Attackers use various techniques to get backdoors into target networks
Recent events such as data breaches in the first half of 2014 strongly indicate that organizations need to start adopting a more strategic approach to protect digital information. This strategy includes protecting sensitive data such as intellectual property and trade secrets—often the crown jewels of any organization.
At the end of 2013, we realized that digital heists pushed stick-’em-up bank heists to the curb. While this holds true amid large data breach incidents and rampant cybercrime, the first quarter of 2014 also showed that today’s cybercriminals are aiming at previously nontargeted entities to carry out malicious deeds. Proof of these include the US$480-million digital heist Bitcoin exchange, MtGox, suffered from and recent attacks against large retailers via point-of-sale (PoS) terminals. These high-profile crimes targeted unexpected information sources even if attackers went after the same thing—money, used the same techniques despite more strategic planning, and were motivated by greed.
Good old-fashioned stick-ʼem-up bank heists have seemingly been pushed to the curb by digital heists in 2013. Cybercriminals who used sophisticated techniques to get hold of credit card numbers, bank accounts, and even personally identifiable information (PII) in a matter of minutes have taken the place of traditional thieves. Information is, after all, the new currency. And with it on hand, cybercriminals can hold victims at their mercy, which should make us all realize that we stand to lose more than we think.
Cybercriminals and attackers will use mobile devices as well as reliable exploits to gain entry to systems. While “wearable” technologies start to gain traction, attacks to these technologies/devices will be minimal and will only be for research. Businesses and end-users alike will have to battle threats to mobile banking, as well as ensuring that their online privacy is intact.
Backdoors—applications that open computers to remote access—play a crucial role in targeted attacks. Often initially used in the second (point of entry) or third (command-and-control [C&C]) stage of the targeted attack process, backdoors enable threat actors to gain command and control of their target network.
Like Swiss Emmental cheese, online banking protections may be full of holes. Banks have been trying to prevent cybercrooks from accessing their customers’ online accounts for ages. They have, in fact, invented all sorts of methods to allow their customers to safely bank online.
This research paper describes an ongoing attack we have dubbed “Emmental” that targets a number of countries worldwide. The attack is designed to bypass a certain two-factor authentication scheme used by banks. In particular, it bypasses session tokens, which are frequently sent to users’ mobile devices via Short Message Service (SMS). Users are expected to enter a session token to activate banking sessions so they can authenticate their identities. Since this token is sent through a separate channel, this method is generally considered secure.
Banking Trojans have long been used to steal users' online banking credentials in North America and Western Europe. A crimeware tool primarily used to steal money, ZeuS, signaled in a new wave of cybercrime where different groups cooperated with one another for online theft. On the other hand, CARBERP is a popular malware family that specifically targets banks in Eastern Europe and Central Asia. Though recent reports reveal that the masterminds behind CARBERP were arrested in April 2013, the days of online banking theft in Eastern Europe are far from over.
Read The Apollo Campaign (PDF)
This research paper provides some thoughts on how to configure a network in order to make lateral movement harder to accomplish and easier to detect, as well as how to prepare to deal with an infection. Given the advances attackers have been making, it is very unlikely that organizations will be able to keep motivated and patient adversaries out of their networks. In most cases, the best one can hope for is to detect targeted attacks early and limit the amount of information the attackers can obtain access to.
Read Suggestions to Help Companies with the Fight Against Targeted Attacks (PDF)
APT campaigns aggressively pursue and compromise specific targets to gain control of a company’s computer system for a prolonged period of time. To make a targeted attack successful, the communication channel between a threat actor and the malware inside a network must always remain open and unknown. Know how leveraging threat intelligence can help detect this malicious network traffic by reading this primer.
As 2012 drew to a close, SMBs, along with most organizations, should have taken a step back and learned from the past year. With mobile devices fast becoming part of workplaces and the increased availability of cloud services, SMBs should adopt security practices to fully protect their assets. This year, the Android malware volume is expected to hit the 1 million mark. The continuous use of cloud services will also play a key part in the SMB threat environment. This primer runs through five predictions SMBs should take note of.
In 2013, managing the security of devices, small business systems, and large enterprise networks will be more complex than ever before. Users are breaking down the PC monoculture by embracing a wider variety of platforms, each with its own user interface, OS, and security model. Businesses, meanwhile, are grappling with protecting intellectual property and business information as they tackle consumerization, virtualization, and cloud platforms head-on. This divergence in computing experience will further expand opportunities for cybercriminals and other threat actors to gain profit, steal information, and sabotage their targets’ operations.
Users face various unwanted app routines in the current mobile landscape. Given this situation, market owners have taken certain measures like providing safety guidelines, conducting prerelease quality assurance checks, and introducing access permission layers at the OS level. Unfortunately, these are still far from being fool-proof solutions. The reality is: Users are responsible for checking if the apps they download are legitimate or not.