By Govind Rammurthy, MD & CEO, eScan
Another year comes to an end, but not without leaving a trail of security issues and concerns. This year also saw a shift in the trend and distribution of malware. The rise in smartphone has essentially turned them into a fundamental objective for cybercriminals who have started to target these devices at a much larger scale.
The Blackhole exploit kit broke new grounds in 2012 but in 2013, it gave rise to other stealthier malware with CryptoLocker being the stealthiest of them all. Today, malware is all about stealth and Advanced Persistent Threats have been one of the fiercest examples in the field of stealth threats. They are complex enough to stay undetected for weeks in the field of cyber warfare where exposure of corporate data and espionage was more of an agenda in 2013.
It would be wise to say that ‘security is no more an option’ but is a must-have for both businesses and individuals. Nevertheless, common sense also needs to prevail as there are times when the best security suites are never enough to protect you from the latest threats. Whether it is a fake antivirus scam, malware using social networks to spread or even e-mail attachments which come loaded with viruses – it pays to be aware of the pages you visit or applications you download as it helps to identify a potential threat.
Here is our take on what we expect to see in 2014.
Rise in Botnets
The working of a bot is complex and can infect a person’s PC in more ways than one. They are specifically designed to search the Web for machines which are unprotected and vulnerable. A bot’s main purpose is to infect and report back to its command and control center. And stay hidden till they are asked to carry forth a task. In short, a bot acts like a bridge that allows hackers to control thousands of infected machines at any given point in time.
The Zeus source code is one prime example which leads to the development of Gameover. What followed was a whole lot of changes which made greater use of encryption, gave the botmasters flexibility at setting rules and also added a backup communication center.
Use of Rootkits to Conceal Zero-Day Attacks
Operating system vulnerabilities make up for the most sought after attacks by cybercriminals. However, they are difficult to come by. To successfully exploit such vulnerabilities and to be able to go undetected, the need to conceal the malware using a rootkit is what most hackers look out for. Not only are rootkits difficult to detect but are also extremely difficult to remove as it conceals itself at hardware level.
Moreover, they give Administrator level privileges to attackers and can go undetected to a general user.
Smartphones are the new hot targets by malware writers as they have become the next big thing in both communication and entertainment.
Ransomware has had a long running history with the Windows operating system. However, June 2013 saw the first Ransomware attack directed towards Android devices. Android Defender, as it was called, was a fake antivirus app which basically demanded a payment of $99.99 to restore access to your Android device. The fake security app repeatedly seeks Administrator privileges, upon which it can block and restrict access to all settings and apps, making it impossible to make calls, kill tasks or even perform a factory reset.
Android Defender marks the beginning of Ransomware for Android devices.
Unlike Windows, Linux has always seen a smaller fraction of malware. Linux-based Web servers have become targets for criminals as it is by far the most used operating system for a large percentage of Web servers.
Another aspect surrounding Linux is the assumption of the operating system to be safer. They are, therefore, overlooked as potential targets. In other words, if a Linux system is infected, it can remain infected for months or probably years.
The last few years we have witnessed a growth in the usage of malicious Java and PHP scripts that are basically written to make Linux servers operate as nodes. Basically turning them into zombies, which are then controlled to Mac-based malware, has been the topic of discussion for most security researchers. Not only have we witnessed that the once impenetrable Mac was just a myth but the threat to this once supposedly secure OS is slowly growing by the numbers.
Attacks on the Mac have evolved over the years. However, 2013 hasn’t been very significant as compared to 2012. The type of malware encountered has been limited to Trojans, Malicious Java Scripts and malicious browser plug-ins. Attack on Macs cannot be written off as the platform has gained traction and is slowly turning into a prime device for a number of users.
2013 has been the year for persistent attacks where specific companies have been seen as prime targets.
These attacks have moreover been aimed at compromising financial accounts where their main motive has been financial theft. We have seen massive campaigns such as NetTraveler which compromised over 350 high profile victims from more than 40 countries over the past eight years. These include political activists, research centers, governmental institutions, embassies, military contractors and private contractors from a number of industries. The main objective was to steal documents such as DOC, XLS, PPT, RTF and PDF. Operation NetTraveler easily comes in as one the biggest hacks of 2013 followed by Operation HangOver and KeyBoy.
We have seen and will continue witnessing the use of stolen certificates where signed components taken from either the Windows OS or third party vendors will be used in order to conceal and load specific malware.
Growing Risk of Unpatched Systems
Starting April 2014, Microsoft will stop providing patches for Windows XP and Office 2003. Last year, approximately 32% of all PCs still run Windows XP. If you are on Windows XP, the abandonment of providing support and patches is a serious concern. There are also a number of vulnerabilities that are backward compatible, making unpatched Windows XP users a target of choice for hackers. The risks are high for those failing to upgrade. December itself saw the distribution of Dexter, a malware designed specifically to steal data from Point of Sale (POS) systems.
Windows XP is not the only Microsoft-based product to lose support. Microsoft Office 2003 is also tied in with the OS. Now, the point to note is the fact that Office 2003 is also used on a number of Windows-based systems (Vista, 7 and 8). So even if you are running a fully patched version of Windows, you will still be vulnerable to threats.