Security Protection – Harry Waldron MVP Rotating Header Image

December, 2013:

Malware – Cryptolocker ransomware infects 250,000 PCs

Crytolocker is highly destructive and emerged as one of top threats of 2013, as it holds users hostage to pay for unencrypting and returning data back to user

http://www.bbc.co.uk/news/technology-25506020
http://www.secureworks.com/cyber-threat-intelligence/threats/cryptolocker-ransomware/

QUOTE: A virulent form of ransomware has now infected about quarter of a million Windows computers, according to a report by security researchers. Cryptolocker scrambles users’ data and then demands a fee to unencrypt it alongside a countdown clock. Dell Secureworks said that the US and UK had been worst affected.

It added that the cyber-criminals responsible were now targeting home internet users after initially focusing on professionals. The firm has provided a list of net domains that it suspects have been used to spread the code, but warned that more are being generated every day. Ransomware has existed since at least 1989, but this latest example is particularly problematic because of the way it makes files inaccessible. “Instead of using a custom cryptographic implementation like many other malware families, Cryptolocker uses strong third-party certified cryptography offered by Microsoft’s CryptoAPI,” said the report.

New CryptoLocker variant spreads using USB devices

Cryptolocker is highly destructive as once data is encrypted, the system can usually only be recovered from backups (or one must pay the bad guys for keys to decrypt data).  This new variant improves the capability to spread from system to system.

http://blog.trendmicro.com/trendlabs-security-intelligence/new-cryptolocker-spreads-via-removable-drives/

http://www.symantec.com/connect/blogs/cryptolocker-qa-menace-year

QUOTE:  We recently came across a CryptoLocker variant that had one notable feature—it has propagation routines. Analysis of the malware, detected as WORM_CRILOCK.A, shows that this malware can spread via removable drives. This update is considered significant because this routine was unheard of in other CRILOCK variants. The addition of propagation routines means that the malware can easily spread, unlike other known CRILOCK variants.   Aside from its propagation technique, the new malware bears numerous differences from known CryptoLocker variants. Rather than relying on a downloader malware—often UPATRE— to infect systems, this malware pretends to be an activator for various software such as Adobe Photoshop and Microsoft Office in peer-to-peer (P2P) file sharing sites. Uploading the malware in P2P sites allows bad guys to easily infect systems without the need to create (and send) spammed messages.

DDOS Attacks – expected to increase in 2014

Distributed denial of service attacks are likely to increase in 2014 based on current trends.

http://www.scmagazineuk.com/2014-ddos-attacks-can-only-get-worse/article/326782/

QUOTE: 2013 will go down in IT security history as the year when a large number of high-profile organisations were very publicly hacked. And in parallel with this, the integrity of tens of millions of debit and credit card holders’ accounts around the world were put at risk because of these breaches.

Walker said that one of the key issues he has seen CSOs and CISOs express their concern about is the problem of DDoS attacks – which he predicts will only get worse in 2014, owing to the lack of defensive systems that most organisations have in place to guard against this type of attack.  The problem with denial of service attacks, he said, is not so much that people are not able to visit the company’s web site or conduct business – bad though this issue is in revenue terms – but that brand reputation is damaged in the longer run.

Phishing Attacks – Popular holiday-themes

The PhishMe blog was recently discovered and highlights key attack methods used during the holidays

http://phishme.com/popular-holiday-themed-phishing-attacks/

http://phishme.com/category/blog/

QUOTE: The holidays are a busy time for everyone… especially for hackers trying to phish your employees. Phishing is most effective when it exploits human emotions—fear, greed, anxiousness, curiosity, compassion, getting a good deal—and the holidays tend to bring these emotions out more than other times of the year. Which tactics should you train your employees look out for?

Holiday e-card Product or Service Online Discounts Holiday sales/discounts/deals Spoofed holiday party invitations Holiday party info/registration Fake Package Delivery Notifications Package delivery/update notification Year end: PTO balance notification Unfiled expense reports Urgent year-end deadline/requirements Fake Charity fundraisers Travel notifications

Security Awareness Study – 18 percent of workers lack security training

An effective corporate security approach uses sophisticated technical defense systems as well as emphasizing the important of security to their workers.  This recent study notes that while some companies are not actively involved, many now use online training resources.

http://www.scmagazineuk.com/18-of-office-workers-have-no-security-training/article/326250/

QUOTE: Delving into the research – which was conducted in late November – reveals that companies seem to be letting the side down on the security training front, with 18.7 percent of office workers polled in the late November survey admitting their employers did not provide them with security training, and just 5.1 percent saying their company conducted phishing testing as part of their training. It’s not all doom and gloom on the anti-phishing front, however, as the survey found that 27% of employers are conducting online security training for their staff. With 27.4% integrating some form of security training in their employee induction courses, and 11.8 percent using the traditional approach of classroom security training to get the message across.

Financial Trojan Attacks – 300 percent increase during 2013

The ZBOT family and other related malware are still actively circulating and use highly sophisticated botnet command-and-control techniques. Usually, after one malware family diminishes, a more sophisticated attack is launched in it’s place.

http://securitywatch.pcmag.com/security/319042-financial-trojans-taking-over-the-world

http://www.symantec.com/connect/blogs/state-financial-trojans-2013

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_state_of_financial_trojans_2013.pdf

QUOTE: Money talks big. The industry of financial Trojans has been steadily growing as money is moving to online banking applications. In its latest blog post and whitepaper, security software company Symantec looks at this year’s state of financial threat. Within the first nine months of this year, infections by the most common financial Trojans rose by 337 percent. This means almost half a million computers that are infected every month are susceptible to fraud. Symantec analyzed eight online banking Trojans’ recent configuration files to better understand which URLs the Trojans attack and the perpetrators’ strategies. The study reveals the wide reach of Trojans; they can and will target anything that the attacker can get a monetary profit from.

PCI/DSS version 3.0 introduced during November 2013

During recent research saw that version 3.0 of PCI/DSS standards were finalized during NOV 2013.  Some key links are noted below:

PCI/DSS HOME PAGE

https://www.pcisecuritystandards.org/

PCI/DSS OVERVIEW

https://www.pcisecuritystandards.org/security_standards/index.php

DOCUMENT LIBRARY

https://www.pcisecuritystandards.org/security_standards/documents.php

FIVE KEY CHANGES

http://searchsecurity.techtarget.com/tip/PCI-DSS-version-30-The-five-most-important-changes-for-merchants

QUOTE: The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security. These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process — including prevention, detection and appropriate reaction to security incidents

Target Data Breach – Part Two Encrypted PIN Data Stolen

Hackers are already launching targeted attacks and are likely performing brute force attacks on the encrypted PIN numbers. Once both credit card and PIN# information is disclosed, hackers can register charges as desired. As shared earlier affected Target customers should change their PIN# immediately to reduce risks.

http://bits.blogs.nytimes.com/2013/12/27/targets-nightmare-goes-on-encrypted-pin-data-stolen/

QUOTE: Target said criminals had made off with customers’ encrypted PIN information as well. But Target said the company stored the keys to decrypt its PIN data on separate systems from the ones that were hacked.  Target customers’ credit and debit card data on the black market, where a single card is selling for as much as $100. Criminals can use that card data to create counterfeit cards.  But PIN data is the most coveted of all. With PIN data, cybercriminals can make withdrawals from a customer’s account through an automatic teller machine. And even if the key to unlock the encryption is stored on separate systems, security experts say there have been cases where hackers managed to get the keys and successfully decrypt scrambled data.

PC Magazine – Five security prediction articles for 2014

PC Magazine has issues 5 separate prediction articles based on emerging trends seen during past year

http://securitywatch.pcmag.com/security/319183-predictions-cyber-security-in-2014

http://securitywatch.pcmag.com/security/319244-predictions-securing-protecting-the-internet-of-things

http://securitywatch.pcmag.com/business-financial/319224-predictions-more-retail-breaches-bitcoin-will-crash

http://securitywatch.pcmag.com/security/319195-predictions-android-ransomware-mobile-banking-fraud

http://securitywatch.pcmag.com/security/319190-predictions-rise-of-national-internet-tor-s-popularity-boom

BBC Server – briefly compromised on Christmas Day

Reuters shares that BBC server was briefly compromised on Christmas Day

http://www.reuters.com/article/2013/12/29/us-bbc-cyberattack-idUSBRE9BS06K20131229

QUOTE: A hacker secretly took over a computer server at the BBC, Britain’s public broadcaster, and then launched a Christmas Day campaign to convince other cyber criminals to pay him for access to the system. While it is not known if the hacker found any buyers, the BBC’s security team responded to the issue on Saturday and believes it has secured the site, according to a person familiar with the cleanup effort. Reuters could not determine whether the hackers stole data or caused any damage in the attack, which compromised a server that manages an obscure password-protected website. It was not clear how the BBC, the world’s oldest and largest broadcaster, uses that site, though ftp systems are typically used to manage the transfer of large data files over the Internet.