DOCSLIB.ORG

Would You Like Paper Or Silicon for Your Data Breach?

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Would You Like Paper Or Silicon for Your Data Breach? About the cover There are eight pendulums on the cover. Each pendulum represents one of the new patterns in the DBIR. The weight of the pendulum represents how often the pattern occurs. The length of the pendulum is how often they are breaches, as opposed to simply incidents. Just like in security, it’s difficult to predict where they’ll be in the future. Table of contents 01 03 05 DBIR Master’s Guide 4 Incident Classification Patterns 29 SMB 88 Introduction 6 Denial of Service 35 Diving back into SMB breaches 89 Summary of findings 7 Lost and Stolen Assets 41 Miscellaneous Errors 43 Privilege Misuse 46 06 02 Social Engineering 49 Regions 91 Results and Analysis 8 System Intrusion 54 Introduction to Regions 92 Actor 12 Basic Web Application Attacks 58 Asia Pacific (APAC) 93 Action 15 Everything Else 62 Europe, Middle East and Africa (EMEA) 95 Assets 19 Northern America (NA) 97 Attribute 22 Timeline 24 04 Impact 25 Industries 64 07 Introduction to industries 65 Wrap-up 100 Accommodation and Food Services 69 Year in review 102 Arts, Entertainment and Recreation 71 Educational Services 73 Financial and Insurance 75 08 Healthcare 76 Appendices 105 Information 77 Appendix A: Methodology 106 Manufacturing 79 Appendix B: Controls 110 Mining, Quarrying, and Oil & Gas Extraction + Utilities 81 Appendix C: U.S. Secret Service 113 Professional, Scientific Appendix D: Contributing organizations 115 and Technical Services 82 Public Administration 84 Retail 86 2021 DBIR Table of contents 3 01 DBIR Master’s Guide Hello first-time reader, and Variety: More specific enumerations of welcome to the 2021 Data higher-level categories, e.g., classifying Industry labels the external “bad guy” as an organized We align with the North American Breach Investigations Report criminal group or recording a Hacking Industry Classification System (NAICS) (DBIR). We have been creating action as SQL injection or brute force. standard to categorize the victim this report for a while now, organizations in our corpus. The and we appreciate that all the Learn more here: standard uses two- to six-digit codes to verbiage we use can be a bit classify businesses and organizations. obtuse at times. We use very • github.com/vz-risk/dbir/tree/ Our analysis is typically done at the gh-pages/2021 includes DBIR two-digit level and we will specify deliberate naming conventions, facts, figures and figure data terms and definitions and NAICS codes along with an industry • veriscommunity.net features label. For example, a chart with a label spend a lot of time making information on the framework with of Financial (52) is not indicative of 52 sure that we are consistent examples and enumeration listings as a value. “52” is the code for Finance and Insurance sector. The overall label throughout the report. • github.com/vz-risk/veris features of “Financial” is used for brevity within Hopefully this section will the full VERIS schema the figures. Detailed information on help make all of those • github.com/vz-risk/vcdb provides the codes and classification system is more familiar. access to our database of publicly available here: disclosed breaches, the VERIS Community Database https://www.census.gov/ naics/?58967?yearbck=2012 • http://veriscommunity.net/ veris_webapp_min.html allows you VERIS resources to record your own incidents and breaches. Don’t fret, it saves any The terms “action,” “threat actor” and Being confident of our data “variety” will be referenced often. data locally and you only share These are part of the Vocabulary for what you want Starting in 2019 with slanted bar Event Recording and Incident Sharing charts, the DBIR has tried to make the (VERIS), a framework designed to allow point that the only certain thing about for a consistent, unequivocal collection information security is that nothing is of security incident details. Here is how Incident vs. breach certain. Even with all the data we have, they should be interpreted: We talk at length about incidents and we’ll never know anything exactly. breaches and we use the following However, instead of throwing our hands Threat actor: Who is behind the event? definitions: up and complaining that it is impossible This could be the external “bad guy” to measure anything in a data-poor environment, or worse, simply making who launches a phishing campaign Incident: A security event that stuff up, we get to work. This year or an employee who leaves sensitive compromises the integrity, we continue to represent uncertainty documents in their seat back pocket. confidentiality or availability of throughout the report figures. an information asset. Action: What tactics (actions) were used to affect an asset? VERIS Breach: An incident that results in uses seven primary categories of the confirmed disclosure—not just threat actions: Malware, Hacking, potential exposure—of data to an Social, Misuse, Physical, Error and unauthorized party. Environmental. Examples at a high level are hacking a server, installing malware or influencing human behavior through a social attack. 2021 DBIR Master’s Guide 4 Figures 1, 2, 3 and 4 all convey the range in Figure 3), each dot represents 0.5% of realities that could credibly be true. of organizations. This is a much better Credit where credit is due Whether it be the slant of the bar chart, way of understanding how something Turns out folks enjoy citing the report, the threads of the spaghetti chart, the is distributed among organizations and and we often get asked how they dots of the dot plot, or the color of the provides additional information than should go about doing it. violin chart, they all convey the uncertainty an average or a median. We added of our industry in their own special way. additional colors and callouts to make You are permitted to include statistics, these even more informative this year. figures and other information from The slant on the bar chart represents the the report, provided that you (a) cite uncertainty of that data point to a 95% Our newcomers this year are spaghetti the source as “Verizon 2021 Data confidence level (which is quite standard and violin charts. They attempt to capture Breach Investigations Report” and for statistical testing). In layman’s terms, if uncertainty in a similar way to slanted (b) that content is not modified in any the slants of two (or more) bars overlap, bar charts but are more suited for, way. Exact quotes are permitted but you can’t really say one is bigger than the respectively, data visualized over time and paraphrasing requires review. If you other without angering the math gods proportions of changes over a specific would like to provide people a copy (and their wrath is terrible). time period. For these charts, the darker of the report, we ask that you provide area is more likely to be the correct value. them a link to verizon.com/dbir/ rather Dot plots are also frequently used, and than the PDF. the trick to understanding this chart is Let us know what you think of them.1 We that the dots represent organizations. hope they make your journey through this For example, if there are 200 dots (like complex dataset a little less daunting. Questions? Comments? Upset there is no AR/VR version of 2 the DBIR? Let us know! Drop us a line at [email protected], find us on LinkedIn, tweet Figure 1. Example slanted bar chart (n=402) @VerizonBusiness with #dbir. Got a data question? Tweet @VZDBIR! Figure 3. Example dot plot (n=672) Each dot represents 0.5% of organizations Figure 2. Example spaghetti chart Figure 4. Example violin chart (n=581) 1 But only if you like them. Our figures guy is really thin skinned. 2 We REALLY want to make it happen! 2021 DBIR Master’s Guide 5 Introduction Greetings! Welcome to the 2021 Data possible than we might imagine. What Breach Investigations Report (DBIR)! is impossible is to accurately predict We always appreciate you, our readers, what those things might be. Therefore, but this year we would like to say thank we will not meddle with words like you for just showing up. Thanks for “possible,” but will confine ourselves simply making it through the often to what is “probable.” frightening and always unpredictable dystopian wasteland that was 2020, This year we analyzed 79,635 and still having enough interest and incidents, of which 29,207 met our energy to care about making the world quality standards and 5,258 were a safer place. By the time you read this, confirmed data breaches, sampled it is devoutly to be hoped that we have from 88 countries around the world. moved on to a place of relative safety, Once again, we include breakouts somewhere beyond Thunderdome if for 11 of the main industries, the SMB you will. section, and we revisit the various geographic regions studied in the prior Recent events around the world have report to see how they fared over the been deemed by many to be sufficient last year. We also include our Center cause to re-evaluate their priorities. In for Internet Security (CIS) Controls® similar fashion, we have stepped back recommendation mapping, because and taken another look at what we have the world being unpredictable and been doing over the past few years. uncertain doesn’t mean your security This exercise led to a revamp of our strategy has to be. patterns, the creation of some shiny new ones and the recalibration of some As always, we wish to humbly say thank others. It is our hope that doing this will you to our 83 contributors, both old and increase awareness of where possible new.
Load more

Recommended publications
  • Advanced Persistent Threats
    THREAT RESEARCH Defending Against Advanced Persistent Threats Introduction As the name “Advanced” suggests, APT (advanced persistent threat) is one of the most sophisticated and organized forms of network attacks that keep cybersecurity professionals up at night. Unlike many hit & run traditional cyberattacks, an APT is carried out over a prolonged period of time by skilled threat actors who strategize multi-staged campaigns against their targets, employing clandestine tools & techniques such as Remote Administration Tools (RAT), Toolkits, Backdoor Trojans, Social Engineering, DNS Tunneling etc. These experienced cybercriminals are mostly backed & well-funded by nation states and corporation-backed organizations to specifi cally target high value organizations with the following objectives in mind: a Theft of Intellectual Property & classifi ed data i.e. Cyber Espionage a Access to critical & sensitive communications a Access to credentials of critical systems a Sabotage or exfi ltration of databases a Theft of Personal Identifi able Information (PII) a Access to critical infrastructure to perform internal reconnaissance To achieve the above goals, APT Groups use novel techniques to obfuscate their actions and easily bypass traditional security barriers that are not advancing at the same rate as the sophisticated attack patterns of cybercriminals. To understand the evolved behavioral pattern of APT Groups in the year 2020, a review of their latest activities revealed interesting developments and a few groundbreaking events¹: a Southeast Asia
    [Show full text]
  • What Every CEO Needs to Know About Cybersecurity
    What Every CEO Needs to Know About Cybersecurity Decoding the Adversary AT&T Cybersecurity Insights Volume 1 AT&T Cybersecurity Insights: Decoding the Adversary 1 Contents 03 Letter from John Donovan Senior Executive Vice President AT&T Technology and Operations 04 Executive Summary 05 Introduction 07 Outsider Threats 15 Looking Ahead: Outsider Threats 16 Best Practices: Outsiders 18 Insider Threats 24 Looking Ahead: New Potential Threats 25 Looking Ahead: Emerging Risks 26 Best Practices: Malicious Insiders 27 Best Practices: Unintentional Insiders 28 Moving Forward 32 Conclusion 33 Know the Terms For more information: Follow us on Twitter @attsecurity 35 End Notes and Sources Visit us at: Securityresourcecenter.att.com © 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T Globe logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. The information contained herein is not an offer, commitment, representation or warranty by AT&T and is subject to change. 2 ATT.com/network-security Business leader, Welcome to the inaugural issue of AT&T Cybersecurity Insights, a comprehensive look at our analysis and findings from deep inside AT&T’s network operations groups, outside research firms, and network partners. This first issue, “Decoding the Adversary,” focuses on whether or not you and your board of directors are doing enough to protect against cyber threats. Security is not simply a CIO, CSO, or IT department issue. Breaches, leaked documents, and cybersecurity attacks impact stock prices and competitive edge. It is a responsibility that must be shared amongst all employees, and CEOs and board members must proactively mitigate future challenges.
    [Show full text]
  • Security News Digest July 25, 2017
    Security News Digest July 25, 2017 Canada will remain where it is for a long time to come, but the Canada’s Security Scene Quiz will move to the Information Security Awareness previous quizzes page at the end of July. Watch this space for the August feature! August 1st is acknowledged across the globe as World Wide Web Day! World Wide Web Day, marks the birth of the Web in August 1990 at the Europe Laboratory for Particle Physics (CERN) in Switzerland. Tim Berners-Lee and Robert Cailliau developed a prototype Web browser and introduced Hypertext Markup Language, HTML. The first ever website was published on August 6, 1991 and served up a page explaining the World Wide Web project and giving information on how users could setup a web server and how to create their own websites and web pages, as well as how they could search the web for information. The URL for the first ever web page put up on the first ever website was http://info.cern.ch/hypertext/WWW/TheProject.html The World Wide Web ('WWW' or simply the 'Web') is a global information medium which users can read and write via computers connected to the Internet. The term [web] is often mistakenly used as a synonym for the Internet itself, but the Web is a service that operates over the Internet, just as e-mail also does. The history of the Internet dates back significantly further than that of the World Wide Web. On July 21st, the Google “Doodle” honoured Canadian Marshall McLuhan! [“the Medium is the Message”] Who is Marshall McLuhan? Meet the Canadian Media Theorist Who Predicted the Internet http://nationalpost.com/news/canada/who-is-marshall-mcluhan-how-a-canadian-media-theorist-predicted-the- internet/wcm/194cb7e2-e778-4780-9aba-6eb94831fcc5 Canadian professor Marshall McLuhan rose to prominence as a media theorist while teaching at the University of Toronto in the 1960s.
    [Show full text]
  • 13Th International Conference on Cyber Conflict: Going Viral 2021
    2021 13th International Conference on Cyber Confict: Going Viral T. Jančárková, L. Lindström, G. Visky, P. Zotz (Eds.) 2021 13TH INTERNATIONAL CONFERENCE ON CYBER CONFLICT: GOING VIRAL Copyright © 2021 by NATO CCDCOE Publications. All rights reserved. IEEE Catalog Number: CFP2126N-PRT ISBN (print): 978-9916-9565-4-0 ISBN (pdf): 978-9916-9565-5-7 COPYRIGHT AND REPRINT PERMISSIONS No part of this publication may be reprinted, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence ([email protected]). This restriction does not apply to making digital or hard copies of this publication for internal use within NATO, or for personal or educational use when for non-proft or non-commercial purposes, providing that copies bear this notice and a full citation on the frst page as follows: [Article author(s)], [full article title] 2021 13th International Conference on Cyber Confict: Going Viral T. Jančárková, L. Lindström, G. Visky, P. Zotz (Eds.) 2021 © NATO CCDCOE Publications NATO CCDCOE Publications LEGAL NOTICE: This publication contains the opinions of the respective authors only. They do not Filtri tee 12, 10132 Tallinn, Estonia necessarily refect the policy or the opinion of NATO Phone: +372 717 6800 CCDCOE, NATO, or any agency or any government. NATO CCDCOE may not be held responsible for Fax: +372 717 6308 any loss or harm arising from the use of information E-mail: [email protected] contained in this book and is not responsible for the Web: www.ccdcoe.org content of the external sources, including external websites referenced in this publication.
    [Show full text]
  • Kaspersky Security Bulletin 2020. Statistics Kaspersky Security Bulletin 2020
    Kaspersky Security Bulletin 2020. Statistics Kaspersky Security Bulletin 2020. Statistics Contents Figures of the year 3 Financial threats 4 Number of users attacked by banking malware 4 Attack geography 5 Top 10 financial malware families 6 Ransomware programs 7 Number of users attacked by ransomware Trojans 7 Attack geography 8 Miners 10 Number of users attacked by miners 10 Attack geography 11 Vulnerable applications used by cybercriminals during cyber attacks 12 Attacks on macOS 14 Threat geography 15 IoT attacks 17 IoT threat statistics 17 Threats loaded into traps 19 Attacks via web resources 20 Countries that are sources of web-based attacks: 20 Countries where users faced the greatest risk of online infection 21 Top 20 malicious programs most actively used in online attacks 22 Local threats 24 Top 20 malicious objects detected on user computers 24 Countries where users faced the highest risk of local infection 25 2 Kaspersky Security Bulletin 2020. Statistics Figures of the year • During the year, 10.18% of Internet user computers worldwide experienced at least one Malware-class attack. • Kaspersky solutions blocked 666,809,967 attacks launched from online resources in various countries across the world. • 173,335,902 unique URLs were recognized as malicious by Web Anti-Virus. • Our Web Anti-Virus blocked 33,412,568 unique malicious objects. • Ransomware attacks were defeated on the computers of 549,301 unique users. • During the reporting period, miners attacked 1,523,148 unique users. • Attempted infections by malware designed to steal money via online access to bank accounts were logged on the devices of 668,619 users.
    [Show full text]
  • Regional Advanced Threat Report Europe, Middle East and Africa — 2H2015
    REGIONAL ADVANCED THREAT REPORT EUROPE, MIDDLE EAST AND AFRICA — 2H2015 SPECIAL REPORT CONTENTS Executive Summary 3 Definitions 5 Advanced Targeted Threat Detection 6 Country Analysis 6 Targeted Malware Families 7 Vertical Analysis 9 Cyber Crime Analysis 11 Dominant Exploit Kits 11 Increased Use of Macros 11 Expanded Use of Ransomware 12 Point-of-Sale Malware 14 Conclusion and Recommendations 15 SPECIAL REPORT / REGIONAL ADVANCED THREAT REPORT 2 EXECUTIVE SUMMARY INTRODUCTION This report provides you with unique insights into Europe, Middle East and Africa’s (EMEA’s) threat landscape for the second half of 2015. For years, over 95% of businesses have unknowingly hosted compromised PCs within their corporate networks, and that has not changed. During our assessment, we identified all types of threat actors compromising our customers’ networks, including suspected nation-state-backed actors looking to conduct cyber espionage, cybercriminals and hacktivists looking to make a statement. This Regional Advanced Threat Report for EMEA provides an overview of the advanced targeted threats against computer networks that FireEye discovered during the second half of 2015. It is a follow-up to the Advanced Threat Report for EMEA 1H2015. SPECIAL REPORT / REGIONAL ADVANCED THREAT REPORT 3 Turkey, Spain, Israel, Luxembourg and Germany are the countries most targeted with advanced attacks. Motivated by many objectives, threat actors’ capabilities are evolving to be able to steal personal data and business strategies, gain a competitive advantage or degrade operational reliability. This report summarizes 2H2015 data gleaned from the FireEye Dynamic Threat Intelligence (DTI) cloud. The threat landscape has undergone dramatic changes between the first and second half of 2015.
    [Show full text]
  • Advanced Cyber Security Techniques (PGDCS-08)
    Post-Graduate Diploma in Cyber Security Advanced Cyber Security Techniques (PGDCS-08) Title Advanced Cyber Security Techniques Advisors Mr. R. Thyagarajan, Head, Admn. & Finance and Acting Director, CEMCA Dr. Manas Ranjan Panigrahi, Program Officer (Education), CEMCA Prof. Durgesh Pant, Director-SCS&IT, UOU Editor Mr. Manish Koranga, Senior Consultant, Wipro Technologies, Bangalore Authors Block I> Unit I, Unit II, Unit III & Unit Mr. Ashutosh Bahuguna, Scientist- Indian IV Computer Emergency Response Team (CERT-In), Department of Electronics & IT, Ministry of Communication & IT, Government of India Block II> Unit I, Unit II, Unit III & Unit Mr. Sani Abhilash, Scientist- Indian IV Computer Emergency Response Team Block III> Unit I, Unit II, Unit III & Unit (CERT-In), Department of Electronics & IT, IV Ministry of Communication & IT, Government of India ISBN: 978-93-84813-95-6 Acknowledgement The University acknowledges with thanks the expertise and financial support provided by Commonwealth Educational Media Centre for Asia (CEMCA), New Delhi, for the preparation of this study material. Uttarakhand Open University, 2016 © Uttarakhand Open University, 2016. Advanced Cyber Security Techniques is made available under a Creative Commons Attribution Share-Alike 4.0 Licence (international): http://creativecommons.org/licenses/by-sa/4.0/ It is attributed to the sources marked in the References, Article Sources and Contributors section. Published by: Uttarakhand Open University, Haldwani Expert Panel S. No. Name 1 Dr. Jeetendra Pande, School of Computer Science & IT, Uttarakhand Open University, Haldwani 2 Prof. Ashok Panjwani, Professor, MDI, Gurgoan 3 Group Captain Ashok Katariya, Ministry of Defense, New Delhi 4 Mr. Ashutosh Bahuguna, Scientist-CERT-In, Department of Electronics & Information Technology, Government of India 5 Mr.
    [Show full text]
  • Bilan Cert-IST 2013
    Cert-IST annual review for 2014 regarding flaws and attacks 1) Introduction ..................................................................................................................................... 1 2) Most significant events of 2014 ...................................................................................................... 2 2.1 More sophisticated attacks that modify the risk level .............................................................. 2 2.2 Many attacks targeting cryptography ...................................................................................... 4 2.3 Cyber-spying: governments at the cutting edge of cyber attacks ........................................... 6 2.4 Flourishing frauds .................................................................................................................... 7 3) Vulnerabilities and attacks seen in 2014 ........................................................................................ 9 3.1 Figures about Cert-IST 2014 production ................................................................................. 9 3.2 Alerts and Potential Dangers released by the Cert-IST ........................................................ 11 3.3 Zoom on some flaws and attacks .......................................................................................... 12 4) Conclusions .................................................................................................................................. 15 1) Introduction Each year, the Cert-IST makes
    [Show full text]
  • CYBERSECURITY: the Greatest Hurdle of the 2016 Olympic Games INTRODUCTION
    CYBERSECURITY: The Greatest Hurdle of the 2016 Olympic Games INTRODUCTION 1 Every two years, the world turns its collective attention to an event that has come to epitomize “International Olympic Committee Marketing Report: London 2012,” a rare moment in international co-existence. Underneath jerseys and face paint indicating Olympic Committee, 2012. Link national allegiance is an appreciation for talent and hard work, regardless of state origin. Amid the fiercest competition in the world emerges a sense of humanistic unity in both athletics and beyond. For seventeen days this August, Olympic fervor will begin all over again. Preparing for an event that attracts 7.5 million ticketed spectators and 3.5 billion television viewers1 is no small feat for any city, even for highly industrialized hosts such as London and Beijing. As the first South American country to host an Olympic Games, Brazil carries the reputation of an entire region on its shoulders. Amid this pressure, Brazil is also faced with a host of internal issues. Rampant corruption, economic collapse, and the Zika virus threaten to launch Brazil into utter chaos. Amid these immediate and pressing challenges, however, lies a more covert concern. Brazil’s insufficient cybersecurity infrastructure, coupled with the world’s attention, make the 2016 Rio de Janeiro Olympic Games a perfect target for cybercriminals. graquantum.com infograquantum.com This paper explores Brazil’s existing cyber landscape, including its status both regionally and globally. It will begin by examining the history of cybercrime in Brazil and its existing Internet infrastructure. It will then contextualize Brazil’s unique cyber landscape in the context of the Olympic Games, including comparisons with previous and future host countries, and efforts to secure Brazil’s cyber architecture specific to the games.
    [Show full text]
  • Aladdin's Lamp: the Theft and Re-Weaponization of Malicious Code
    2018 10th International Conference on Cyber Conflict Permission to make digital or hard copies of this publication for internal use within NATO and for personal or educational use when for non-profit or CyCon X: Maximising Effects non-commercial purposes is granted providing that copies bear this notice T. Minárik, R. Jakschis, L. Lindström (Eds.) and a full citation on the first page. Any other reproduction or transmission 2018 © NATO CCD COE Publications, Tallinn requires prior written permission by NATO CCD COE. Aladdin’s Lamp: The Theft and Re-weaponization of Malicious Code Kārlis Podiņš Kenneth Geers CERT Latvia Comodo Group Riga, Latvia Toronto, Canada Abstract: Global superpowers do not have a monopoly on cyber warfare. Software thieves can steal malware written by more advanced coders and hackers, modify it, and reuse it for their own purposes. Smaller nations and even non-state actors can bypass the most technically challenging aspects of a computer network operation – vulnerability discovery and exploit development – to quickly acquire world-class cyber weapons. This paper is in two parts. First, it describes the technical aspects of malware re-weaponization, specifically the replacement of an existing payload and/or command-and-control (C2) architecture. Second, it explores the implications of this phenomenon and its ramifications for a range of strategic concerns including weapons proliferation, attack attribution, the fog of war, false flag operations, international diplomacy, and strategic miscalculation. And as with Aladdin’s magic lamp, many malware thieves discover that obtaining a powerful new weapon carries with it risks as well as rewards. Keywords: malware, cyberwar, re-weaponization, false flag, attribution 1.
    [Show full text]
  • Darkhotel Hackers Target Bosses in Hotels
    Provided by Crendon Insurance Brokers Ltd DarkHotel Hackers Target Bosses in Hotels December / January 2015 A November report is warning companies to shield their high-profile executives, directors and officers from a new threat dubbed DarkHotel, which targets specific individuals accessing the Internet via Wi-Fi or an Ethernet cable while staying in upmarket hotels abroad. It works like this: Individuals who connect to the Internet receive a request for a fake update to a popular software package such as Adobe Flash, Google Toolbar or Windows Messenger. The installation files include legitimate software but also secretly harbour the DarkHotel code. Once the target approves the download with a single click, the malicious DarkHotel code goes to work, employing a number of different malware, including the following: DarkHotel Hackers Target Bosses in Hotels Keyloggers monitor users’ activity by recording and transmitting their keyboard Think your company’s executives and mouse presses. are safe in their hotel rooms? Think again. Information stealers copy data such as passwords stored by Internet browsers and other credentials. Tech Support Scams Rising These scams have duped about 15 A Trojan scans a system’s contents such as data about its anti-virus software. The per cent of Britons so far. malware then uploads that information to the hackers’ computer server. Recent Cyber Security News Droppers install more viruses on computer systems. and Prosecutions Lax cyber security carries some Selective infectors spread malware to other computer equipment via a USB serious consequences. connection or removable storage. Small downloaders contact the hackers’ servers after 180 days, in a presumed attempt to allow hackers to regain control of machines that detected and/or removed their malware.
    [Show full text]
  • A Survey of Stealth Malware Attacks, Mitigation Measures, and Steps Toward Autonomous Open World Solutions Ethan M
    PRE-PRINT OF MANUSCRIPT ACCEPTED TO IEEE COMMUNICATION SURVEYS & TUTORIALS 1 A Survey of Stealth Malware Attacks, Mitigation Measures, and Steps Toward Autonomous Open World Solutions Ethan M. Rudd, Andras Rozsa, Manuel Günther, and Terrance E. Boult Abstract—As our professional, social, and financial existences components pose particularly difficult challenges. The ease or become increasingly digitized and as our government, healthcare, difficulty of repairative measures is irrelevant if the malware and military infrastructures rely more on computer technologies, can evade detection in the first place. they present larger and more lucrative targets for malware. Stealth malware in particular poses an increased threat because it While some authors refer to all stealth malwares as rootkits, is specifically designed to evade detection mechanisms, spreading the term rootkit properly refers to the modules that redi- dormant, in the wild for extended periods of time, gathering rect code execution and subvert expected operating system sensitive information or positioning itself for a high-impact zero- functionalities for the purpose of maintaining stealth. With day attack. Policing the growing attack surface requires the respect to this usage of the term, rootkits deviate from other development of efficient anti-malware solutions with improved generalization to detect novel types of malware and resolve these stealth features such as elaborate code mutation engines that occurrences with as little burden on human experts as possible. aim to change the appearance of malicious code so as to In this paper, we survey malicious stealth technologies as evade signature detection without changing the underlying well as existing solutions for detecting and categorizing these functionality.
    [Show full text]