DOCSLIB.ORG

CERT-MU E-Security Newsletter

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
CERT-MU E-Security Newsletter CERT-MU Quarterly | July 2012 CERTCERT--MUMU ee--SecuritySecurity NewsletterNewsletter Addressing the Need of Information Security for Intelligent Mauritius Volume 2|Issue 2|July 2012 A New Era of Cyber Warfare with Flame Transition of IPv4 to IPv6 Raises New Security Challenges ERT-MU has been affiliated to the Forum of Incident Response and Security Teams C Cyber Security Events 2012 (FIRST) at the beginning of May 2012. FIRST is the premier organization and recognized global leader in Information Security incident response and brings to- News Focus gether more than 200 computer security incident re- sponse teams from government, commercial, and educa- CERT-MU Events tional organizations from Europe, Africa, America and other countries. This affiliation will enable CERT-MU Guidelines to respond more effectively to security incidents. Information Security Tips Dear Readers, Today’s enterprise and global critical infrastructure is more vulnerable than ever due to the changing threat landscape. The typical cy- bercriminal is no longer defacing a website from a personal computer for fun and notoriety. They have more to steal. Organisations have become a rich target as more valuable information is being stored on network accessible devices and services every day. Histori- cally, enterprises have focused on securing sensitive customer data such as consumer credit card information, but now other information such as details of critical infrastructure and other records are targeted as well. This has been confirmed with the discovery of sophisti- cated cyber-attacks such as Flame, Stuxnet and Duqu. In these circumstances, our duty is to protect our critical infrastructure and valua- ble information from being attacked. One way of doing it is by educating people and making them aware of the latest threats. The third edition of CERT-MU e-security newsletter will not only help you to understand the specifics of information security and trends but also keep you up-to-date with latest information security issues, statistics, tips and events. We trust that you will find the articles interesting and enjoy reading. The e-Security Newsletter Team CERT-MU e-Security Newsletter | Volume 2 |Issue 2 | July 2012 1 CERT-MU Quarterly | July 2012 A New Era of Cyber Warfare with Flame The virus known as ‘Flame’ is the third major cyber weapon un- Flame has also the ability to replicate through local networks. It covered after the Stuxnet virus that attacked Iran’s nuclear pro- exploits printer vulnerability – (Vulnerability in Print Spooler gram in 2010 and Duqu in 2011. Flame came to light following Service Could Allow Remote Code Execution – MS10-061). This an investigation prompted by the UN’s International Telecommu- vulnerability was also exploited by Stuxnet by using a special nication Union (ITU) about a malware that was deleting sensitive Microsoft Operations Framework (MOF) file, executed on the information across the Middle East. While searching for that attacked system using Windows Management Instrumentation code, nicknamed as “Wiper”, Kaspersky Lab discovered the mal- and secondly via remote jobs tasks. ware Worm Win.32.Flame. Flame is a sophisticated attack toolkit and is a backdoor, a Trojan, and has worm-like features. This al- lows it to replicate in a local network and on removable media. The malware targets Windows computers and once the system is infected, it begins a complex set of operations. This includes sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, amongst others. The data captured is then made available to the operators through the link to the Flame’s command-and-control servers. Later, the oper- ators can choose to upload further modules, which expand Flame’s functionality. About 20 modules have been detected in Flame. Flame appears to have two modules designed for infecting USB sticks, called “Autorun Infector” and “Euphoria”. However, secu- rity experts have not detected them in action yet. This is because Flame appears to be disabled in the configuration data. But, the ability to infect USB sticks is present in the code. Two methods are used and they are as follows: 1. Autorun Infector: the “Autorun.inf” method from early Stux- net, using the “shell32.dll” “trick”. This method was only When Flame is executed by a user who has administrative rights used in Stuxnet and was not detected in any other malware. to the domain controller, it is also able to attack other machines in 2. Euphoria: spread on media using a “junction point” directory the network: it creates backdoor user accounts with a pre-defined that contains malware modules and an LNK file that trigger password that is then used to copy itself to these machines. the infection when this directory is opened. CERT-MU e-Security Newsletter | Volume 2 |Issue 2 | July 2012 2 CERT-MU Quarterly | July 2012 The Complexity of Flame mation on the operations of certain nation states in the Middle East, The virus contains about 20 times as much code as Stuxnet, which including Iran, Lebanon, Syria, Israel and others. attacked an Iranian uranium enrichment facility, causing centrifug- es to fail. It has about 100 times as much code as a typical virus The Self-Destruction of Flame designed to steal financial information, as per Kaspersky Labs. Several weeks after the detection of Flame, the malware has been Due to this complexity, it is very difficult to analyse Flame. The ordered to self-destruct. Flame has a built-in feature called SUI- malware is very big because it consists of several libraries such as CIDE that can be used to uninstall the malware from infected com- ‘zlib’, ‘libbz2’, ‘ppmd’ for compression and sqlite3 for database puters. However, late last week, Flame's creators decided to distrib- manipulation and Lua vitual machine. Lua is a scripting ute a different self-removal module to infected computers that con- (programming) language, which can very easily be extended and nected to servers still under their control, Symantec’s security re- interfaced with C code. Many parts of Flame have high order logic sponse team. According to Security firm, Symantec, its command- written in Lua - with effective attack subroutines and libraries com- and-control (C&C) servers had sent an updated directive to the piled from C++. In addition, there are internally used local data- virus, which it termed “Flamer,” designed to remove it from com- bases with nested SQL queries, multiple methods of encryption, promised computers. The commands leave no traces of the Flame various compression algorithms, usage of Windows Management infection behind. Therefore, any client receiving this file would Instrumentation scripting, batch scripting and more. have had all traces of Flame removed. How to remove Flame from infected computers International Telecommunications Union (ITU) –International Multilateral Partnership Against Cyber Threat (IMPACT) and Kaspersky Labs have developed a special edition tool to eradicate all espionage related malwares from affected systems. The tool is the Kaspersky Virus Removal Tool Special ITU Edition, which is a customised tool that removes detrimental malwares such as Flame, Stuxnet, Duqu and all other known malicious programs. The tool can be downloaded from CERT-MU website: www.cert- mu.gov.mu from security tools section. The Virus Removal Tool is aimed at curing infected computers (running under the Microsoft Windows) of malicious programs including the Flame virus. The application does not require installation and the steps below can be performed to scan computer for viruses: Start the application from any device, for example, a remova- ble drive When the application starts, a window with the License Agree- ment is displayed You must agree with the License Agreement and then click on According to cryptographic experts, Flame is the first malicious the Start button to open the main application program to use an obscure cryptographic technique known as “prefix collision attack”. This allowed the virus to fake digital cre- In the left part of the window, select on Automatic Scan tab dentials that had helped it to spread. The exact method of carrying and click the Start Scanning button out such an attack was only demonstrated in 2008 and the creators If the tool detects a threat that is currently active in the system of Flame came up with their own variant. Security experts have (for example, a malicious process in RAM or in startup ob- added that the design of this new variant required world-class jects), a notification pops up to carry out the disinfection pro- cryptanalysis. Moreover, running and debugging the malware is also not trivial as it is not a conventional executable application, cedure. but several DLL files that are loaded on system boot. Attacks on Mobile Devices The purpose of Flame According to new statistics from Symantec, the number of The discovery of complex cyber-attacks is not new. In 2010, there malicious cyber attacks have increased to 81% in 2011 was Stuxnet, a software virus that disrupted the operation of centri- fuges at nuclear facilities in Iran. In 2011, Duqu was discovered, a Mobile vulnerabilities have increased by 93% in 2011 and computer worm that was built on much of the same code as Stux- there has been a rise in threats that targeted Android de- net, but which concentrated on espionage rather than sabotage, vices. extracting data out of computers that it infected. Flame has been compared to Duqu since both appeared to target similar geograph-
Load more

Recommended publications
  • Recent Developments in Cybersecurity Melanie J
    American University Business Law Review Volume 2 | Issue 2 Article 1 2013 Fiddling on the Roof: Recent Developments in Cybersecurity Melanie J. Teplinsky Follow this and additional works at: http://digitalcommons.wcl.american.edu/aublr Part of the Law Commons Recommended Citation Teplinsky, Melanie J. "Fiddling on the Roof: Recent Developments in Cybersecurity." American University Business Law Review 2, no. 2 (2013): 225-322. This Article is brought to you for free and open access by the Washington College of Law Journals & Law Reviews at Digital Commons @ American University Washington College of Law. It has been accepted for inclusion in American University Business Law Review by an authorized administrator of Digital Commons @ American University Washington College of Law. For more information, please contact fbrown@wcl.american.edu. ARTICLES FIDDLING ON THE ROOF: RECENT DEVELOPMENTS IN CYBERSECURITY MELANIE J. TEPLINSKY* TABLE OF CONTENTS Introduction .......................................... ..... 227 I. The Promise and Peril of Cyberspace .............. ........ 227 II. Self-Regulation and the Challenge of Critical Infrastructure ......... 232 III. The Changing Face of Cybersecurity: Technology Trends ............ 233 A. Mobile Technology ......................... 233 B. Cloud Computing ........................... ...... 237 C. Social Networking ................................. 241 IV. The Changing Face of Cybersecurity: Cyberthreat Trends ............ 244 A. Cybercrime ................................. ..... 249 1. Costs of Cybercrime
    [Show full text]
  • Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men
    Zerohack Zer0Pwn YourAnonNews Yevgeniy Anikin Yes Men YamaTough Xtreme x-Leader xenu xen0nymous www.oem.com.mx www.nytimes.com/pages/world/asia/index.html www.informador.com.mx www.futuregov.asia www.cronica.com.mx www.asiapacificsecuritymagazine.com Worm Wolfy Withdrawal* WillyFoReal Wikileaks IRC 88.80.16.13/9999 IRC Channel WikiLeaks WiiSpellWhy whitekidney Wells Fargo weed WallRoad w0rmware Vulnerability Vladislav Khorokhorin Visa Inc. Virus Virgin Islands "Viewpointe Archive Services, LLC" Versability Verizon Venezuela Vegas Vatican City USB US Trust US Bankcorp Uruguay Uran0n unusedcrayon United Kingdom UnicormCr3w unfittoprint unelected.org UndisclosedAnon Ukraine UGNazi ua_musti_1905 U.S. Bankcorp TYLER Turkey trosec113 Trojan Horse Trojan Trivette TriCk Tribalzer0 Transnistria transaction Traitor traffic court Tradecraft Trade Secrets "Total System Services, Inc." Topiary Top Secret Tom Stracener TibitXimer Thumb Drive Thomson Reuters TheWikiBoat thepeoplescause the_infecti0n The Unknowns The UnderTaker The Syrian electronic army The Jokerhack Thailand ThaCosmo th3j35t3r testeux1 TEST Telecomix TehWongZ Teddy Bigglesworth TeaMp0isoN TeamHav0k Team Ghost Shell Team Digi7al tdl4 taxes TARP tango down Tampa Tammy Shapiro Taiwan Tabu T0x1c t0wN T.A.R.P. Syrian Electronic Army syndiv Symantec Corporation Switzerland Swingers Club SWIFT Sweden Swan SwaggSec Swagg Security "SunGard Data Systems, Inc." Stuxnet Stringer Streamroller Stole* Sterlok SteelAnne st0rm SQLi Spyware Spying Spydevilz Spy Camera Sposed Spook Spoofing Splendide
    [Show full text]
  • Defending Against Increasingly Sophisticated Cyber Attacks HP Tippingpoint Bolsters Enterprise Data Center Protection
    50 Years of Growth, Innovation and Leadership Defending Against Increasingly Sophisticated Cyber Attacks HP TippingPoint Bolsters Enterprise Data Center Protection A Frost & Sullivan White Paper Chris Rodriguez Senior Industry Analyst www.frost.com Frost & Sullivan The Evolving Enterprise Security Threat............................................................................. 3 Driving Trends ....................................................................................................................... 3 Key Challenges ..................................................................................................................... 4 Recent High-Profile Security Breaches ............................................................................... 5 Protecting Enterprise Physical and Virtual Data Centers.................................................. 6 Meeting Critical Enterprise Needs ...................................................................................... 6 Optimizing for a Virtualized Environment .......................................................................... 8 Weighing Vendor Solutions ................................................................................................... 8 Why HP? ................................................................................................................................. 9 HP DVLabs’ Cutting Edge Research .................................................................................... 9 Benefits of HP’s NGIPS Technology ...................................................................................
    [Show full text]
  • Ng AMERICAN UNIVERSITY BLR BUSINESS LAW REVIEW - VOLUME 2* 2013 * ISSUE 2
    Ng AMERICAN UNIVERSITY BLR BUSINESS LAW REVIEW - VOLUME 2* 2013 * ISSUE 2 ARTICLES FIDDLING ON THE ROOF: RECENT DEVELOPMENTS IN CYBERSECURITY ............ ........ MELANIE J. TEPLINSKY RELIANCE ON EXPERTS FROM A CORPORATE LAw PERSPECTIVE. ....... ALEXANDROS N. RoKs COMMENTS PETITIONING FOR CASH: How DOMESTIC INDUSTRIES EXPLOIT ANTIDUMPING PROCEDURES AND ANTITRUST EXCEPTIONS TO FORCE THEIR FOREIGN COMPETITORS INTO LUCRATIVE SETTLEMENT AGREEMENTS ...... DANIEL FULLERTON IGNORING THE TECHNICALITY'S TEMPTATION: INTERPRETING THE CITIZENSHIP OF A FOREIGN OFFICIAL UNDER THE FOREIGN CORRUPT PRACTICES ACT................ ELIZABETH GRANT NOTE THE POLL-INTEL INDUSTRY: CONSIDERING THE COMMON LAW'S APPLICATION IN INSIDER TRADING UNDER THE STOCK ACT.................. ERNIE C. JOLLY AU AMERICAN UNIVERSITY BLR BUSINESS LAW REVIEW The AMERICAN UNIVERSITY BUSINESS LAW REVIEW is published twice a year (fall and spring academic semesters) by students of the Washington College of Law, American University, 4801 Massachusetts Avenue, N.W., Suite 615A, Washington, D.C. 20016. Manuscripts should be sent to the Executive Editor at the above listed address or electronically at blr-ee@wel.american.edu. The opinions expressed in articles herein are those of the signed authors and do not reflect the views of the Washington College of Law or the American University Business Law Review. All authors are requested and expected to disclose any economic or professional interests or affiliations that may have influenced positions taken or advocated in their articles, notes, comments, or other materials submitted. That such disclosures have been made is impliedly represented by each author. Subscription rate per year: $45.00 domestic, $50.00 foreign, $30.00 alumni, $20.00 single issue. Periodicals postage paid at Washington, D.C., and additional mailing offices.
    [Show full text]
  • Cyber-Threats and Financial Institutions: Assume All Networks Are Infected...Is This the New Normal?
    Cyber-Threats and Financial Institutions: Assume all networks are infected...Is this the new normal? October 2012 Sponsored by: Cyber-Threats and Financial Institutions WHITE PAPER Cyber-Threats and Financial Institutions: Assume all networks are infected...Is this the new normal? Executive Summary Financial Institutions, an already highly targeted industry by cyber criminals, should only expect the number and sophistication of malicious attacks to grow. The adoption of Internet-based commerce systems, while convenient for customers and nancially bene cial for some institutions, provides crimi- nals with more opportunities to steal both money and information. Cyber- thieves continue to introduce highly sophisticated malware strains to take ad- vantage of vulnerabilities. Bank customers infected with the strains --which frequently go undetected by anti-virus so ware – expose nancial institu- tions to computer network contamination. As a result, the recent consensus among banks has been to assume that all customer PCs are infected. Introduction Since America’s rst bank robbery in Philadelphia in 1798, nancial insti- tutions have been a favorite target of criminals. Some of the nation’s most recognizable crooks such as Butch Cassidy, John Dillinger and Jesse James attained notoriety by robbing banks. In the 21st century, technology has changed the game. According to Professor Udo Helmbrecht, the Execu- tive Director of the European Network and Information Security Agency (ENISA),“the old adage, ‘criminals go where the money is’, today means that ‘bank robbers go online.’”1 Many criminals now operate in anonymity from miles, or even oceans, away from their targets. These capable cyber- criminals are implementing increasingly sophisticated attacks, hitting many more targets and impacting many more people.
    [Show full text]
  • CERIAS Tech Report 2014-3 US Bank of Cyber
    CERIAS Tech Report 2014-3 U.S. Bank of Cyber: An analysis of Cyber Attacks on the U.S. Financial System by Crimmins, Falk, Fowler, Gravel, Kouremetis, Poremski, Sitarz, Sturgeon, Zhang Center for Education and Research Information Assurance and Security Purdue University, West Lafayette, IN 47907-2086 U.S. Bank of Cyber An analysis of Cyber Attacks on the U.S. Financial System Under the Direction of Dr. Sam Liles Written by: (In Alphabetical Order) Danielle Crimmins Courtney Falk Susan Fowler Caitlin Gravel Michael Kouremetis Erin Poremski Rachel Sitarz Nick Sturgeon CNIT 58100 Spring 2014 Yulong Zhang Executive Summary The following paper looks at past cyber attacks on the United States fi nancial industry for analysis on attack patterns by individuals, groups, and nationstates to determine if the industry really is under attack. The paper fi rst defi nes the terms used, then explains the theory and paradigm of cyber attacks on the U.S. fi nancial industry. Following is a graphical and detailed timeline of known cyber attacks on the U.S. fi nancial industry reaching from 1970 through 2014. Four attack cases are chosen to be researched in summary and four attack cases are chosen to be researched in depth. These cases include: Kalinin & Nasenkov, Mt. Gox, Stock Market Manipulation Scheme, Project Blitzkrieg, Union Dime Savings Bank Embezzlement, National Bank of Chicago Wire Heist, and an attempted Citibank Heist. An analysis then explores attack origination from individuals, groups, and/or nation states as well as type of attacks and any patterns seen. After gathering attacks and creation of a timeline, a taxonomy of attacks is then created from the analysis of attack data.
    [Show full text]
  • Dissecting Operation High Roller
    White Paper Dissecting Operation High Roller Dave Marcus, Director of Advanced Research and Threat Intelligence, McAfee Ryan Sherstobitoff, Threat Researcher, Guardian Analytics How the high-tech mantra of “automation and innovation” helps a multi-tiered global fraud ring target high net worth businesses and individuals. Building on established Zeus and SpyEye tactics, this ring adds many breakthroughs: bypasses for physical multi-factor authentication, automated mule account databases, server-based fraudulent transactions, and attempted transfers to mule business accounts as high as €100,000 ($130,000 USD). Where Europe has been the primary target for this and other financial fraud rings in the past, our research found the thefts spreading outside Europe, including the United States and Colombia. Table of Contents Executive Summary 3 A Timeline in Case Studies 4 Glossary of Terms 4 An Automated Attack In Italy 4 Campaign Appears in Germany 5 Fraudsters Hit Netherlands Banking Hard 5 Expansion to Latin America 6 Fraudsters in the Netherlands Also Active in the United States 7 New Heights In Heists: What’s New Compared To SpyEye and Zeus? 8 Extensive Automation 8 Server-side Automation 8 Rich targets 8 Automated Bypass of Two-Factor Physical Authentication 9 Techniques against Standard Security Software 9 Techniques to Avoid Fraud Detection 10 Techniques to Hide Evidence 10 Three Attack Strategies 10 Strategy 1: Automated Consumer Attacks 10 Strategy 2: Automated Server-based Attacks 12 Strategy 3: Hybrid Automated/Manual Attacks 14 Against Marquee Business Accounts Recovery and Remediation Efforts 14 Lessons Learned 15 Appendix 17 About the Authors 19 About McAfee 19 About Guardian Analytics 19 2 Dissecting Operation High Roller Executive Summary McAfee and Guardian Analytics have uncovered a highly sophisticated, global financial services fraud campaign that has reached the American banking system.
    [Show full text]
  • Mcafee Threats Report: Fourth Quarter 2012
    Report McAfee Threats Report: Fourth Quarter 2012 By McAfee Labs Table of Contents Operation High Roller Expands 4 Project Blitzkrieg 4 Mobile Threats 4 Spyware 5 Mobile Exploits 6 Mobile Backdoors 6 General Malware Threats 6 Ransomware 12 Network Threats 13 Database Security 15 Web Threats 17 Phishing 20 Messaging Threats 20 Spam volume 21 Botnet breakdowns 23 New botnet senders 24 Messaging botnet prevalence 26 Drug spam remains strong 27 Cybercrime 28 Crimeware tools 33 Actions against Cybercriminals 34 Hacktivism 35 Cyberextremism: Terrorism and the Internet 36 About the Authors 37 About McAfee Labs 37 About McAfee 37 2 McAfee Threats Report: Fourth Quarter 2012 As McAfee Labs analyzed threats during the fourth quarter of 2012, we saw a number of familiar trends: terrifically rapid growth in mobile malware and a steady increase in general malware, including fake antivirus and signed malware. Spam rose at first but then returned to the level that it began the quarter. New botnet infections followed a similar path, with growth in October that eventually cooled, resulting in an end point that was lower than the prior quarter’s. Narrowly targeted attacks continue. Our on-going analysis of Operation High Roller and Project Blitzkrieg shows that cybercriminals can be patient when playing for high stakes. Our count of mobile malware samples has surpassed 36,000, with almost all of it aimed at the Android OS and having arrived in the past year. Spyware, exploits, and backdoor Trojans highlighted this quarter’s assaults on mobile phones. Our analysis of web threats found that the number of new suspicious URLs increased by 70 percent this quarter.
    [Show full text]
  • Israel Edition July 2018
    The Observatory© Israel Edition July 2018 S O www.cyberstartupobservatory.com Meet the participating companies: Gold SC Silver Cyber Of Things Bronze The Observatory© Nir Chervoni Gary Hayslip Credorax Group Webroot Anyck Turgeon IBM Dr. Mansur Hasib Glauco Sampaio Cybersecurity Leader Banco Original Hall of Fame Q2 & Q3 2018 The purpose of the Cybersecurity Startup Observatory is to collaborate to build a safer society and to help solve important problems leveraging cybersecurity innovation. Find out more and tell us what matters to you by visiting us at: www.cyberstartupobservatory.com This publication has been prepared for general guidance on matters of interest only and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, Smartrev Analytics Consultants SLU, its members and employees do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. In this document, “Cyber Startup Observatory” and “Smartrev Cybersec” refer to trademarks belonging to Smartrev Analytics Consultants SLU. The information provided by the participating startups and companies belongs to them. They remain the sole and exclusive owner of any information provided to Smartev including without limitation, with respect to any intellectual property rights, copyrights and trademarks. Smartrev Analytics Consultants SLU have received explicit written permission to publish all the information included in this report.
    [Show full text]
  • State Department News Clips
    United States Department of State Washington, D. C. 20520 October 10, 2018 Case No.: F-201 8-00529, F-2018-00827, F-2018-01063, & F-201 8-01467 Michael Bekesha, Esq. Judicial Watch, Inc. 425 Third Street, S.W., Suite 800 Washington, D.C. 20024 Dear Mr. Bekesha: I refer you to our letter dated September 12, 2018, regarding the review of certain Department of State material under the Freedom oflnformation Act (the "FOIA"), 5 U.S.C. § 552. The review of potentially responsive records is ongoing and has resulted in the retrieval of nine documents responsive to your request. After reviewing these documents, we have determined that seven may be released in full and two may be released in part. All released material is enclosed. Where a document has been released to you in part, all non-exempt material that is reasonably segregable from the exempt material has been released. Where we have made excisions, the applicable exemptions are marked on the document. An enclosure provides information on FOIA exemptions and other grounds for withholding material. We will keep you advised as your case progresses. If you have any questions, you may contact Trial Attorney Damon William Taaffe at (202) 252-2544 or damon.taaffe@usdoj. gov. Please refer to the case numbers cited above and the civil action number, l 8-cv-968, in all correspondence regarding this case. c~Sincerely, eeunan~ Chief, Programs and Polici 1v1s10n Office of Information Programs and Services Enclosures: As stated The Freedom of Information Act (5 USC 552) FOIA Exemptions (b)(1) Information specifically authorized by an executive order to be kept secret in the interest of national defense or foreign policy.
    [Show full text]
  • Technical Report RHUL–ISG–2021–2 10 March 2021
    Protecting Personal Investors on UK Investment Platforms from Cyber Threats Gerard Phillips Technical Report RHUL–ISG–2021–2 10 March 2021 Information Security Group Royal Holloway University of London Egham, Surrey, TW20 0EX United Kingdom Student Number: 100937313 Gerard Phillips Protecting Personal Investors on UK Investment Platforms from Cyber Threats Supervisor: Geraint Price Submitted as part of the requirements for the award of the MSc in Information Security at Royal Holloway, University of London. I declare that this assignment is all my own work and that I have acknowledged all quotations from published or unpublished work of other people. I also declare that I have read the statements on plagiarism in Section 1 of the Regulations Governing Examination and Assessment Offences, and in accordance with these regulations I submit this project report as my own work. Signature: Date: 23 August 2020 Page 1 of 153 Table of Contents TABLE OF CONTENTS ......................................................................................................................... 2 LIST OF FIGURES ............................................................................................................................... 4 LIST OF TABLES ................................................................................................................................. 4 GLOSSARY ........................................................................................................................................ 5 EXECUTIVE SUMMARY .....................................................................................................................
    [Show full text]
  • Internet Infrastructure Review Vol.18 -Infrastructure Security
    1. Infrastructure Security Tor Technology In this report we discuss the Tor system used for anonymous communications, look at the Citadel variant of the ZeuS malware that was used to attack users of Japanese fi nancial institutions in the latter half of last year, and examine a spate of issues affecting protocols and implementations that use cryptographic technology. Infrastructure Security 1.1 Introduction This report summarizes incidents to which IIJ responded, based on general information obtained by IIJ itself related to the stable operation of the Internet, information from observations of incidents, information acquired through our services, and information obtained from companies and organizations with which IIJ has cooperative relationships. This volume covers the period of time from October 1 through December 31, 2012. In this period a number of hacktivism-based attacks were once again carried out by Anonymous, and a series of targeted attacks on companies and government-related institutions were discovered. There have also been widespread domain hijackings and alterations on a national scale due to attacks on a number of organizations involved with country-code Top-level Domains (ccTLDs). In Japan, the “Remote Control Virus” and a series of incidents related to it became big news. Malware infections at government-related institutions in Japan are also continuing. As seen above, the Internet continues to experience many security-related incidents. 1.2 Incident Summary Here, we discuss the IIJ handling and response to incidents that occurred between October 1 and December 31, 2012. Figure 1 shows the distribution of incidents handled during this period*1. Other 29.5% Vulnerabilities 29.9% I The Activities of Anonymous and Other Hacktivists Attacks by hacktivists such as Anonymous continued during this period.
    [Show full text]