Internet Security Threat Report April 2017 Contents Introduction
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Submission of the Citizen Lab (Munk School of Global Affairs and Public Policy, University of Toronto) to the United Nations
Submission of the Citizen Lab (Munk School of Global Affairs and Public Policy, University of Toronto) to the United Nations Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression on the surveillance industry and human rights February 15, 2019 For all inquiries related to this submission, please contact: Dr. Ronald J. Deibert Director, the Citizen Lab, Munk School of Global Affairs and Public Policy Professor of Political Science, University of Toronto [email protected] Contributors to this report: Siena Anstis, Senior Legal Advisor, Citizen Lab Dr. Ronald J. Deibert, Professor of Political Science; Director, Citizen Lab Jon Penney, Research Fellow, Citizen Lab; Associate Professor and Director, Law & Technology Institute, Schulich School of Law Acknowledgments: We would also like to thank Miles Kenyon (Communications Specialist, Citizen Lab) and Adam Senft (Operations Manager, Citizen Lab) for their support in reviewing this submission. 1 Table of Contents Executive Summary 3 About the Citizen Lab 5 Citizen Lab Research on the Use of Private Surveillance Technology Against Human Rights Actors 6 1. NSO Group’s Pegasus 6 The case of Ahmed Mansoor in the United Arab Emirates 7 Targeting civil society, journalists, politicians, and others in Mexico 7 Mapping Pegasus infections and the case of Omar Abdulaziz in Canada 8 Additional cases of targeting 8 2. Cyberbit’s PC Surveillance System 9 3. FinFisher and FinSpy 9 4. Hacking Team’s Remote Control System 10 Common Trends among Private Companies in the Surveillance Industry 11 1. Sales to states with poor human rights records 11 2. -
Ransom Where?
Ransom where? Holding data hostage with ransomware May 2019 Author With the evolution of digitization and increased interconnectivity, the cyberthreat landscape has transformed from merely a security and privacy concern to a danger much more insidious by nature — ransomware. Ransomware is a type of malware that is designed to encrypt, Imani Barnes Analyst 646.572.3930 destroy or shut down networks in exchange [email protected] for a paid ransom. Through the deployment of ransomware, cybercriminals are no longer just seeking to steal credit card information and other sensitive personally identifiable information (PII). Instead, they have upped their games to manipulate organizations into paying large sums of money in exchange for the safe release of their data and control of their systems. While there are some business sectors in which the presence of this cyberexposure is overt, cybercriminals are broadening their scopes of potential victims to include targets of opportunity1 across a multitude of industries. This paper will provide insight into how ransomware evolved as a cyberextortion instrument, identify notorious strains and explain how companies can protect themselves. 1 WIRED. “Meet LockerGoga, the Ransomware Crippling Industrial Firms” March 25, 2019; https://www.wired.com/story/lockergoga-ransomware-crippling-industrial-firms/. 2 Ransom where? | May 2019 A brief history of ransomware The first signs of ransomware appeared in 1989 in the healthcare industry. An attacker used infected floppy disks to encrypt computer files, claiming that the user was in “breach of a licensing agreement,”2 and demanded $189 for a decryption key. While the attempt to extort was unsuccessful, this attack became commonly known as PC Cyborg and set the archetype in motion for future attacks. -
Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress
Order Code RL32114 Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Updated January 29, 2008 Clay Wilson Specialist in Technology and National Security Foreign Affairs, Defense, and Trade Division Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Summary Cybercrime is becoming more organized and established as a transnational business. High technology online skills are now available for rent to a variety of customers, possibly including nation states, or individuals and groups that could secretly represent terrorist groups. The increased use of automated attack tools by cybercriminals has overwhelmed some current methodologies used for tracking Internet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which are acknowledged openly in publications, could possibly attract cyberattacks to extort money, or damage the U.S. economy to affect national security. In April and May 2007, NATO and the United States sent computer security experts to Estonia to help that nation recover from cyberattacks directed against government computer systems, and to analyze the methods used and determine the source of the attacks.1 Some security experts suspect that political protestors may have rented the services of cybercriminals, possibly a large network of infected PCs, called a “botnet,” to help disrupt the computer systems of the Estonian government. DOD officials have also indicated that similar cyberattacks from individuals and countries targeting economic, -
The Evolution of Ransomware
The evolution of ransomware SECURITY RESPONSE The evolution of ransomware Kevin Savage, Peter Coogan, Hon Lau Version 1.0 – August 6, 2015 Never before in the history of human kind have people across the world been subjected to extortion on a massive scale as they are today. CONTENTS OVERVIEW ..............................................................................3 Key information ......................................................................5 Types of ransomware .............................................................5 How ransomware has evolved ...............................................7 Targets for ransomware .......................................................13 Systems impacted by ransomware ......................................14 Ransomware: How it works ..................................................18 Ransom techniques ..............................................................27 How widespread is the problem of ransomware .................33 What does the future hold for ransomware? .......................37 Conclusion ............................................................................45 Appendix ..............................................................................47 Mitigation strategies ............................................................51 Symantec detections for common ransomware families 54 Resources .............................................................................56 OVERVIEW Never before in the history of human kind have people across the world been -
2016.4 Vol.28 Mac はマルウェアから 100%安全か
2016.4 Vol.28 Mac はマルウェアから 100%安全か セキュリティプレス・アン Mac 向けセキュリティソリューション AhnLab V3 365 Clinic for Mac Mac はマルウェアから 100%安全か AppleのMacは、多くの人にマルウェアから安全だと思われている。しかし実際はWindowほどではないにせよ、Mac向けのマルウ ェアもマルウェア史の初期から存在し続けていた。それは現在も同じで、Macも安全地帯ではないということだ。 今回のプレス・アンでは、最新Mac向けマルウェアの特徴を分析し、Mac環境を保護する方策を探る。 Appleのマッキントッシュ(Macintosh、以下Mac)に対するユーザーの信頼は厚く、次のような挿絵からも見て取れる。コンピューター使用中感電し たキャラに、「コンピューターに異常はないかい?」と聞いたところ「これはMacだから大丈夫」と断言する内容である。 [図1] The Brads- Impossible 2 セキュリティプレス・アン その信頼はセキュリティに関しても絶大で、どうやらMacは安全な環境であると思われているらしい。しかし前述のようにMac向けマルウェアは昔か ら存在していたし、Macの運営環境である「OS X」に移行してから10年間、脅威は持続的に発見されている。もちろんWindowに比べればMac向け マルウェアが少ないのは確かだが、最近発見されるマルウェアの傾向を見るとMacもまたマルウェアの安全地帯ではないことが分かる。最近登場して いるMac向けマルウェアの特徴を分析し、Macを保護するソリューションを見てみよう。 主なMacマルウェア 現在のMacも多くの進化を遂げた。プロセッサやOSの変化により、[図2]のようにOS環境がOS Xに変更された前後で発見されたマルウェアは異なる。 初期 偽装した セキュリティ プログラム リリース リリース [図2] Mac向けマルウェア史タイムライン OS X移行後に登場したマルウェアに関する詳細情報は次の通りだ。 マルウェア(発見時期) 特徴 備考 Renepo -システムセキュリティ設定: 低 -OS X 初のマルウェア (2004) -OS X ファイアウォール解除 -2004/3/3、ニックネーム DimBulbが「Macintosh Underground -ソフトウェアアップデート機能解除 forum」に参加後、3/13からスクリプトワームに対して掲載し、フォーラ -ohphoneX(ボイス及びビデオ共有)、d ムの参加者とマルウェア作成を開始。9/10の掲載バージョンが10/23に sniff(暗号スニファ)、John the Rippe 外部に知れ渡り、10/24から大炎上したことから作成を放棄 r(暗号クラック)をダウンロードインストール -Apple社ではマルウェアではないと否認し、対応せず RSPlug(Dnschanger) -DNSアドレスを変更してフィッシングサイ -使用者に実害を与えた初のOS X向けマルウェア (2007.10) トに誘導し、金銭的要求 3 セキュリティプレス・アン マルウェア(発見時期) 特徴 備考 MacSweeper -常に何かを診断し、購入要求 -OS X初の偽装アンチウィルスプログラム (2008.1.17) -KiVVi Softwareで作成し、強制マーケティングに使用したことで公式謝 罪 -2011/5以降Mac Defender、Mac Protector、Mac Security、 Mac Guard、Mac Shieldなど偽装プログラムが大幅に増加 -Apple社は同年5月末セキュリティアップデートを行い、偽装アンチウィルス -
Crypto Ransomware Analysis and Detection Using
CRYPTO RANSOMWARE ANALYSIS AND DETECTION USING PROCESS MONITOR by ASHWINI BALKRUSHNA KARDILE Presented to the Faculty of the Graduate School of The University of Texas at Arlington in Partial Fulfillment of the Requirements for the Degree of MASTER OF SCIENCE IN COMPUTER SCIENCE THE UNIVERSITY OF TEXAS AT ARLINGTON December 2017 Copyright © by Ashwini Balkrushna Kardile 2017 All Rights Reserved ii Acknowledgements I would like to thank Dr. Ming for his timely guidance and motivation. His insights for this research were valuable. I would also like to thank my committee members Dr. David Levine and Dr. David Kung for taking out time from their schedule and attending my dissertation. I am grateful to John Podolanko; it would not have been possible without his help and support. Thank you, John, for helping me and foster my confidence. I would like to thank my colleagues for supporting me directly or indirectly. Last but not the least; I would like to thank my parents, my family and my friends for encouraging me and supporting me throughout my research. November 16, 2017 iii Abstract CRYPTO RANSOMWARE ANALYSIS AND DETECTION USING PROCESS MONITOR Ashwini Balkrushna Kardile, MS The University of Texas at Arlington, 2017 Supervising Professor: Jiang Ming Ransomware is a faster growing threat that encrypts user’s files and locks the computer and holds the key required to decrypt the files for ransom. Over the past few years, the impact of ransomware has increased exponentially. There have been several reported high profile ransomware attacks, such as CryptoLocker, CryptoWall, WannaCry, Petya and Bad Rabbit which have collectively cost individuals and companies well over a billion dollars according to FBI. -
A Morphic Based Live Programming Graphical User Interface Implemented in Python
Final Thesis PyMorphic - a Morphic based Live Programming Graphical User Interface implemented in Python by Anders Osterholm¨ LIU-KOGVET-D--06/12--SE 23th August 2006 PyMorphic - a Morphic based Live Programming Graphical User Interface implemented in Python Final Thesis performed at Human Centered Systems division in the Department of Computer and Information Science at Link¨oping University by Anders Osterholm¨ LIU-KOGVET-D--06/12--SE 23th August 2006 Examiner: Dr. Mikael Kindborg Department of Computer and Information Science at Link¨oping University Abstract Programming is a very complex activity that has many simultaneous learn- ing elements. The area of Live-programming offers possibilities for enhanc- ing programming work by speeding up the feedback loop and providing means for reducing the cognitive load on the working memory during the task. This could allow for better education for novice programmers. In this work a number of systems with a shared aim of providing educational tools for scholars from compulsory level to undergraduate college were studied. The common approach in the majority of the tools was to use program ab- stractions like tangible morphs, playing cards, capsules for code segments, and visual stories. For the user these abstractions and tools offer better focus on the constructive and creative side of programming because they relieve the user from the cumbersome work of writing program code, but they also sacrifice some of the expressiveness of a low-level language. A Live programming system, called PyMorphic, based on the Morphic model was built in the Python programming language. Two different so- lutions, based on the Wx toolkit for Python, were constructed and evalu- ated. -
The Downadup Codex a Comprehensive Guide to the Threat’S Mechanics
Security Response The Downadup Codex A comprehensive guide to the threat’s mechanics. Edition 2.0 Introduction Contents Introduction.............................................................1 Since its appearance in late-2008, the Downadup worm has become Editor’s Note............................................................5 one of the most wide-spread threats to hit the Internet for a number of Increase in exploit attempts against MS08-067.....6 years. A complex piece of malicious code, this threat was able to jump W32.Downadup infection statistics.........................8 certain network hurdles, hide in the shadows of network traffic, and New variants of W32.Downadup.B find new ways to propagate.........................................10 defend itself against attack with a deftness not often seen in today’s W32.Downadup and W32.Downadup.B threat landscape. Yet it contained few previously unseen features. What statistics................................................................12 set it apart was the sheer number of tricks it held up its sleeve. Peer-to-peer payload distribution...........................15 Geo-location, fingerprinting, and piracy...............17 It all started in late-October of 2008, we began to receive reports of A lock with no key..................................................19 Small improvements yield big returns..................21 targeted attacks taking advantage of an as-yet unknown vulnerability Attempts at smart network scanning...................23 in Window’s remote procedure call (RPC) service. Microsoft quickly Playing with Universal Plug and Play...................24 released an out-of-band security patch (MS08-067), going so far as to Locking itself out.................................................27 classify the update as “critical” for some operating systems—the high- A new Downadup variant?......................................29 Advanced crypto protection.................................30 est designation for a Microsoft Security Bulletin. -
Internet Security Threat Report Volume 24 | February 2019
ISTRInternet Security Threat Report Volume 24 | February 2019 THE DOCUMENT IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENT. THE INFORMATION CONTAINED IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. INFORMATION OBTAINED FROM THIRD PARTY SOURCES IS BELIEVED TO BE RELIABLE, BUT IS IN NO WAY GUARANTEED. SECURITY PRODUCTS, TECHNICAL SERVICES, AND ANY OTHER TECHNICAL DATA REFERENCED IN THIS DOCUMENT (“CONTROLLED ITEMS”) ARE SUBJECT TO U.S. EXPORT CONTROL AND SANCTIONS LAWS, REGULATIONS AND REQUIREMENTS, AND MAY BE SUBJECT TO EXPORT OR IMPORT REGULATIONS IN OTHER COUNTRIES. YOU AGREE TO COMPLY STRICTLY WITH THESE LAWS, REGULATIONS AND REQUIREMENTS, AND ACKNOWLEDGE THAT YOU HAVE THE RESPONSIBILITY TO OBTAIN ANY LICENSES, PERMITS OR OTHER APPROVALS THAT MAY BE REQUIRED IN ORDER FOR YOU TO EXPORT, RE-EXPORT, TRANSFER IN COUNTRY OR IMPORT SUCH CONTROLLED ITEMS. TABLE OF CONTENTS 1 2 3 BIG NUMBERS YEAR-IN-REVIEW FACTS AND FIGURES METHODOLOGY Formjacking Messaging Cryptojacking Malware Ransomware Mobile Living off the land Web attacks and supply chain attacks Targeted attacks Targeted attacks IoT Cloud Underground economy IoT Election interference MALICIOUS -
3/16/2020 Testout Labsim
3/16/2020 TestOut LabSim 8.4 Web Application Attacks As you study this section, answer the following questions: What are two ways that drive-by download attacks occur? Which countermeasures can be used to eliminate buffer overflow attacks? How can cross-site scripting (XSS) be used to breach the security of a web user? What is the best method for preventing SQL injection attacks? What are some types of header manipulation? Which mitigation practices help to protect internet-based activities from web application attacks? In this section, you will learn to: Prevent cross-site scripting Key terms for this section include the following: Term Definition Drive-By Download An attack where software or malware is downloaded and installed without explicit consent from the user. Typosquatting/URL Hijacking An attack that occurs when an attacker registers domain names that correlate to common typographical errors made by users when trying to access a legitimate website. Buffer Overflow An attack that exploits an operating system or an application that does not properly enforce boundaries for how much and what type of data can be inputted. An attack that exploits a computational operation by a running process that results in a numeric value that exceeds the maximum size of the integer type used to store it in Integer Overflow memory. Cross-Site Scripting (XSS) An attack that injects scripts into webpages. Cross-Site Request Forgery A type of malicious exploit whereby unauthorized commands are transmitted from the user to a website that currently trusts the user by way of authentication, cookies, etc. (CSRF/XSRF) LDAP Injection An attack that uses LDAP statements with arbitrary commands to exploit web-based applications with access to a directory service. -
Security Now! #664 - 05-22-18 Spectreng Revealed
Security Now! #664 - 05-22-18 SpectreNG Revealed This week on Security Now! This week we examine the recent flaws discovered in the secure Signal messaging app for desktops, the rise in DNS router hijacking, another seriously flawed consumer router family, Microsoft Spectre patches for Win10's April 2018 feature update, the threat of voice assistant spoofing attacks, the evolving security of HTTP, still more new trouble with GPON routers, Facebook's Android app mistake, BMW's 14 security flaws and some fun miscellany. Then we examine the news of the next-generation of Spectre processor speculation flaws and what they mean for us. Our Picture of the Week Security News Update your Signal Desktop Apps for Windows & Linux A few weeks ago, Argentinian security researchers discovered a severe vulnerability in the Signal messaging app for Windows and Linux desktops that allows remote attackers to execute malicious code on recipient systems simply by sending a message—without requiring any user interaction. The vulnerability was accidentally discovered while researchers–amond them Juliano Rizzo–were chatting on Signal messenger and one of them shared a link of a vulnerable site with an XSS payload in its URL. However, the XSS payload unexpectedly got executed on the Signal desktop app!! (Juliano Rizzo was on the beach when the BEAST and CRIME attacks occurred to him.) After analyzing the scope of this issue by testing multiple XSS payloads, they found that the vulnerability resides in the function responsible for handling shared links, allowing attackers to inject user-defined HTML/JavaScript code via iFrame, image, video and audio tags. -
2015 Threat Report Provides a Comprehensive Overview of the Cyber Threat Landscape Facing Both Companies and Individuals
THREAT REPORT 2015 AT A GLANCE 2015 HIGHLIGHTS A few of the major events in 2015 concerning security issues. 08 07/15: Hacking Team 07/15: Bugs prompt 02/15: Europol joint breached, data Ford, Range Rover, 08/15: Google patches op takes down Ramnit released online Prius, Chrysler recalls Android Stagefright botnet flaw 09/15: XcodeGhost 07/15: Android 07/15: FBI Darkode tainted apps prompts Stagefright flaw 08/15: Amazon, ENFORCEMENT bazaar shutdown ATTACKS AppStore cleanup VULNERABILITY reported SECURITYPRODUCT Chrome drop Flash ads TOP MALWARE BREACHING THE MEET THE DUKES FAMILIES WALLED GARDEN The Dukes are a well- 12 18 resourced, highly 20 Njw0rm was the most In late 2015, the Apple App prominent new malware family in 2015. Store saw a string of incidents where dedicated and organized developers had used compromised tools cyberespionage group believed to be to unwittingly create apps with malicious working for the Russian Federation since behavior. The apps were able to bypass at least 2008 to collect intelligence in Njw0rm Apple’s review procedures to gain entry support of foreign and security policy decision-making. Angler into the store, and from there into an ordinary user’s iOS device. Gamarue THE CHAIN OF THE CHAIN OF Dorkbot COMPROMISE COMPROMISE: 23 The Stages 28 The Chain of Compromise Nuclear is a user-centric model that illustrates Kilim how cyber attacks combine different Ippedo techniques and resources to compromise Dridex devices and networks. It is defined by 4 main phases: Inception, Intrusion, WormLink Infection, and Invasion. INCEPTION Redirectors wreak havoc on US, Europe (p.28) INTRUSION AnglerEK dominates Flash (p.29) INFECTION The rise of rypto-ransomware (p.31) THREATS BY REGION Europe was particularly affected by the Angler exploit kit.