO COMPLETE BOGUS "HALF-OPEN" CONNECTIONS.


VIRUSESA VIRUS IS A COMPUTER PROGRAM FILE CAPABLE OF ATTACHING TO

DISKS OR OTHER FILES AND REPLICATING ITSELF REPEATEDLY, TYPICALLY WITHOUT USER KNOWLEDGE OR PERMISSION.

SOME VIRUSES ATTACH TO

FILES SO WHEN THE INFECTED

FILE EXECUTES, THE VIRUS ALSO

EXECUTES.

OTHER VIRUSES SIT IN A COMPUTER'S

MEMORY AND INFECT FILES AS THE

COMPUTER OPENS, MODIFIES OR

CREATES THE FILES.

SOME VIRUSES DISPLAY SYMPTOMS, AND SOME VIRUSES DAMAGE FILES AND COMPUTER SYSTEMS.


WORMSWORMS ARE PARASITIC COMPUTER PROGRAMS THAT

REPLICATE, BUT UNLIKE VIRUSES, DO NOT REQUIRE ACTION ON THE PART OF HUMAN USERS IN ORDER TO SPREAD.

WORMS CAN CREATE COPIES ON THE SAME COMPUTER, OR CAN SEND THE COPIES TO OTHER

COMPUTERS VIA A NETWORK.

WORMS OFTEN SPREAD VIA E-MAIL OR CHAT APPLICATIONS, TAKING ADVANTAGE OF FILE

OR INFORMATION TRANSPORT FEATURES TO SPREAD UNAIDED BY HUMAN ACTION.


TROJAN HORSESA TROJAN HORSE IS A MALICIOUS PROGRAM THAT

PRETENDS TO BE A BENIGN APPLICATION.

A TROJAN HORSE PROGRAM PURPOSEFULLY DOES SOMETHING

THE USER DOES NOT EXPECT.

TROJAN HORSES ARE NOT VIRUSES SINCE THEY DO NOT REPLICATE, BUT THEY CAN BE

JUST AS DESTRUCTIVE.

ONE TYPE OF TROJAN HORSE, KNOWN AS A LOGIC BOMB, IS SET TO EXECUTE WHENEVER A SPECIFIC EVENT OCCURS (E.G., A CHANGE IN A FILE, A

PARTICULAR SERIES OF KEYSTROKES, A SPECIFIC

TIME OR DATE).


WATERING HOLE ATTACKSWITH INCREASED VIGILANCE AGAINST MALWARE ATTACKS, SOME

ATTACKERS HAVE RESORTED TO INDIRECT WATERING HOLE ATTACKS.

• THE ATTACKERS INJECT AN “EXPLOIT” CONTAINING MALWARE ONTO A TRUSTED SITE THAT THEIR INTENDED TARGET OFTEN VISITS.

• WHEN THE TARGET VISITS THE SITE, THE EXPLOIT DROPS ITS MALWARE ONTO THE VICTIM’S SYSTEM.

• THE ATTACKERS CAN THEN LAUNCH THEIR MALICIOUS ATTACK VIA THEIR LAUNCHED MALWARE.


ZERO DAY VULNERABILITIESWHEN ATTACKERS DISCOVER A VULNERABILITY IN A SOFTWARE

SYSTEM BEFORE THE SYSTEM DEVELOPERS DO (OR AT LEAST BEFORE THEY FIX IT), THE ATTACKERS TRY TO DEVELOP “EXPLOITS” (I.E.,

STRATEGIES FOR TAKING ADVANTAGE OF THAT VULNERABILITY) ON “DAY ZERO” OF AWARENESS OF THE VULNERABILITY.

AFTER SOME SOFTWARE DEVELOPERS TOOK OVER FOUR YEARS TO ADDRESS KNOWN VULNERABILITIES, HEWLETT-PACKARD’S ZERO DAY INITIATIVE WAS SET UP TO REWARD RESEARCHERS WHO REPORTED VULNERABILITIES TO ZDI,

WHICH WOULD TRY TO WORK WITH THE VENDOR TO DEVELOP A PATCH FOR THE PROBLEM.

IN ANY CASE, THE DEVELOPER WOULD HAVE NO MORE THAN 180 DAYS TO FIX THE VULNERABILITY BEFORE ZDI WOULD

RELEASE THE INFORMATION TO THE PRESS.


RANSOMWARE


UNSOLICITED COMMERCIAL E-MAIL (SPAM)E-MAIL IS SENT TO A VAST NUMBER OF USERS, WITH THE HOPES THAT SOME SMALL

PERCENTAGE OF THEM WILL RESPOND TO AN “IRRESISTIBLE” OFFER AND PURCHASE WHAT TURNS OUT TO BE A BOGUS PRODUCT AT A “BARGAIN” PRICE.


SPAM STATISTICS (2013)


ZOMBIE ARMIES (BOTNETS)ZOMBIE COMPUTERS, VIRUS-INFECTED COMPUTERS THAT

PERFORM MALICIOUS TASKS UNDER REMOTE DIRECTION, ARE THE

MAJOR DELIVERY METHOD OF SPAM.


SPAM RED FLAGSAMONG THE TELLTALE SIGNS THAT AN E-MAIL MESSAGE COULD BE

SPAM:

• FREQUENT USE OF CHARACTERS THAT ARE NEITHER NUMBERS NOR LETTERS.

• TRANSMISSION TIME IN THE WEE HOURS OF THE NIGHT.

• USE OF HUSTLE PHRASES, LIKE “DOUBLE YOUR INCOME” OR “LOSE WEIGHT FAST”.


PHISHING EXPEDITIONPHISHING IS A HIGH-TECH SCAM

THAT USES SPAM OR POP-UP MESSAGES TO DECEIVE WEB USERS

INTO DISCLOSING CREDIT CARD NUMBERS, BANK ACCOUNT

INFORMATION, SOCIAL SECURITY NUMBER, PASSWORDS, OR OTHER

SENSITIVE INFORMATION.


SPEAR PHISHINGINSTEAD OF SENDING THOUSANDS OF RANDOM E-MAILS, HOPING A FEW VICTIMS WILL

BITE, SPEAR PHISHERS TARGET SELECT GROUPS OF PEOPLE WITH SOMETHING IN COMMON (E.G., WORK AT THE SAME COMPANY, ATTEND THE SAME COLLEGE).

FIRST, CRIMINALS NEED SOME INSIDE INFORMATION ON THEIR TARGETS TO CONVINCE THEM THE E-MAILS ARE LEGITIMATE. THEY OFTEN OBTAIN IT BY HACKING INTO AN ORGANIZATION’S COMPUTER NETWORK OR BY COMBING THROUGH OTHER WEBSITES, BLOGS, AND SOCIAL NETWORKING SITES.

NEXT, THEY SEND E-MAILS THAT LOOK LIKE THE REAL THING TO TARGETED VICTIMS, OFFERING ALL SORTS OF URGENT AND LEGITIMATE-SOUNDING

EXPLANATIONS AS TO WHY THEY NEED YOUR PERSONAL DATA.

FINALLY, THE VICTIMS ARE ASKED TO CLICK ON A LINK INSIDE THE E-MAIL THAT TAKES THEM TO A PHONY BUT REALISTIC-LOOKING WEBSITE, WHERE THEY ARE ASKED TO PROVIDE PASSWORDS,

ACCOUNT NUMBERS, USER IDS, PINS, ETC.


SPEAR PHISHING WORD CLOUDCERTAIN WORDS ARE USED FREQUENTLY IN SPEAR PHISHING EFFORTS, USUALLY ASSOCIATED WITH URGENCY OR OTHER ATTENTION-GRABBING CONNOTATIONS.


MOBILE ADWARE (MADWARE)DEVELOPERS MONETIZE MOBILE APPS BY DISPLAYING ADVERTISEMENTS ON THEM. THEY USE AD LIBRARIES THAT HAVE THE ABILITY TO COLLECT INFORMATION ABOUT

THE APP’S USER IN ORDER TO SERVE TARGETED ADVERTISEMENTS.

THIS CAN BE ABUSED AND, DEPENDING

ON WHICH AD LIBRARY

FEATURES THE DEVELOPER CHOOSES TO

USE, PERSONAL

DATA CAN BE LEAKED

THROUGH AN AD LIBRARY.

ADDITIONALLY, AN AD LIBRARY

CAN EXHIBIT ANNOYING BEHAVIORS

SUCH AS DISPLAYING ADS IN THE

NOTIFICATION BAR, CREATING AD ICONS, OR

CHANGING WEB BROWSER

BOOKMARKS.

ISRT IS 376 OCTOBER 28, 2014 INTERNET SECURITY THREAT REPORT 2014.

Documents

Transcript of ISRT IS 376 OCTOBER 28, 2014 INTERNET SECURITY THREAT REPORT 2014.